forked from php/web-php
-
Notifications
You must be signed in to change notification settings - Fork 1
/
ChangeLog-7.php
8330 lines (8138 loc) · 348 KB
/
ChangeLog-7.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?php
$_SERVER['BASE_PAGE'] = 'ChangeLog-7.php';
include_once __DIR__ . '/include/prepend.inc';
include_once __DIR__ . '/include/changelogs.inc';
site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("changelog.css"), "layout_span" => 12));
?>
<h1>PHP 7 ChangeLog</h1>
<a href="#PHP_7_4">7.4</a> |
<a href="#PHP_7_3">7.3</a> | <a href="#PHP_7_2">7.2</a> |
<a href="#PHP_7_1">7.1</a> | <a href="#PHP_7_0">7.0</a>
<a name="PHP_7_4"></a>
<section class="version" id="7.4.1"><!-- {{{ 7.4.1 -->
<h3>Version 7.4.1</h3>
<b><?php release_date('18-Dec-2019'); ?></b>
<ul><li>Bcmath:
<ul>
<li><?php bugfix(78878); ?> (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).</li>
</ul></li>
<li>Core:
<ul>
<li><?php bugfix(78862); ?> (link() silently truncates after a null byte on Windows). (CVE-2019-11044).</li>
<li><?php bugfix(78863); ?> (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045).</li>
<li><?php bugfix(78943); ?> (mail() may release string with refcount==1 twice). (CVE-2019-11049).</li>
<li><?php bugfix(78810); ?> (RW fetches do not throw "uninitialized property" exception).</li>
<li><?php bugfix(78868); ?> (Calling __autoload() with incorrect EG(fake_scope) value).</li>
<li><?php bugfix(78296); ?> (is_file fails to detect file).</li>
<li><?php bugfix(78883); ?> (fgets(STDIN) fails on Windows).</li>
<li><?php bugfix(78898); ?> (call_user_func(['parent', ...]) fails while other succeed).</li>
<li><?php bugfix(78904); ?> (Uninitialized property triggers __get()).</li>
<li><?php bugfix(78926); ?> (Segmentation fault on Symfony cache:clear).</li>
</ul></li>
<li>GD:
<ul>
<li><?php bugfix(78849); ?> (GD build broken with -D SIGNED_COMPARE_SLOW).</li>
<li><?php bugfix(78923); ?> (Artifacts when convoluting image with transparency).</li>
</ul></li>
<li>EXIF:
<ul>
<li><?php bugfix(78793); ?> (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050).</li>
<li><?php bugfix(78910); ?> (Heap-buffer-overflow READ in exif). (CVE-2019-11047).</li>
</ul></li>
<li>FPM:
<ul>
<li><?php bugfix(76601); ?> (Partially working php-fpm ater incomplete reload).</li>
<li><?php bugfix(78889); ?> (php-fpm service fails to start).</li>
<li><?php bugfix(78916); ?> (php-fpm 7.4.0 don't send mail via mail()).</li>
</ul></li>
<li>Intl:
<ul>
<li>Implemented FR <?php bugl(78912); ?> (INTL Support for accounting format).</li>
</ul></li>
<li>Mysqlnd:
<ul>
<li><?php bugfix(78823); ?> (ZLIB_LIBS not added to EXTRA_LIBS).</li>
</ul></li>
<li>OPcache:
<ul>
<li>Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).</li>
<li><?php bugfix(78935); ?> (Preloading removes classes that have dependencies).</li>
</ul></li>
<li>PCRE:
<ul>
<li><?php bugfix(78853); ?> (preg_match() may return integer > 1).</li>
</ul></li>
<li>Reflection:
<ul>
<li><?php bugfix(78895); ?> (Reflection detects abstract non-static class as abstract static. IS_IMPLICIT_ABSTRACT is not longer used).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(77638); ?> (var_export'ing certain class instances segfaults).</li>
<li><?php bugfix(78840); ?> (imploding $GLOBALS crashes).</li>
<li><?php bugfix(78833); ?> (Integer overflow in pack causes out-of-bound access).</li>
<li><?php bugfix(78814); ?> (strip_tags allows / in tag name => whitelist bypass).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.0"><!-- {{{ 7.4.0 -->
<h3>Version 7.4.0</h3>
<b><?php release_date('28-Nov-2019'); ?></b>
<ul>
<li>Core:
<ul>
<li>Implemented RFC: <a href="https://wiki.php.net/rfc/deprecate_curly_braces_array_access">Deprecate curly brace syntax for accessing array elements and string offsets</a>.</li>
<li>Implemented RFC: <a href="https://wiki.php.net/rfc/deprecations_php_7_4">Deprecations for PHP 7.4</a>.</li>
<li><?php bugfix(52752); ?> (Crash when lexing).</li>
<li><?php bugfix(60677); ?> (CGI doesn't properly validate shebang line contains #!).</li>
<li><?php bugfix(71030); ?> (Self-assignment in list() may have inconsistent behavior).</li>
<li><?php bugfix(72530); ?> (Use After Free in GC with Certain Destructors).</li>
<li><?php bugfix(75921); ?> (Inconsistent: No warning in some cases when stdObj is created on the fly).</li>
<li>Implemented FR <?php bugl(76148); ?> (Add array_key_exists() to the list of specially compiled functions).</li>
<li><?php bugfix(76430); ?> (__METHOD__ inconsistent outside of method).</li>
<li><?php bugfix(76451); ?> (Aliases during inheritance type checks affected by opcache).</li>
<li>Implemented FR <?php bugl(77230); ?> (Support custom CFLAGS and LDFLAGS from environment).</li>
<li><?php bugfix(77345); ?> (Stack Overflow caused by circular reference in garbage collection).</li>
<li><?php bugfix(77812); ?> (Interactive mode does not support PHP 7.3-style heredoc).</li>
