1PHP                                                                        NEWS
2|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
3?? ??? ????, PHP 7.3.26
4
5
626 Nov 2020, PHP 7.3.25
7
8- Core:
9  . Fixed bug #80280 (ADD_EXTENSION_DEP() fails for ext/standard and ext/date).
10    (cmb)
11  . Fixed bug #80258 (Windows Deduplication Enabled, randon permission errors).
12    (cmb)
13
14- COM:
15  . Fixed bug #62474 (com_event_sink crashes on certain arguments). (cmb)
16
17- DOM:
18  . Fixed bug #80268 (loadHTML() truncates at NUL bytes). (cmb)
19
20- IMAP:
21  . Fixed bug #64076 (imap_sort() does not return FALSE on failure). (cmb)
22  . Fixed bug #76618 (segfault on imap_reopen). (girgias)
23  . Fixed bug #80239 (imap_rfc822_write_address() leaks memory). (cmb)
24  . Fixed minor regression caused by fixing bug #80220. (cmb)
25  . Fixed bug #80242 (imap_mail_compose() segfaults for multipart with rfc822).
26    (cmb)
27
28- Intl:
29  . Fixed bug #80310 (ext-intl with icu4c 68.1: use of undeclared identifier
30    'TRUE'). (Alexander M. Turek)
31
32- ODBC:
33  . Fixed bug #44618 (Fetching may rely on uninitialized data). (cmb)
34
35- SNMP:
36  . Fixed bug #70461 (disable md5 code when it is not supported in net-snmp).
37    (Alexander Bergmann, cmb)
38
39- Standard:
40  . Fixed bug #80266 (parse_url silently drops port number 0). (cmb, Nikita)
41
4229 Oct 2020, PHP 7.3.24
43
44- Core:
45  . Fixed bug #79423 (copy command is limited to size of file it can copy).
46    (cmb)
47
48- Calendar:
49  . Fixed bug #80185 (jdtounix() fails after 2037). (cmb)
50
51- IMAP:
52  . Fixed bug #80213 (imap_mail_compose() segfaults on certain $bodies). (cmb)
53  . Fixed bug #80215 (imap_mail_compose() may modify by-val parameters). (cmb)
54  . Fixed bug #80220 (imap_mail_compose() may leak memory). (cmb)
55  . Fixed bug #80223 (imap_mail_compose() leaks envelope on malformed bodies).
56    (cmb)
57  . Fixed bug #80216 (imap_mail_compose() does not validate types/encodings).
58    (cmb)
59  . Fixed bug #80226 (imap_sort() leaks sortpgm memory). (cmb)
60
61- MySQLnd:
62  . Fixed bug #80115 (mysqlnd.debug doesn't recognize absolute paths with
63    slashes). (cmb)
64  . Fixed bug #80107 (mysqli_query() fails for ~16 MB long query when
65    compression is enabled). (Nikita)
66
67- ODBC:
68  . Fixed bug #78470 (odbc_specialcolumns() no longer accepts $nullable). (cmb)
69  . Fixed bug #80147 (BINARY strings may not be properly zero-terminated).
70    (cmb)
71  . Fixed bug #80150 (Failure to fetch error message). (cmb)
72  . Fixed bug #80152 (odbc_execute() moves internal pointer of $params). (cmb)
73  . Fixed bug #46050 (odbc_next_result corrupts prepared resource). (cmb)
74
75- OPcache:
76  . Fixed bug #80083 (Optimizer pass 6 removes variables used for ibm_db2 data
77    binding). (Nikita)
78
79- PDO_ODBC:
80  . Fixed bug #67465 (NULL Pointer dereference in odbc_handle_preparer). (cmb)
81
82- Standard:
83  . Fixed bug #80114 (parse_url does not accept URLs with port 0). (cmb, twosee)
84  . Fixed bug #76943 (Inconsistent stream_wrapper_restore() errors). (cmb)
85  . Fixed bug #76735 (Incorrect message in fopen on invalid mode). (cmb)
86
87- Tidy:
88  . Fixed bug #77040 (tidyNode::isHtml() is completely broken). (cmb)
89
9001 Oct 2020, PHP 7.3.23
91
92- Core:
93  . Fixed bug #80048 (Bug #69100 has not been fixed for Windows). (cmb)
94  . Fixed bug #80049 (Memleak when coercing integers to string via variadic
95    argument). (Nikita)
96  . Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` 
97    cookies can be sent). (CVE-2020-7070) (Stas)
98
99- Calendar:
100  . Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
101    (Andy Postnikov)
102
103- COM:
104  . Fixed bug #64130 (COM obj parameters passed by reference are not updated).
105    (cmb)
106
107- OPcache:
108  . Fixed bug #80002 (calc free space for new interned string is wrong).
109    (t-matsuno)
110  . Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode
111    handlers changed). (SammyK)
112
113- OpenSSL:
114  . Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 
115    bytes IV). (CVE-2020-7069) (Jakub Zelenka)
116
117- PDO:
118  . Fixed bug #80027 (Terrible performance using $query->fetch on queries with
119    many bind parameters). (Matteo)
120
121- SOAP:
122  . Fixed bug #47021 (SoapClient stumbles over WSDL delivered with
123    "Transfer-Encoding: chunked"). (Matteo)
124
125- Standard:
126  . Fixed bug #79986 (str_ireplace bug with diacritics characters). (cmb)
127  . Fixed bug #80077 (getmxrr test bug). (Rainer Jung)
128  . Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
129    (cmb)
130  . Fixed bug #80067 (Omitting the port in bindto setting errors). (cmb)
131
13203 Sep 2020, PHP 7.3.22
133
134- Core:
135  . Fixed bug #79884 (PHP_CONFIG_FILE_PATH is meaningless). (cmb)
136  . Fixed bug #77932 (File extensions are case-sensitive). (cmb)
137  . Fixed bug #79806 (realpath() erroneously resolves link to link). (cmb)
138  . Fixed bug #79895 (PHP_CHECK_GCC_ARG does not allow flags with equal sign).