<li><?php bugfix(77877); ?> (call_user_func() passes $this to static methods).</li>
<li><?php bugfix(78066); ?> (PHP eats the first byte of a program that comes from process substitution).</li>
<li><?php bugfix(78151); ?> (Segfault caused by indirect expressions in PHP 7.4a1).</li>
<li><?php bugfix(78154); ?> (SEND_VAR_NO_REF does not always send reference).</li>
<li><?php bugfix(78182); ?> (Segmentation fault during by-reference property assignment).</li>
<li><?php bugfix(78212); ?> (Segfault in built-in webserver).</li>
<li><?php bugfix(78220); ?> (Can't access OneDrive folder).</li>
<li><?php bugfix(78226); ?> (Unexpected __set behavior with typed properties).</li>
<li><?php bugfix(78239); ?> (Deprecation notice during string conversion converted to exception hangs).</li>
<li><?php bugfix(78335); ?> (Static properties/variables containing cycles report as leak).</li>
<li><?php bugfix(78340); ?> (Include of stream wrapper not reading whole file).</li>
<li><?php bugfix(78344); ?> (Segmentation fault on zend_check_protected).</li>
<li><?php bugfix(78356); ?> (Array returned from ArrayAccess is incorrectly unpacked as argument).</li>
<li><?php bugfix(78379); ?> (Cast to object confuses GC, causes crash).</li>
<li><?php bugfix(78386); ?> (fstat mode has unexpected value on PHP 7.4).</li>
<li><?php bugfix(78396); ?> (Second file_put_contents in Shutdown hangs script).</li>
<li><?php bugfix(78406); ?> (Broken file includes with user-defined stream filters).</li>
<li><?php bugfix(78438); ?> (Corruption when __unserializing deeply nested structures).</li>
<li><?php bugfix(78441); ?> (Parse error due to heredoc identifier followed by digit).</li>
<li><?php bugfix(78454); ?> (Consecutive numeric separators cause OOM error).</li>
<li><?php bugfix(78460); ?> (PEAR installation failure).</li>
<li><?php bugfix(78531); ?> (Crash when using undefined variable as object).</li>
<li><?php bugfix(78535); ?> (auto_detect_line_endings value not parsed as bool).</li>
<li><?php bugfix(78604); ?> (token_get_all() does not properly tokenize FOO<?php with short_open_tag=0).</li>
<li><?php bugfix(78614); ?> (Does not compile with DTRACE anymore).</li>
<li><?php bugfix(78620); ?> (Out of memory error).</li>
<li><?php bugfix(78632); ?> (method_exists() in php74 works differently from php73 in checking priv. methods).</li>
<li><?php bugfix(78644); ?> (SEGFAULT in ZEND_UNSET_OBJ_SPEC_VAR_CONST_HANDLER).</li>
<li><?php bugfix(78658); ?> (Memory corruption using Closure::bindTo).</li>
<li><?php bugfix(78656); ?> (Parse errors classified as highest log-level).</li>
<li><?php bugfix(78662); ?> (stream_write bad error detection).</li>
<li><?php bugfix(78768); ?> (redefinition of typedef zend_property_info).</li>
<li><?php bugfix(78788); ?> (./configure generates invalid php_version.h).</li>
<li>Fixed incorrect usage of QM_ASSIGN instruction. It must not return IS_VAR. As a side effect, this allowed passing left hand list() "by reference", instead of compile-time error.</li>
</ul>
<li>CLI:
<ul>
<li>The built-in CLI server now reports the request method in log files.</li>
</ul>
<li>COM:
<ul>
<li>Deprecated registering of case-insensitive constants from typelibs.</li>
<li><?php bugfix(78650); ?> (new COM Crash).</li>
<li><?php bugfix(78694); ?> (Appending to a variant array causes segfault).</li>
</ul>
<li>CURL:
<ul>
<li><?php bugfix(76480); ?> (Use curl_multi_wait() so that timeouts are respected).</li>
<li>Implemented FR <?php bugl(77711); ?> (CURLFile should support UNICODE filenames).</li>
<li>Deprecated CURLPIPE_HTTP1.</li>
<li>Deprecated $version parameter of curl_version().</li>
</ul>
<li>Date:
<ul>
<li>Updated timelib to 2018.02.</li>
<li><?php bugfix(69044); ?> (discrepency between time and microtime).</li>
<li><?php bugfix(70153); ?> (\DateInterval incorrectly unserialized).</li>
<li><?php bugfix(75232); ?> (print_r of DateTime creating side-effect).</li>
<li><?php bugfix(78383); ?> (Casting a DateTime to array no longer returns its properties).</li>
<li><?php bugfix(78751); ?> (Serialising DatePeriod converts DateTimeImmutable).</li>
</ul>
<li>Exif:
<ul>
<li><?php bugfix(78333); ?> (Exif crash (bus error) due to wrong alignment and invalid cast).</li>
<li><?php bugfix(78256); ?> (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)</li>
<li><?php bugfix(78222); ?> (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)</li>
</ul>
<li>Fileinfo:
<ul>
<li><?php bugfix(78075); ?> (finfo_file treats JSON file as text/plain).</li>
<li><?php bugfix(78183); ?> (finfo_file shows wrong mime-type for .tga file).</li>
</ul>
<li>Filter:
<ul>
<li>The filter extension no longer has the --with-pcre-dir on Unix builds, allowing the extension to be once more compiled as shared using ./configure.</li>
<li>Added min_range and max_range options for FILTER_VALIDATE_FLOAT.</li>
</ul>
<li>FFI:
<ul>
<li>Added FFI extension.</li>
<li><?php bugfix(78488); ?> (OOB in ZEND_FUNCTION(ffi_trampoline)).</li>
<li><?php bugfix(78543); ?> (is_callable() on FFI\CData throws Exception).</li>
<li><?php bugfix(78716); ?> (Function name mangling is wrong for some parameter types).</li>
<li><?php bugfix(78762); ?> (Failing FFI::cast() may leak memory).</li>
<li><?php bugfix(78761); ?> (Zend memory heap corruption with preload and casting).</li>
<li>Implement FR <?php bugl(78270); ?> (Support __vectorcall convention with FFI).</li>
<li>Added missing FFI::isNull().</li>
</ul>
<li>FPM:
<ul>
<li>Implemented FR <?php bugl(72510); ?> (systemd service should be hardened).</li>
<li><?php bugfix(74083); ?> (master PHP-fpm is stopped on multiple reloads).</li>
<li><?php bugfix(78334); ?> (fpm log prefix message includes wrong stdout/stderr notation).</li>
<li><?php bugfix(78599); ?> (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)</li>
</ul>
<li>GD:
<ul>
<li>Implemented the scatter filter (IMG_FILTER_SCATTER).</li>
<li>The bundled libgd behaves now like system libgd wrt. IMG_CROP_DEFAULT never falling back to IMG_CROP_SIDES.</li>
<li>The default $mode parameter of imagecropauto() has been changed to IMG_CROP_DEFAULT; passing -1 is now deprecated.</li>
<li>Added support for aspect ratio preserving scaling to a fixed height for imagescale().</li>
<li>Added TGA read support.</li>
<li><?php bugfix(73291); ?> (imagecropauto() $threshold differs from external libgd).</li>
<li><?php bugfix(76324); ?> (cannot detect recent versions of freetype with pkg-config).</li>
<li><?php bugfix(78314); ?> (missing freetype support/functions with external gd).</li>
</ul>
<li>GMP:
<ul>
<li><?php bugfix(78574); ?> (broken shared build).</li>
</ul>
<li>Hash:
<ul>
<li>Implemented RFC: <a href="https://wiki.php.net/rfc/permanent_hash_ext">The hash extension is now an integral part of PHP and cannot be disabled</a>.</li>
<li>Implemented FR <?php bugl(71890); ?> (crc32c checksum algorithm).</li>
</ul>
<li>Iconv:
<ul>
<li><?php bugfix(78342); ?> (Bus error in configure test for iconv //IGNORE).</li>
<li><?php bugfix(78642); ?> (Wrong libiconv version displayed).</li>
</ul>
<li>Libxml:
<ul>
<li><?php bugfix(78279); ?> (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).</li>
</ul>
<li>InterBase:
<ul>
<li>Unbundled the InterBase extension and moved it to PECL.</li>
</ul>
<li>Intl:
<ul>
<li>Raised requirements to ICU ≥ 50.1.</li>
<li>Changed ResourceBundle to implement Countable.</li>
<li>Changed default of $variant parameter of idn_to_ascii() and idn_to_utf8().</li>
</ul>
<li>LDAP:
<ul>
<li>Deprecated ldap_control_paged_result_response and ldap_control_paged_result</li>
</ul>
<li>LiteSpeed:
<ul>
<li>Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown).</li>
<li>Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).</li>
<li><?php bugfix(76058); ?> (After "POST data can't be buffered", using php://input makes huge tmp files).</li>
</ul>
<li>MBString:
<ul>
<li><?php bugfix(77907); ?> (mb-functions do not respect default_encoding).</li>
<li><?php bugfix(78579); ?> (mb_decode_numericentity: args number inconsistency).</li>
<li><?php bugfix(78609); ?> (mb_check_encoding() no longer supports stringable objects).</li>
</ul>
<li>MySQLi:
<ul>
<li><?php bugfix(67348); ?> (Reading $dbc->stat modifies $dbc->affected_rows).</li>
<li><?php bugfix(76809); ?> (SSL settings aren't respected when persistent connections are used).</li>
<li><?php bugfix(78179); ?> (MariaDB server version incorrectly detected).</li>
<li><?php bugfix(78213); ?> (Empty row pocket).</li>
</ul>
<li>MySQLnd:
<ul>
<li>Fixed connect_attr issues and added the _server_host connection attribute.</li>
<li><?php bugfix(60594); ?> (mysqlnd exposes 160 lines of stats in phpinfo).</li>
</ul>
<li>ODBC:
<ul>
<li><?php bugfix(78473); ?> (odbc_close() closes arbitrary resources).</li>
</ul>
<li>Opcache:
<ul>
<li>Implemented <a href="https://wiki.php.net/rfc/preload">preloading RFC</a>.</li>
<li>Add opcache.preload_user INI directive.</li>
<li>Added new INI directive opcache.cache_id (Windows only).</li>
<li><?php bugfix(78106); ?> (Path resolution fails if opcache disabled during request).</li>
<li><?php bugfix(78175); ?> (Preloading segfaults at preload time and at runtime).</li>
<li><?php bugfix(78202); ?> (Opcache stats for cache hits are capped at 32bit NUM).</li>
<li><?php bugfix(78271); ?> (Invalid result of if-else).</li>
<li><?php bugfix(78341); ?> (Failure to detect smart branch in DFA pass).</li>
<li><?php bugfix(78376); ?> (Incorrect preloading of constant static properties).</li>
<li><?php bugfix(78429); ?> (opcache_compile_file(__FILE__); segfaults).</li>
<li><?php bugfix(78512); ?> (Cannot make preload work).</li>
<li><?php bugfix(78514); ?> (Preloading segfaults with inherited typed property).</li>