139    (Santiago M. Mola)
140  . Fixed bug #79919 (Stack use-after-scope in define()). (cmb)
141  . Fixed bug #79934 (CRLF-only line in heredoc causes parsing error).
142    (Pieter van den Ham)
143
144- COM:
145  . Fixed bug #48585 (com_load_typelib holds reference, fails on second call).
146    (cmb)
147
148- Exif:
149  . Fixed bug #75785 (Many errors from exif_read_data).
150    (N��ckolas Daniel da Silva)
151
152- Gettext:
153  . Fixed bug #70574 (Tests fail due to relying on Linux fallback behavior for
154    gettext()). (Florian Engelhardt)
155
156- LDAP:
157  . Fixed memory leaks. (ptomulik)
158
159- OPcache:
160  . Fixed bug #73060 (php failed with error after temp folder cleaned up).
161    (cmb)
162
163- PDO:
164  . Fixed bug #64705 (errorInfo property of PDOException is null when
165    PDO::__construct() fails). (Ahmed Abdou)
166
167- Standard:
168  . Fixed bug #79930 (array_merge_recursive() crashes when called with array
169    with single reference). (Nikita)
170  . Fixed bug #79944 (getmxrr always returns true on Alpine linux). (Nikita)
171  . Fixed bug #79951 (Memory leak in str_replace of empty string). (Nikita)
172
173- XML:
174  . Fixed bug #79922 (Crash after multiple calls to xml_parser_free()). (cmb)
175
17606 Aug 2020, PHP 7.3.21
177
178- Apache:
179  . Fixed bug #79030 (Upgrade apache2handler's php_apache_sapi_get_request_time
180    to return usec). (Herbert256)
181
182- Core:
183  . Fixed bug #79877 (getimagesize function silently truncates after a null 
184    byte) (cmb)
185  . Fixed bug #79778 (Assertion failure if dumping closure with unresolved
186    static variable). (Nikita)
187  . Fixed bug #79792 (HT iterators not removed if empty array is destroyed).
188    (Nikita)
189
190- COM:
191  . Fixed bug #63208 (BSTR to PHP string conversion not binary safe). (cmb)
192  . Fixed bug #63527 (DCOM does not work with Username, Password parameter).
193    (cmb)
194
195- Curl:
196  . Fixed bug #79741 (curl_setopt CURLOPT_POSTFIELDS asserts on object with
197    declared properties). (Nikita)
198
199- Fileinfo:
200  . Fixed bug #79756 (finfo_file crash (FILEINFO_MIME)). (cmb)
201
202- FTP:
203  . Fixed bug #55857 (ftp_size on large files). (cmb)
204
205- Mbstring:
206  . Fixed bug #79787 (mb_strimwidth does not trim string). (XXiang)
207
208- Phar:
209  . Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile
210    function). (CVE-2020-7068) (cmb)
211
212- Standard:
213  . Fixed bug #70362 (Can't copy() large 'data://' with open_basedir). (cmb)
214  . Fixed bug #79817 (str_replace() does not handle INDIRECT elements). (Nikita)
215  . Fixed bug #78008 (dns_check_record() always return true on Alpine).
216    (Andy Postnikov)
217
21809 Jul 2020, PHP 7.3.20
219
220- Core:
221  . Fixed bug #79650 (php-win.exe 100% cpu lockup). (cmb)
222  . Fixed bug #79668 (get_defined_functions(true) may miss functions). (cmb,
223    Nikita)
224  . Fixed possibly unsupported timercmp() usage. (cmb)
225
226- Exif:
227  . Fixed bug #79687 (Sony picture - PHP Warning - Make, Model, MakerNotes). 
228    (cmb)
229
230- Filter:
231  . Fixed bug #73527 (Invalid memory access in php_filter_strip). (cmb)
232
233- GD:
234  . Fixed bug #79676 (imagescale adds black border with IMG_BICUBIC). (cmb)
235
236- OpenSSL:
237  . Fixed bug #62890 (default_socket_timeout=-1 causes connection to timeout).
238    (cmb)
239
240- PDO SQLite:
241  . Fixed bug #79664 (PDOStatement::getColumnMeta fails on empty result set).
242    (cmb)
243
244- SPL:
245  . Fixed bug #79710 (Reproducible segfault in error_handler during GC
246    involved an SplFileObject). (Nikita)
247
248- Standard:
249  . Fixed bug #74267 (segfault with streams and invalid data). (cmb)
250  . Fixed bug #79579 (ZTS build of PHP 7.3.17 doesn't handle ERANGE for
251    posix_getgrgid and others). (B��sz��rm��nyi Zolt��n)
252
25311 Jun 2020, PHP 7.3.19
254
255- Core:
256  . Fixed bug #79566 (Private SHM is not private on Windows). (cmb)
257  . Fixed bug #79489 (.user.ini does not inherit). (cmb)
258
259- GD:
260  . Fixed bug #79615 (Wrong GIF header written in GD GIFEncode). (sageptr, cmb)
261
262- MySQLnd:
263  . Fixed bug #79596 (MySQL FLOAT truncates to int some locales). (cmb)
264
265- Opcache:
266  . Fixed bug #79535 (PHP crashes with specific opcache.optimization_level).