<li><?php bugfix(78654); ?> (Incorrectly computed opcache checksum on files with non-ascii characters).</li>
</ul>
<li>OpenSSL:
<ul>
<li>Added TLS 1.3 support to streams including new tlsv1.3 stream.</li>
<li>Added openssl_x509_verify function.</li>
<li>openssl_random_pseudo_bytes() now throws in error conditions.</li>
<li>Changed the default config path (Windows only).</li>
<li><?php bugfix(78231); ?> (Segmentation fault upon stream_socket_accept of exported socket-to-stream).</li>
<li><?php bugfix(78391); ?> (Assertion failure in openssl_random_pseudo_bytes).</li>
<li><?php bugfix(78775); ?> (TLS issues from HTTP request affecting other encrypted connections).</li>
</ul>
<li>Pcntl:
<ul>
<li><?php bugfix(77335); ?> (PHP is preventing SIGALRM from specifying SA_RESTART).</li>
</ul>
<li>PCRE:
<ul>
<li>Implemented FR <?php bugl(77094); ?> (Support flags in preg_replace_callback).</li>
<li><?php bugfix(72685); ?> (Repeated UTF-8 validation of same string in UTF-8 mode).</li>
<li><?php bugfix(73948); ?> (Preg_match_all should return NULLs on trailing optional capture groups).</li>
<li><?php bugfix(78338); ?> (Array cross-border reading in PCRE).</li>
<li><?php bugfix(78349); ?> (Bundled pcre2 library missing LICENCE file).</li>
</ul>
<li>PDO:
<ul>
<li>Implemented FR <?php bugl(71885); ?> (Allow escaping question mark placeholders). https://wiki.php.net/rfc/pdo_escape_placeholders</li>
<li><?php bugfix(77849); ?> (Disable cloning of PDO handle/connection objects).</li>
<li>Implemented FR <?php bugl(78033); ?> (PDO - support username and password specified in DSN).</li>
</ul>
<li>PDO_Firebird:
<ul>
<li>Implemented FR <?php bugl(65690); ?> (PDO_Firebird should also support dialect 1).</li>
<li>Implemented FR <?php bugl(77863); ?> (PDO firebird support type Boolean in input parameters).</li>
</ul>
<li>PDO_MySQL:
<ul>
<li><?php bugfix(41997); ?> (SP call yields additional empty result set).</li>
<li><?php bugfix(78623); ?> (Regression caused by "SP call yields additional empty result set").</li>
</ul>
<li>PDO_OCI:
<ul>
<li>Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.</li>
<li>Implemented FR <?php bugl(76908); ?> (PDO_OCI getColumnMeta() not implemented).</li>
</ul>
<li>PDO_SQLite:
<ul>
<li>Implemented sqlite_stmt_readonly in PDO_SQLite.</li>
<li>Raised requirements to SQLite 3.5.0.</li>
<li><?php bugfix(78192); ?> (SegFault when reuse statement after schema has changed).</li>
<li><?php bugfix(78348); ?> (Remove -lrt from pdo_sqlite.so).</li>
</ul>
<li>Phar:
<ul>
<li><?php bugfix(77919); ?> (Potential UAF in Phar RSHUTDOWN).</li>
</ul>
<li>phpdbg:
<ul>
<li><?php bugfix(76596); ?> (phpdbg support for display_errors=stderr).</li>
<li><?php bugfix(76801); ?> (too many open files).</li>
<li><?php bugfix(77800); ?> (phpdbg segfaults on listing some conditional breakpoints).</li>
<li><?php bugfix(77805); ?> (phpdbg build fails when readline is shared).</li>
</ul>
<li>Recode:
<ul>
<li>Unbundled the recode extension.</li>
</ul>
<li>Reflection:
<ul>
<li><?php bugfix(76737); ?> (Unserialized reflection objects are broken, they shouldn't be serializable).</li>
<li><?php bugfix(78263); ?> (\ReflectionReference::fromArrayElement() returns null while item is a reference).</li>
<li><?php bugfix(78410); ?> (Cannot "manually" unserialize class that is final and extends an internal one).</li>
<li><?php bugfix(78697); ?> (ReflectionClass::implementsInterface - inaccurate error message with traits).</li>
<li><?php bugfix(78774); ?> (ReflectionNamedType on Typed Properties Crash).</li>
</ul>
<li>Session:
<ul>
<li><?php bugfix(78624); ?> (session_gc return value for user defined session handlers).</li>
</ul>
<li>SimpleXML:
<ul>
<li>Implemented FR <?php bugl(65215); ?> (SimpleXMLElement could register as implementing Countable).</li>
<li><?php bugfix(75245); ?> (Don't set content of elements with only whitespaces).</li>
</ul>
<li>Sockets:
<ul>
<li><?php bugfix(67619); ?> (Validate length on socket_write).</li>
<li><?php bugfix(78665); ?> (Multicasting may leak memory).</li>
</ul>
<li>sodium:
<ul>
<li><?php bugfix(77646); ?> (sign_detached() strings not terminated).</li>
<li><?php bugfix(78510); ?> (Partially uninitialized buffer returned by sodium_crypto_generichash_init()).</li>
<li><?php bugfix(78516); ?> (password_hash(): Memory cost is not in allowed range).</li>
</ul>
<li>SPL:
<ul>
<li><?php bugfix(77518); ?> (SeekableIterator::seek() should accept 'int' typehint as documented).</li>
<li><?php bugfix(78409); ?> (Segfault when creating instance of ArrayIterator without constructor).</li>
<li><?php bugfix(78436); ?> (Missing addref in SplPriorityQueue EXTR_BOTH mode).</li>
<li><?php bugfix(78456); ?> (Segfault when serializing SplDoublyLinkedList).</li>
</ul>
<li>SQLite3:
<ul>
<li>Unbundled libsqlite.</li>
<li>Raised requirements to SQLite 3.7.4.</li>
<li>Forbid (un)serialization of SQLite3, SQLite3Stmt and SQLite3Result.</li>