267    (Nikita)
268  . Fixed bug #79588 (Boolean opcache settings ignore on/off values). (cmb)
269
270- Standard:
271  . Fixed bug #79561 (dns_get_record() fails with DNS_ALL). (cmb)
272
27314 May 2020, PHP 7.3.18
274
275- Core:
276  . Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). 
277    (CVE-2019-11048) (cmb)
278  . Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp 
279    files are not cleaned). (CVE-2019-11048) (cmb)
280  . Fixed bug #79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference
281    on !CS constant). (Nikita)
282  . Fixed bug #79477 (casting object into array creates references). (Nikita)
283  . Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
284    (cmb)
285  . Fixed bug #78784 (Unable to interact with files inside a VFS for Git
286    repository). (cmb)
287
288- DOM:
289  . Fixed bug #78221 (DOMNode::normalize() doesn't remove empty text nodes).
290    (cmb)
291
292- FCGI:
293  . Fixed bug #79491 (Search for .user.ini extends up to root dir). (cmb)
294
295- MBString:
296  . Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
297    (Girgias)
298
299- OpenSSL:
300  . Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes
301    with <1s timeout). (Joe Cai)
302
303- Phar:
304  . Fix bug #79503 (Memory leak on duplicate metadata). (cmb)
305
306- SimpleXML:
307  . Fixed bug #79528 (Different object of the same xml between 7.4.5 and
308    7.4.4). (cmb)
309
310- Standard:
311  . Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter
312    appended). (dinosaur)
313
31416 Apr 2020, PHP 7.3.17
315
316- Core:
317  . Fixed bug #79364 (When copy empty array, next key is unspecified). (cmb)
318  . Fixed bug #78210 (Invalid pointer address). (cmb, Nikita)
319
320- CURL:
321  . Fixed bug #79199 (curl_copy_handle() memory leak). (cmb)
322
323- Date:
324  . Fixed bug #79396 (DateTime hour incorrect during DST jump forward). (Nate
325    Brunette)
326
327- Iconv:
328  . Fixed bug #79200 (Some iconv functions cut Windows-1258). (cmb)
329
330- OPcache:
331  . Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
332    (Dmitry)
333
334- Session:
335  . Fixed bug #79413 (session_create_id() fails for active sessions). (cmb)
336
337- Shmop:
338  . Fixed bug #79427 (Integer Overflow in shmop_open()). (cmb)
339
340- SimpleXML:
341  . Fixed bug #61597 (SXE properties may lack attributes and content). (cmb)
342
343- Spl:
344  . Fixed bug #75673 (SplStack::unserialize() behavior). (cmb)
345  . Fixed bug #79393 (Null coalescing operator failing with SplFixedArray).
346    (cmb)
347
348- Standard:
349  . Fixed bug #79330 (shell_exec() silently truncates after a null byte). (stas)
350  . Fixed bug #79465 (OOB Read in urldecode()). (CVE-2020-7067) (stas)
351  . Fixed bug #79410 (system() swallows last chunk if it is exactly 4095 bytes
352    without newline). (Christian Schneider)
353
354- Zip:
355  . Fixed Bug #79296 (ZipArchive::open fails on empty file). (Remi)
356  . Fixed bug #79424 (php_zip_glob uses gl_pathc after call to globfree).
357    (Max Rees)
358
35919 Mar 2020, PHP 7.3.16
360
361- Core:
362  . Fixed bug #63206 (restore_error_handler does not restore previous errors
363    mask). (Mark Plomer)
364
365- COM:
366  . Fixed bug #66322 (COMPersistHelper::SaveToFile can save to wrong location).
367    (cmb)
368  . Fixed bug #79242 (COM error constants don't match com_exception codes on
369    x86). (cmb)
370  . Fixed bug #79248 (Traversing empty VT_ARRAY throws com_exception). (cmb)
371  . Fixed bug #79299 (com_print_typeinfo prints duplicate variables). (Litiano
372    Moura)
373  . Fixed bug #79332 (php_istreams are never freed). (cmb)
374  . Fixed bug #79333 (com_print_typeinfo() leaks memory). (cmb)
375
376- DOM:
377  . Fixed bug #77569: (Write Access Violation in DomImplementation). (Nikita,
378    cmb)
379  . Fixed bug #79271 (DOMDocumentType::$childNodes is NULL). (cmb)
380
381- Enchant:
382  . Fixed bug #79311 (enchant_dict_suggest() fails on big endian architecture).