<li>Added support for the SQLite @name notation.</li>
<li>Added SQLite3Stmt::getSQL() to retrieve the SQL of the statement.</li>
<li>Implement FR ##70950 (Make SQLite3 Online Backup API available).</li>
</ul>
<li>Standard:
<ul>
<li>Implemented RFC <a href="https://wiki.php.net/rfc/password_registry">password hashing registry</a>.</li>
<li>Implemented RFC where password_hash() has <a href="https://wiki.php.net/rfc/sodium.argon.hash">argon2i(d) implementations</a> from ext/sodium when PHP is built without libargon.</li>
<li>Implemented FR <?php bugl(38301); ?> (field enclosure behavior in fputcsv).</li>
<li>Implemented FR <?php bugl(51496); ?> (fgetcsv should take empty string as an escape).</li>
<li><?php bugfix(73535); ?> (php_sockop_write() returns 0 on error, can be used to trigger Denial of Service).</li>
<li><?php bugfix(74764); ?> (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).</li>
<li><?php bugfix(76859); ?> (stream_get_line skips data if used with data-generating filter).</li>
<li>Implemented FR <?php bugl(77377); ?> (No way to handle CTRL+C in Windows).</li>
<li><?php bugfix(77930); ?> (stream_copy_to_stream should use mmap more often).</li>
<li>Implemented FR <?php bugl(78177); ?> (Make proc_open accept command array).</li>
<li><?php bugfix(78208); ?> (password_needs_rehash() with an unknown algo should always return true).</li>
<li><?php bugfix(78241); ?> (touch() does not handle dates after 2038 in PHP 64-bit).</li>
<li><?php bugfix(78282); ?> (atime and mtime mismatch).</li>
<li><?php bugfix(78326); ?> (improper memory deallocation on stream_get_contents() with fixed length buffer).</li>
<li><?php bugfix(78346); ?> (strip_tags no longer handling nested php tags).</li>
<li><?php bugfix(78506); ?> (Error in a php_user_filter::filter() is not reported).</li>
<li><?php bugfix(78549); ?> (Stack overflow due to nested serialized input).</li>
<li><?php bugfix(78759); ?> (array_search in $GLOBALS).</li>
</ul>
<li>Testing:
<ul>
<li><?php bugfix(78684); ?> (PCRE bug72463_2 test is sending emails on Linux).</li>
</ul>
<li>Tidy:
<ul>
<li>Added TIDY_TAG_* constants for HTML5 elements.</li>
<li><?php bugfix(76736); ?> (wrong reflection for tidy_get_head, tidy_get_html, tidy_get_root, and tidy_getopt)</li>
</ul>
<li>WDDX:
<ul>
<li>Deprecated and unbundled the WDDX extension.</li>
</ul>
<li>Zip:
<ul>
<li><?php bugfix(78641); ?> (addGlob can modify given remove_path value).</li>
</ul>
</ul>
<!-- }}} --></section>
<a name="PHP_7_3"></a>
<section class="version" id="7.3.13"><!-- {{{ 7.3.13 -->
<h3>Version 7.3.13</h3>
<b><?php release_date('18-Dec-2019'); ?></b>
<ul><li>Bcmath:
<ul>
<li><?php bugfix(78878); ?> (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)</li>
</ul></li>
<li>Core:
<ul>
<li><?php bugfix(78862); ?> (link() silently truncates after a null byte on Windows). (CVE-2019-11044)</li>
<li><?php bugfix(78863); ?> (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)</li>
<li><?php bugfix(78943); ?> (mail() may release string with refcount==1 twice). (CVE-2019-11049)</li>
<li><?php bugfix(78787); ?> (Segfault with trait overriding inherited private shadow property).</li>
<li><?php bugfix(78868); ?> (Calling __autoload() with incorrect EG(fake_scope) value).</li>
<li><?php bugfix(78296); ?> (is_file fails to detect file).</li>
</ul></li>
<li>EXIF:
<ul>
<li><?php bugfix(78793); ?> (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)</li>
<li><?php bugfix(78910); ?> (Heap-buffer-overflow READ in exif) (CVE-2019-11047).</li>
</ul></li>
<li>GD:
<ul>
<li><?php bugfix(78849); ?> (GD build broken with -D SIGNED_COMPARE_SLOW).</li>
</ul></li>
<li>MBString:
<ul>
<li>Upgraded bundled Oniguruma to 6.9.4.</li>
</ul></li>
<li>OPcache:
<ul>
<li>Fixed potential ASLR related invalid opline handler issues.</li>
<li>Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).</li>
</ul></li>
<li>PCRE:
<ul>
<li><?php bugfix(78853); ?> (preg_match() may return integer > 1).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(78759); ?> (array_search in $GLOBALS).</li>
<li><?php bugfix(77638); ?> (var_export'ing certain class instances segfaults).</li>
<li><?php bugfix(78840); ?> (imploding $GLOBALS crashes).</li>
<li><?php bugfix(78833); ?> (Integer overflow in pack causes out-of-bound access).</li>
<li><?php bugfix(78814); ?> (strip_tags allows / in tag name => whitelist bypass).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.3.12"><!-- {{{ 7.3.12 -->
<h3>Version 7.3.12</h3>
<b><?php release_date('21-Nov-2019'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(78658); ?> (Memory corruption using Closure::bindTo).</li>
<li><?php bugfix(78656); ?> (Parse errors classified as highest log-level).</li>
<li><?php bugfix(78752); ?> (Segfault if GC triggered while generator stack frame is being destroyed).</li>
<li><?php bugfix(78689); ?> (Closure::fromCallable() doesn't handle [Closure, '__invoke']).</li>