383    (cmb)
384
385- EXIF:
386  . Fixed bug #79282 (Use-of-uninitialized-value in exif). (CVE-2020-7064)
387    (Nikita)
388
389- MBstring:
390  . Fixed bug #79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at 
391    php_unicode_tolower_full). (CVE-2020-7065) (cmb)
392
393- MySQLi:
394  . Fixed bug #64032 (mysqli reports different client_version). (cmb)
395
396- PCRE:
397  . Fixed bug #79188 (Memory corruption in preg_replace/preg_replace_callback
398    and unicode). (Nikita)
399
400- PDO_ODBC:
401  . Fixed bug #79038 (PDOStatement::nextRowset() leaks column values). (cmb)
402
403- Reflection:
404  . Fixed bug #79062 (Property with heredoc default value returns false for
405    getDocComment). (Nikita)
406
407- SQLite3:
408  . Fixed bug #79294 (::columnType() may fail after SQLite3Stmt::reset()). (cmb)
409
410- Standard:
411  . Fixed bug #79329 (get_headers() silently truncates after a null byte). 
412    (CVE-2020-7066) (cmb)
413  . Fixed bug #79254 (getenv() w/o arguments not showing changes). (cmb)
414  . Fixed bug #79265 (Improper injection of Host header when using fopen for
415    http requests). (Miguel Xavier Penha Neto)
416
41720 Feb 2020, PHP 7.3.15
418
419- Core:
420  . Fixed bug #71876 (Memory corruption htmlspecialchars(): charset `*' not
421    supported). (Nikita)
422  . Fixed bug #79146 (cscript can fail to run on some systems). (clarodeus)
423  . Fixed bug #78323 (Code 0 is returned on invalid options). (Ivan Mikheykin)
424  . Fixed bug #76047 (Use-after-free when accessing already destructed
425    backtrace arguments). (Nikita)
426
427- CURL:
428  . Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()).
429    (cmb)
430
431- Intl:
432  . Fixed bug #79212 (NumberFormatter::format() may detect wrong type). (cmb)
433
434- Libxml:
435  . Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()).
436    (Nikita, cmb)
437
438- MBString:
439  . Fixed bug #79154 (mb_convert_encoding() can modify $from_encoding). (cmb)
440
441- MySQLnd:
442  . Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
443    (cmb)
444
445- OpenSSL:
446  . Fixed bug #79145 (openssl memory leak). (cmb, Nikita)
447
448- Phar:
449  . Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have
450    all-access permissions). (CVE-2020-7063) (stas)
451  . Fixed bug #79171 (heap-buffer-overflow in phar_extract_file).
452    (CVE-2020-7061) (cmb)
453  . Fixed bug #76584 (PharFileInfo::decompress not working). (cmb)
454
455- Reflection:
456  . Fixed bug #79115 (ReflectionClass::isCloneable call reflected class
457    __destruct). (Nikita)
458
459- Session:
460  . Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress).
461    (CVE-2020-7062) (stas)
462
463- SPL:
464  . Fixed bug #79151 (heap use after free caused by
465    spl_dllist_it_helper_move_forward). (Nikita)
466
467- Standard:
468  . Fixed bug #78902 (Memory leak when using stream_filter_append). (liudaixiao)
469
470- Testing:
471  . Fixed bug #78090 (bug45161.phpt takes forever to finish). (cmb)
472
473- XSL:
474  . Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory). (cmb)
475
47623 Jan 2020, PHP 7.3.14
477
478- Core
479  . Fixed bug #78999 (Cycle leak when using function result as temporary).
480    (Dmitry)
481
482- CURL:
483  . Fixed bug #79033 (Curl timeout error with specific url and post). (cmb)
484
485- Date:
486  . Fixed bug #79015 (undefined-behavior in php_date.c). (cmb)
487
488- DBA:
489  . Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).
490    (cmb)
491
492- Fileinfo:
493  . Fixed bug #74170 (locale information change after mime_content_type).
494    (Sergei Turchanov)
495
496- GD:
497  . Fixed bug #78923 (Artifacts when convoluting image with transparency).
498    (wilson chen)
499  . Fixed bug #79067 (gdTransformAffineCopy() may use unitialized values). (cmb)
500  . Fixed bug #79068 (gdTransformAffineCopy() changes interpolation method).
501    (cmb)
502
503- Libxml:
504  . Fixed bug #79029 (Use After Free's in XMLReader / XMLWriter). (Laruence)
505
506- Mbstring:
507  . Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). 
508    (CVE-2020-7060) (Nikita)
509
510- OPcache:
511  . Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR). (cmb)
512
513- Pcntl:
514  . Fixed bug #78402 (Converting null to string in error message is bad DX).
515    (SAT�� Kentar��)
516
517- PDO_PgSQL:
518  . Fixed bug #78983 (pdo_pgsql config.w32 cannot find libpq-fe.h). (SAT��
519    Kentar��)
520  . Fixed bug #78980 (pgsqlGetNotify() overlooks dead connection). (SAT��
521    Kentar��)
522  . Fixed bug #78982 (pdo_pgsql returns dead persistent connection). (SAT��
523    Kentar��)
524
525- Session:
526  . Fixed bug #79091 (heap use-after-free in session_create_id()). (cmb, Nikita)
527
528- Shmop:
529  . Fixed bug #78538 (shmop memory leak). (cmb)
530
531- Standard:
532  . Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059). (cmb)
533  . Fixed bug #54298 (Using empty additional_headers adding extraneous CRLF).
534    (cmb)
535
53618 Dec 2019, PHP 7.3.13
537
538- Bcmath:
539  . Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).
540    (cmb)
541
542- Core:
543  . Fixed bug #78862 (link() silently truncates after a null byte on Windows).
544    (CVE-2019-11044). (cmb)
545  . Fixed bug #78863 (DirectoryIterator class silently truncates after a null
546    byte). (CVE-2019-11045). (cmb)
547  . Fixed bug #78943 (mail() may release string with refcount==1 twice).
548    (CVE-2019-11049). (cmb)
549  . Fixed bug #78787 (Segfault with trait overriding inherited private shadow
550    property). (Nikita)
551  . Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value).
552    (Antony Dovgal, Dmitry)
553  . Fixed bug #78296 (is_file fails to detect file). (cmb)
554
555- EXIF:
556  . Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer).
557    (CVE-2019-11050). (Nikita)
558  . Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047).
559    (Nikita)
560
561- GD:
562  . Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW). (cmb)
563
564- MBString:
565  . Upgraded bundled Oniguruma to 6.9.4. (cmb)
566
567- OPcache:
568  . Fixed potential ASLR related invalid opline handler issues. (cmb)
569  . Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
570    (Tyson Andre)
571
572- PCRE:
573  . Fixed bug #78853 (preg_match() may return integer > 1). (cmb)
574
575- Standard:
576  . Fixed bug #78759 (array_search in $GLOBALS). (Nikita)
577  . Fixed bug #77638 (var_export'ing certain class instances segfaults). (cmb)
578  . Fixed bug #78840 (imploding $GLOBALS crashes). (cmb)
579  . Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
580    (cmb)
581  . Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).
582    (cmb)
583
58421 Nov 2019, PHP 7.3.12
585
586- Core:
587  . Fixed bug #78658 (Memory corruption using Closure::bindTo). (Nikita)
588  . Fixed bug #78656 (Parse errors classified as highest log-level). (Erik
589    Lundin)
590  . Fixed bug #78752 (Segfault if GC triggered while generator stack frame is
591    being destroyed). (Nikita)
592  . Fixed bug #78689 (Closure::fromCallable() doesn't handle
593    [Closure, '__invoke']). (Nikita)
594
595- COM:
596  . Fixed bug #78694 (Appending to a variant array causes segfault). (cmb)
597
598- Date:
599  . Fixed bug #70153 (\DateInterval incorrectly unserialized). (Maksim Iakunin)
600  . Fixed bug #78751 (Serialising DatePeriod converts DateTimeImmutable). (cmb)
601
602- Iconv:
603  . Fixed bug #78642 (Wrong libiconv version displayed). (gedas at martynas,
604    cmb).
605
606- OpCache:
607  . Fixed bug #78654 (Incorrectly computed opcache checksum on files with 
608    non-ascii characters). (mhagstrand)
609  . Fixed bug #78747 (OpCache corrupts custom extension result). (Nikita)
610
611- OpenSSL:
612  . Fixed bug #78775 (TLS issues from HTTP request affecting other encrypted
613    connections). (Nikita)
614
615- Reflection:
616  . Fixed bug #78697 (ReflectionClass::ImplementsInterface - inaccurate error 
617    message with traits). (villfa)
618
619- Sockets:
620  . Fixed bug #78665 (Multicasting may leak memory). (cmb)
621
62224 Oct 2019, PHP 7.3.11
623
624- Core:
625  . Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
626    (bugreportuser)
627  . Fixed bug #78620 (Out of memory error). (cmb, Nikita)
628
629- Exif :
630  . Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7)
631	(Kalle)
632
633- FPM:
634  . Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE).
635    (CVE-2019-11043) (Jakub Zelenka)
636  . Fixed bug #78413 (request_terminate_timeout does not take effect after
637    fastcgi_finish_request). (Sergei Turchanov)
638
639- MBString:
640  . Fixed bug #78633 (Heap buffer overflow (read) in mb_eregi). (cmb)
641  . Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
642    (cmb)
643  . Fixed bug #78609 (mb_check_encoding() no longer supports stringable
644    objects). (cmb)
645
646- MySQLi:
647  . Fixed bug #76809 (SSL settings aren't respected when persistent connections 
648    are used). (fabiomsouto)
649
650- Mysqlnd:
651  . Fixed bug #78525 (Memory leak in pdo when reusing native prepared
652    statements). (Nikita)
653
654- PCRE:
655  . Fixed bug #78272 (calling preg_match() before pcntl_fork() will freeze
656    child process). (Nikita)
657
658- PDO_MySQL:
659  . Fixed bug #78623 (Regression caused by "SP call yields additional empty
660    result set"). (cmb)
661
662- Session:
663  . Fixed bug #78624 (session_gc return value for user defined session 
664    handlers). (bshaffer)
665
666- Standard:
667  . Fixed bug #76342 (file_get_contents waits twice specified timeout).
668    (Thomas Calvet)
669  . Fixed bug #78612 (strtr leaks memory when integer keys are used and the
670    subject string shorter). (Nikita)
671  . Fixed bug #76859 (stream_get_line skips data if used with data-generating 
672    filter). (kkopachev)
673
674- Zip:
675  . Fixed bug #78641 (addGlob can modify given remove_path value). (cmb)
676
67726 Sep 2019, PHP 7.3.10
678
679- Core:
680  . Fixed bug #78220 (Can't access OneDrive folder). (cmb, ab)
681  . Fixed bug #77922 (Double release of doc comment on inherited shadow
682    property). (Nikita)
683  . Fixed bug #78441 (Parse error due to heredoc identifier followed by digit).
684    (cmb)
685  . Fixed bug #77812 (Interactive mode does not support PHP 7.3-style heredoc).