</ul></li>
<li>COM:
<ul>
<li><?php bugfix(78694); ?> (Appending to a variant array causes segfault).</li>
</ul></li>
<li>Date:
<ul>
<li><?php bugfix(70153); ?> (\DateInterval incorrectly unserialized).</li>
<li><?php bugfix(78751); ?> (Serialising DatePeriod converts DateTimeImmutable).</li>
</ul></li>
<li>Iconv:
<ul>
<li><?php bugfix(78642); ?> (Wrong libiconv version displayed).</li>
</ul></li>
<li>OpCache:
<ul>
<li><?php bugfix(78654); ?> (Incorrectly computed opcache checksum on files with non-ascii characters).</li>
<li><?php bugfix(78747); ?> (OpCache corrupts custom extension result).</li>
</ul></li>
<li>OpenSSL:
<ul>
<li><?php bugfix(78775); ?> (TLS issues from HTTP request affecting other encrypted connections).</li>
</ul></li>
<li>Reflection:
<ul>
<li><?php bugfix(78697); ?> (ReflectionClass::ImplementsInterface - inaccurate error message with traits).</li>
</ul></li>
<li>Sockets:
<ul>
<li><?php bugfix(78665); ?> (Multicasting may leak memory).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.3.11"><!-- {{{ 7.3.11 -->
<h3>Version 7.3.11</h3>
<b><?php release_date('24-Oct-2019'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(78535); ?> (auto_detect_line_endings value not parsed as bool).</li>
<li><?php bugfix(78620); ?> (Out of memory error).</li>
</ul></li>
<li>Exif:
<ul>
<li><?php bugfix(78442); ?> ('Illegal component' on exif_read_data since PHP7) (Kalle)</li>
</ul></li>
<li>FPM:
<ul>
<li><?php bugfix(78599); ?> (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)</li>
<li><?php bugfix(78413); ?> (request_terminate_timeout does not take effect after fastcgi_finish_request).</li>
</ul></li>
<li>MBString:
<ul>
<li><?php bugfix(78633); ?> (Heap buffer overflow (read) in mb_eregi).</li>
<li><?php bugfix(78579); ?> (mb_decode_numericentity: args number inconsistency).</li>
<li><?php bugfix(78609); ?> (mb_check_encoding() no longer supports stringable objects).</li>
</ul></li>
<li>MySQLi:
<ul>
<li><?php bugfix(76809); ?> (SSL settings aren't respected when persistent connections are used).</li>
</ul></li>
<li>Mysqlnd:
<ul>
<li><?php bugfix(78525); ?> (Memory leak in pdo when reusing native prepared statements).</li>
</ul></li>
<li>PCRE:
<ul>
<li><?php bugfix(78272); ?> (calling preg_match() before pcntl_fork() will freeze child process).</li>
</ul></li>
<li>PDO_MySQL:
<ul>
<li><?php bugfix(78623); ?> (Regression caused by "SP call yields additional empty result set").</li>
</ul></li>
<li>Session:
<ul>
<li><?php bugfix(78624); ?> (session_gc return value for user defined session handlers).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(76342); ?> (file_get_contents waits twice specified timeout).</li>
<li><?php bugfix(78612); ?> (strtr leaks memory when integer keys are used and the subject string shorter).</li>
<li><?php bugfix(76859); ?> (stream_get_line skips data if used with data-generating filter).</li>
</ul></li>
<li>Zip:
<ul>
<li><?php bugfix(78641); ?> (addGlob can modify given remove_path value).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.3.10"><!-- {{{ 7.3.10 -->
<h3>Version 7.3.10</h3>
<b><?php release_date('26-Sep-2019'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(78220); ?> (Can't access OneDrive folder).</li>
<li><?php bugfix(77922); ?> (Double release of doc comment on inherited shadow property).</li>
<li><?php bugfix(78441); ?> (Parse error due to heredoc identifier followed by digit).</li>
<li><?php bugfix(77812); ?> (Interactive mode does not support PHP 7.3-style heredoc).</li>
</ul></li>
<li>FastCGI:
<ul>
<li><?php bugfix(78469); ?> (FastCGI on_accept hook is not called when using named pipes on Windows).</li>
</ul></li>
<li>FPM:
<ul>
<li><?php bugfix(78334); ?> (fpm log prefix message includes wrong stdout/stderr notation).</li>
</ul></li>
<li>Intl:
<ul>
<li>Ensure IDNA2003 rules are used with idn_to_ascii() and idn_to_utf8() when requested.</li>
</ul></li>
<li>MBString:
<ul>
<li><?php bugfix(78559); ?> (Heap buffer overflow in mb_eregi).</li>
</ul></li>
<li>MySQLnd:
<ul>
<li>Fixed connect_attr issues and added the _server_host connection attribute.</li>
</ul></li>
<li>ODBC:
<ul>
<li><?php bugfix(78473); ?> (odbc_close() closes arbitrary resources).</li>
</ul></li>
<li>PDO_MySQL:
<ul>
<li><?php bugfix(41997); ?> (SP call yields additional empty result set).</li>
</ul></li>
<li>sodium:
<ul>
<li><?php bugfix(78510); ?> (Partially uninitialized buffer returned by sodium_crypto_generichash_init()).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.3.9"><!-- {{{ 7.3.9 -->
<h3>Version 7.3.9</h3>
<b><?php release_date('29-Aug-2019'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(78363); ?> (Buffer overflow in zendparse).</li>
<li><?php bugfix(78379); ?> (Cast to object confuses GC, causes crash).</li>
<li><?php bugfix(78412); ?> (Generator incorrectly reports non-releasable $this as GC child).</li>
</ul></li>
<li>Curl:
<ul>
<li><?php bugfix(77946); ?> (Bad cURL resources returned by curl_multi_info_read()).</li>
</ul></li>
<li>Exif:
<ul>
<li><?php bugfix(78333); ?> (Exif crash (bus error) due to wrong alignment and invalid cast).</li>
</ul></li>
<li>FPM:
<ul>
<li><?php bugfix(77185); ?> (Use-after-free in FPM master event handling).</li>
</ul></li>
<li>Iconv:
<ul>
<li><?php bugfix(78342); ?> (Bus error in configure test for iconv //IGNORE).</li>
</ul></li>
<li>LiteSpeed:
<ul>
<li>Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown).</li>
</ul></li>
<li>MBString:
<ul>
<li><?php bugfix(78380); ?> (Oniguruma 6.9.3 fixes CVEs). (CVE-2019-13224)</li>
</ul></li>
<li>MySQLnd:
<ul>
<li><?php bugfix(78179); ?> (MariaDB server version incorrectly detected).</li>
<li><?php bugfix(78213); ?> (Empty row pocket).</li>
</ul></li>
<li>Opcache:
<ul>
<li><?php bugfix(77191); ?> (Assertion failure in dce_live_ranges() when silencing is used).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(69100); ?> (Bus error from stream_copy_to_stream (file -> SSL stream) with invalid length).</li>
<li><?php bugfix(78282); ?> (atime and mtime mismatch).</li>
<li><?php bugfix(78326); ?> (improper memory deallocation on stream_get_contents() with fixed length buffer).</li>
<li><?php bugfix(78346); ?> (strip_tags no longer handling nested php tags).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.3.8"><!-- {{{ 7.3.8 -->
<h3>Version 7.3.8</h3>
<b><?php release_date('01-Aug-2019'); ?></b>
<ul><li>Core:
<ul>
<li>Added syslog.filter=raw option.</li>
<li><?php bugfix(78212); ?> (Segfault in built-in webserver).</li>
</ul></li>
<li>Date:
<ul>
<li><?php bugfix(69044); ?> (discrepency between time and microtime).</li>
<li>Updated timelib to 2018.02.</li>
</ul></li>
<li>EXIF:
<ul>
<li><?php bugfix(78256); ?> (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)</li>
<li><?php bugfix(78222); ?> (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)</li>
</ul></li>
<li>FTP:
<ul>
<li><?php bugfix(78039); ?> (FTP with SSL memory leak).</li>
</ul></li>
<li>Libxml:
<ul>
<li><?php bugfix(78279); ?> (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).</li>
</ul></li>
<li>LiteSpeed:
<ul>
<li>Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).</li>
<li><?php bugfix(76058); ?> (After "POST data can't be buffered", using php://input makes huge tmp files).</li>
</ul></li>
<li>Openssl:
<ul>
<li><?php bugfix(78231); ?> (Segmentation fault upon stream_socket_accept of exported socket-to-stream).</li>
</ul></li>
<li>Opcache:
<ul>
<li><?php bugfix(78341); ?> (Failure to detect smart branch in DFA pass).</li>
<li><?php bugfix(78189); ?> (file cache strips last character of uname hash).</li>
<li><?php bugfix(78202); ?> (Opcache stats for cache hits are capped at 32bit NUM).</li>
<li><?php bugfix(78271); ?> (Invalid result of if-else).</li>
<li><?php bugfix(78291); ?> (opcache_get_configuration doesn't list all directives).</li>
</ul></li>
<li>PCRE:
<ul>
<li><?php bugfix(78338); ?> (Array cross-border reading in PCRE).</li>
<li><?php bugfix(78197); ?> (PCRE2 version check in configure fails for "##.##-xxx" version strings).</li>
</ul></li>
<li>PDO_Sqlite:
<ul>
<li><?php bugfix(78192); ?> (SegFault when reuse statement after schema has changed).</li>
</ul></li>
<li>Phar:
<ul>
<li><?php bugfix(77919); ?> (Potential UAF in Phar RSHUTDOWN).</li>
</ul></li>
<li>Phpdbg:
<ul>
<li><?php bugfix(78297); ?> (Include unexistent file memory leak).</li>
</ul></li>
<li>SQLite:
<ul>
<li>Upgraded to SQLite 3.28.0.</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(78241); ?> (touch() does not handle dates after 2038 in PHP 64-bit).</li>
<li><?php bugfix(78269); ?> (password_hash uses weak options for argon2).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.3.7"><!-- {{{ 7.3.7 -->
<h3>Version 7.3.7</h3>
<b><?php release_date('04-Jul-2019'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(76980); ?> (Interface gets skipped if autoloader throws an exception).</li>
</ul></li>
<li>DOM:
<ul>
<li><?php bugfix(78025); ?> (segfault when accessing properties of DOMDocumentType).</li>
</ul></li>
<li>MySQLi:
<ul>
<li><?php bugfix(77956); ?> (When mysqli.allow_local_infile = Off, use a meaningful error message).</li>
<li><?php bugfix(38546); ?> (bindParam incorrect processing of bool types).</li>
</ul></li>
<li>MySQLnd:
<ul>
<li><?php bugfix(77955); ?> (Random segmentation fault in mysqlnd from php-fpm).</li>
</ul></li>
<li>Opcache:
<ul>
<li><?php bugfix(78015); ?> (Incorrect evaluation of expressions involving partials arrays in SCCP).</li>
<li><?php bugfix(78106); ?> (Path resolution fails if opcache disabled during request).</li>
</ul></li>
<li>OpenSSL:
<ul>
<li><?php bugfix(78079); ?> (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).</li>
</ul></li>
<li>phpdbg:
<ul>
<li><?php bugfix(78050); ?> (SegFault phpdbg + opcache on include file twice).</li>