686    (cmb, Nikita)
687
688- FastCGI:
689  . Fixed bug #78469 (FastCGI on_accept hook is not called when using named
690    pipes on Windows). (Sergei Turchanov)
691
692- FPM:
693  . Fixed bug #78334 (fpm log prefix message includes wrong stdout/stderr
694    notation). (Tsuyoshi Sadakata)
695
696- Intl:
697  . Ensure IDNA2003 rules are used with idn_to_ascii() and idn_to_utf8()
698    when requested. (Sara)
699
700- MBString:
701  . Fixed bug #78559 (Heap buffer overflow in mb_eregi). (cmb)
702
703- MySQLnd:
704  . Fixed connect_attr issues and added the _server_host connection attribute.
705    (Qianqian Bu)
706
707- ODBC:
708  . Fixed bug #78473 (odbc_close() closes arbitrary resources). (cmb)
709
710- PDO_MySQL:
711  . Fixed bug #41997 (SP call yields additional empty result set). (cmb)
712
713- sodium:
714  . Fixed bug #78510 (Partially uninitialized buffer returned by
715    sodium_crypto_generichash_init()). (Frank Denis, cmb)
716
71729 Aug 2019, PHP 7.3.9
718
719- Core:
720  . Fixed bug #78363 (Buffer overflow in zendparse). (Nikita)
721  . Fixed bug #78379 (Cast to object confuses GC, causes crash). (Dmitry)
722  . Fixed bug #78412 (Generator incorrectly reports non-releasable $this as GC
723    child). (Nikita)
724
725- Curl:
726  . Fixed bug #77946 (Bad cURL resources returned by curl_multi_info_read()).
727    (Abyr Valg)
728
729- Exif:
730  . Fixed bug #78333 (Exif crash (bus error) due to wrong alignment and
731    invalid cast). (Nikita)
732
733- FPM:
734  . Fixed bug #77185 (Use-after-free in FPM master event handling).
735    (Maksim Nikulin)
736
737- Iconv:
738  . Fixed bug #78342 (Bus error in configure test for iconv //IGNORE). (Rainer
739    Jung)
740
741- LiteSpeed:
742  . Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown). (George Wang)
743
744- MBString:
745  . Fixed bug #78380 (Oniguruma 6.9.3 fixes CVEs). (CVE-2019-13224) (Stas)
746
747- MySQLnd:
748  . Fixed bug #78179 (MariaDB server version incorrectly detected). (cmb)
749  . Fixed bug #78213 (Empty row pocket). (cmb)
750
751- Opcache:
752  . Fixed bug #77191 (Assertion failure in dce_live_ranges() when silencing is
753    used). (Nikita)
754
755- Standard:
756  . Fixed bug #69100 (Bus error from stream_copy_to_stream (file -> SSL stream)
757    with invalid length). (Nikita)
758  . Fixed bug #78282 (atime and mtime mismatch). (cmb)
759  . Fixed bug #78326 (improper memory deallocation on stream_get_contents()
760    with fixed length buffer). (Albert Casademont)
761  . Fixed bug #78346 (strip_tags no longer handling nested php tags). (cmb)
762
76301 Aug 2019, PHP 7.3.8
764
765- Core:
766  . Added syslog.filter=raw option. (Erik Lundin)
767  . Fixed bug #78212 (Segfault in built-in webserver). (cmb)
768
769- Date:
770  . Fixed bug #69044 (discrepency between time and microtime). (krakjoe)
771  . Updated timelib to 2018.02. (Derick)
772
773- EXIF:
774  . Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment).
775    (CVE-2019-11042) (Stas)
776  . Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail).
777    (CVE-2019-11041) (Stas)
778
779- FTP:
780  . Fixed bug #78039 (FTP with SSL memory leak). (Nikita)
781
782- Libxml:
783  . Fixed bug #78279 (libxml_disable_entity_loader settings is shared between
784    requests (cgi-fcgi)). (Nikita)
785
786- LiteSpeed:
787  . Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from
788    100 to 1000, added crash handler to cleanly shutdown PHP request, added
789    CloudLinux mod_lsapi mode). (George Wang)
790  . Fixed bug #76058 (After "POST data can't be buffered", using php://input
791    makes huge tmp files). (George Wang)
792
793- Openssl:
794  . Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported
795    socket-to-stream). (Nikita)
796
797- Opcache:
798  . Fixed bug #78189 (file cache strips last character of uname hash). (cmb)
799  . Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM).
800    (cmb)
801  . Fixed bug #78271 (Invalid result of if-else). (Nikita)
802  . Fixed bug #78291 (opcache_get_configuration doesn't list all directives).
803    (Andrew Collington)
804  . Fixed bug #78341 (Failure to detect smart branch in DFA pass). (Nikita)
805
806- PCRE:
807  . Fixed bug #78197 (PCRE2 version check in configure fails for "##.##-xxx"
808    version strings). (pgnet, Peter Kokot)
809  . Fixed bug #78338 (Array cross-border reading in PCRE). (cmb)
810
811- PDO_Sqlite:
812  . Fixed bug #78192 (SegFault when reuse statement after schema has changed).
813    (Vincent Quatrevieux)
814
815- Phar:
816  . Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN). (cmb)
817
818- Phpdbg:
819  . Fixed bug #78297 (Include unexistent file memory leak). (Nikita)
820
821- SQLite:
822  . Upgraded to SQLite 3.28.0. (cmb)
823
824- Standard:
825  . Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit). (cmb)
826  . Fixed bug #78269 (password_hash uses weak options for argon2). (Remi)
827
82804 Jul 2019, PHP 7.3.7
829
830- Core:
831  . Fixed bug #76980 (Interface gets skipped if autoloader throws an exception).