</ul></li>
<li>Sockets:
<ul>
<li><?php bugfix(78038); ?> (Socket_select fails when resource array contains references).</li>
</ul></li>
<li>Sodium:
<ul>
<li><?php bugfix(78114); ?> (segfault when calling sodium_* functions from eval).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(77135); ?> (Extract with EXTR_SKIP should skip $this).</li>
<li><?php bugfix(77937); ?> (preg_match failed).</li>
</ul></li>
<li>Zip:
<ul>
<li><?php bugfix(76345); ?> (zip.h not found).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.3.6"><!-- {{{ 7.3.6 -->
<h3>Version 7.3.6</h3>
<b><?php release_date('30-May-2019'); ?></b>
<ul><li>cURL:
<ul>
<li>Implemented FR <?php bugl(72189); ?> (Add missing CURL_VERSION_* constants).</li>
</ul></li>
<li>Date:
<ul>
<li><?php bugfix(77909); ?> (DatePeriod::__construct() with invalid recurrence count value).</li>
</ul></li>
<li>EXIF:
<ul>
<li><?php bugfix(77988); ?> (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).</li>
</ul></li>
<li>FPM:
<ul>
<li><?php bugfix(77934); ?> (php-fpm kill -USR2 not working).</li>
<li><?php bugfix(77921); ?> (static.php.net doesn't work anymore).</li>
</ul></li>
<li>GD:
<ul>
<li><?php bugfix(77943); ?> (imageantialias($image, false); does not work).</li>
<li><?php bugfix(77973); ?> (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).</li>
</ul></li>
<li>Iconv:
<ul>
<li><?php bugfix(78069); ?> (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).</li>
</ul></li>
<li>JSON:
<ul>
<li><?php bugfix(77843); ?> (Use after free with json serializer).</li>
</ul></li>
<li>Opcache:
<ul>
<li>Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset.</li>
</ul></li>
<li>PDO_MySQL:
<ul>
<li><?php bugfix(77944); ?> (Wrong meta pdo_type for bigint on LLP64).</li>
</ul></li>
<li>Reflection:
<ul>
<li><?php bugfix(75186); ?> (Inconsistent reflection of Closure:::__invoke()).</li>
</ul></li>
<li>Session:
<ul>
<li><?php bugfix(77911); ?> (Wrong warning for session.sid_bits_per_character).</li>
</ul></li>
<li>SOAP:
<ul>
<li><?php bugfix(77945); ?> (Segmentation fault when constructing SoapClient with WSDL_CACHE_BOTH).</li>
</ul></li>
<li>SPL:
<ul>
<li><?php bugfix(77024); ?> (SplFileObject::__toString() may return array).</li>
</ul></li>
<li>SQLite:
<ul>
<li><?php bugfix(77967); ?> (Bypassing open_basedir restrictions via file uris).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(77931); ?> (Warning for array_map mentions wrong type).</li>
<li><?php bugfix(78003); ?> (strip_tags output change since PHP 7.3).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.3.5"><!-- {{{ 7.3.5 -->
<h3>Version 7.3.5</h3>
<b><?php release_date('02-May-2019'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(77903); ?> (ArrayIterator stops iterating after offsetSet call).</li>
</ul></li>
<li>CLI:
<ul>
<li><?php bugfix(77794); ?> (Incorrect Date header format in built-in server).</li>
</ul></li>
<li>EXIF:
<ul>
<li><?php bugfix(77950); ?> (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG) (CVE-2019-11036).</li>
</ul></li>
<li>Interbase:
<ul>
<li><?php bugfix(72175); ?> (Impossibility of creating multiple connections to Interbase with php 7.x).</li>
</ul></li>
<li>Intl:
<ul>
<li><?php bugfix(77895); ?> (IntlDateFormatter::create fails in strict mode if $locale = null).</li>
</ul></li>
<li>litespeed:
<ul>
<li>LiteSpeed SAPI 7.3.1, better process management, new API function litespeed_finish_request().</li>
</ul></li>
<li>LDAP:
<ul>
<li><?php bugfix(77869); ?> (Core dump when using server controls) (mcmic)</li>
</ul></li>
<li>Mail:
<ul>
<li><?php bugfix(77821); ?> (Potential heap corruption in TSendMail()).</li>
</ul></li>
<li>mbstring:
<ul>
<li>Implemented FR <?php bugl(72777); ?> (Implement regex stack limits for mbregex functions).</li>
</ul></li>
<li>MySQLi:
<ul>
<li><?php bugfix(77773); ?> (Unbuffered queries leak memory - MySQLi / mysqlnd).</li>
</ul></li>
<li>PCRE:
<ul>
<li><?php bugfix(77827); ?> (preg_match does not ignore \r in regex flags).</li>
</ul></li>
<li>PDO:
<ul>
<li><?php bugfix(77849); ?> (Disable cloning of PDO handle/connection objects).</li>
</ul></li>
<li>phpdbg:
<ul>
<li><?php bugfix(76801); ?> (too many open files).</li>
<li><?php bugfix(77800); ?> (phpdbg segfaults on listing some conditional breakpoints).</li>
<li><?php bugfix(77805); ?> (phpdbg build fails when readline is shared).</li>
</ul></li>
<li>Reflection:
<ul>
<li><?php bugfix(77772); ?> (ReflectionClass::getMethods(null) doesn't work).</li>
<li><?php bugfix(77882); ?> (Different behavior: always calls destructor).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(77793); ?> (Segmentation fault in extract() when overwriting reference with itself).</li>
<li><?php bugfix(77844); ?> (Crash due to null pointer in parse_ini_string with INI_SCANNER_TYPED).</li>
<li><?php bugfix(77853); ?> (Inconsistent substr_compare behaviour with empty haystack).</li>