832    (Nikita)
833
834- DOM:
835  . Fixed bug #78025 (segfault when accessing properties of DOMDocumentType).
836    (cmb)
837
838- MySQLi:
839  . Fixed bug #77956 (When mysqli.allow_local_infile = Off, use a meaningful
840    error message). (Sjon Hortensius)
841  . Fixed bug #38546 (bindParam incorrect processing of bool types).
842    (camporter)
843
844- MySQLnd:
845  . Fixed bug #77955 (Random segmentation fault in mysqlnd from php-fpm).
846    (Nikita)
847
848- Opcache:
849  . Fixed bug #78015 (Incorrect evaluation of expressions involving partials
850    arrays in SCCP). (Nikita)
851  . Fixed bug #78106 (Path resolution fails if opcache disabled during request).
852    (Nikita)
853
854- OpenSSL:
855  . Fixed bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).
856    (Jakub Zelenka)
857
858- phpdbg:
859  . Fixed bug #78050 (SegFault phpdbg + opcache on include file twice).
860    (Nikita)
861
862- Sockets:
863  . Fixed bug #78038 (Socket_select fails when resource array contains
864    references). (Nikita)
865
866- Sodium:
867  . Fixed bug #78114 (segfault when calling sodium_* functions from eval). (cmb)
868
869- Standard:
870  . Fixed bug #77135 (Extract with EXTR_SKIP should skip $this).
871    (Craig Duncan, Dmitry)
872  . Fixed bug #77937 (preg_match failed). (cmb, Anatol)
873
874- Zip:
875  . Fixed bug #76345 (zip.h not found). (Michael Maroszek)
876
87730 May 2019, PHP 7.3.6
878
879- cURL:
880  . Implemented FR #72189 (Add missing CURL_VERSION_* constants). (Javier
881    Spagnoletti)
882
883- Date:
884  . Fixed bug #77909 (DatePeriod::__construct() with invalid recurrence count
885    value). (Ignace Nyamagana Butera)
886
887- EXIF:
888  . Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
889    (CVE-2019-11040) (Stas)
890
891- FPM:
892  . Fixed bug #77934 (php-fpm kill -USR2 not working). (Jakub Zelenka)
893  . Fixed bug #77921 (static.php.net doesn't work anymore). (Peter Kokot)
894
895- GD:
896  . Fixed bug #77943 (imageantialias($image, false); does not work). (cmb)
897  . Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm).
898    (CVE-2019-11038) (cmb)
899
900- Iconv:
901  . Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
902    due to integer overflow). (CVE-2019-11039). (maris dot adam)
903
904- JSON:
905  . Fixed bug #77843 (Use after free with json serializer). (Nikita)
906
907- Opcache:
908  . Fixed possible crashes, because of inconsistent PCRE cache and opcache
909    SHM reset. (Alexey Kalinin, Dmitry)
910
911- PDO_MySQL:
912  . Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64). (cmb)
913
914- Reflection:
915  . Fixed bug #75186 (Inconsistent reflection of Closure:::__invoke()). (Nikita)
916
917- Session:
918  . Fixed bug #77911 (Wrong warning for session.sid_bits_per_character). (cmb)
919
920- SOAP:
921  . Fixed bug #77945 (Segmentation fault when constructing SoapClient with
922    WSDL_CACHE_BOTH). (Nikita)
923
924- SPL:
925  . Fixed bug #77024 (SplFileObject::__toString() may return array). (Craig
926    Duncan)
927
928- SQLite:
929  . Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)
930
931- Standard:
932  . Fixed bug #77931 (Warning for array_map mentions wrong type). (Nikita)
933  . Fixed bug #78003 (strip_tags output change since PHP 7.3). (cmb)
934
93502 May 2019, PHP 7.3.5
936
937- Core:
938  . Fixed bug #77903 (ArrayIterator stops iterating after offsetSet call).
939    (Nikita)
940
941- CLI:
942  . Fixed bug #77794 (Incorrect Date header format in built-in server).
943    (kelunik)
944
945- EXIF
946  . Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
947    (CVE-2019-11036) (Stas)
948
949- Interbase:
950  . Fixed bug #72175 (Impossibility of creating multiple connections to
951    Interbase with php 7.x). (Nikita)
952
953- Intl:
954  . Fixed bug #77895 (IntlDateFormatter::create fails in strict mode if $locale
955    = null). (Nikita)
956
957- LDAP:
958  . Fixed bug #77869 (Core dump when using server controls) (mcmic)
959
960- Mail
961  . Fixed bug #77821 (Potential heap corruption in TSendMail()). (cmb)
962
963- mbstring:
964  . Implemented FR #72777 (Implement regex stack limits for mbregex functions).
965    (Yasuo Ohgaki, Stas)
966
967- MySQLi:
968  . Fixed bug #77773 (Unbuffered queries leak memory - MySQLi / mysqlnd).
969    (Nikita)
970
971- PCRE:
972  . Fixed bug #77827 (preg_match does not ignore \r in regex flags). (requinix,
973    cmb)
974
975- PDO:
976  . Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
977    (camporter)
978
979- phpdbg:
980  . Fixed bug #76801 (too many open files). (alekitto)
981  . Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
982    (krakjoe)
983  . Fixed bug #77805 (phpdbg build fails when readline is shared). (krakjoe)
984
985- Reflection:
986  . Fixed bug #77772 (ReflectionClass::getMethods(null) doesn't work). (Nikita)
987  . Fixed bug #77882 (Different behavior: always calls destructor). (Nikita)
988
989- Standard:
990  . Fixed bug #77793 (Segmentation fault in extract() when overwriting
991    reference with itself). (Nikita)
992  . Fixed bug #77844 (Crash due to null pointer in parse_ini_string with
993    INI_SCANNER_TYPED). (Nikita)
994  . Fixed bug #77853 (Inconsistent substr_compare behaviour with empty
995    haystack). (Nikita)
996
99704 Apr 2019, PHP 7.3.4
998
999- Core:
1000  . Fixed bug #77738 (Nullptr deref in zend_compile_expr). (Laruence)
1001  . Fixed bug #77660 (Segmentation fault on break 2147483648). (Laruence)
1002  . Fixed bug #77652 (Anonymous classes can lose their interface information).
1003    (Nikita)
1004  . Fixed bug #77345 (Stack Overflow caused by circular reference in garbage
1005    collection). (Alexandru Patranescu, Nikita, Dmitry)
1006  . Fixed bug #76956 (Wrong value for 'syslog.filter' documented in php.ini).
1007    (cmb)
1008
1009- Apache2Handler:
1010  . Fixed bug #77648 (BOM in sapi/apache2handler/php_functions.c). (cmb)
1011
1012- Bcmath:
1013  . Fixed bug #77742 (bcpow() implementation related to gcc compiler
1014    optimization). (Nikita)
1015
1016- CLI Server:
1017  . Fixed bug #77722 (Incorrect IP set to $_SERVER['REMOTE_ADDR'] on the
1018    localhost). (Nikita)
1019
1020- COM:
1021  . Fixed bug #77578 (Crash when php unload). (cmb)
1022
1023- EXIF:
1024  . Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)
1025    (Stas)
1026  . Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
1027    (CVE-2019-11035) (Stas)
1028
1029- FPM:
1030  . Fixed bug #77677 (FPM fails to build on AIX due to missing WCOREDUMP).
1031    (Kevin Adler)
1032
1033- GD:
1034  . Fixed bug #77700 (Writing truecolor images as GIF ignores interlace flag).
1035    (cmb)
1036
1037- MySQLi:
1038  . Fixed bug #77597 (mysqli_fetch_field hangs scripts). (Nikita)
1039
1040- Opcache:
1041  . Fixed bug #77743 (Incorrect pi node insertion for jmpznz with identical
1042    successors). (Nikita)
1043
1044- PCRE:
1045  . Fixed bug #76127 (preg_split does not raise an error on invalid UTF-8).
1046    (Nikita)
1047
1048- Phar:
1049  . Fixed bug #77697 (Crash on Big_Endian platform). (Laruence)
1050
1051- phpdbg:
1052  . Fixed bug #77767 (phpdbg break cmd aliases listed in help do not match
1053    actual aliases). (Miriam Lauter)
1054
1055- sodium:
1056  . Fixed bug #77646 (sign_detached() strings not terminated). (Frank)
1057
1058- SQLite3:
1059  . Added sqlite3.defensive INI directive. (BohwaZ)
1060
1061- Standard:
1062  . Fixed bug #77664 (Segmentation fault when using undefined constant in
1063    custom wrapper). (Laruence)
1064  . Fixed bug #77669 (Crash in extract() when overwriting extracted array).
1065    (Nikita)
1066  . Fixed bug #76717 (var_export() does not create a parsable value for
1067    PHP_INT_MIN). (Nikita)
1068  . Fixed bug #77765 (FTP stream wrapper should set the directory as
1069    executable). (Vlad Temian)
1070
107107 Mar 2019, PHP 7.3.3
1072
1073- Core:
1074  . Fixed bug #77589 (Core dump using parse_ini_string with numeric sections).
1075    (Laruence)
1076  . Fixed bug #77329 (Buffer Overflow via overly long Error Messages).
1077    (Dmitry)
1078  . Fixed bug #77494 (Disabling class causes segfault on member access).
1079    (Dmitry)
1080  . Fixed bug #77498 (Custom extension Segmentation fault when declare static
1081    property). (Nikita)
1082  . Fixed bug #77530 (PHP crashes when parsing `(2)::class`). (Ekin)
1083  . Fixed bug #77546 (iptcembed broken function). (gdegoulet)
1084  . Fixed bug #77630 (rename() across the device may allow unwanted access
1085    during processing). (Stas)
1086
1087- COM:
1088  . Fixed bug #77621 (Already defined constants are not properly reported).
1089    (cmb)
1090  . Fixed bug #77626 (Persistence confusion in php_com_import_typelib()). (cmb)
1091
1092- EXIF:
1093  . Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF). (Stas)
1094  . Fixed bug #77540 (Invalid Read on exif_process_SOFn). (Stas)
1095  . Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (Stas)
1096  . Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (Stas)
1097
1098- Mbstring:
1099  . Fixed bug #77514 (mb_ereg_replace() with trailing backslash adds null byte).
1100    (Nikita)
1101
1102- MySQL
1103  . Disabled LOCAL INFILE by default, can be enabled using php.ini directive
1104    mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE
1105    attribute for pdo_mysql. (Darek Slusarczyk)
1106
1107- OpenSSL:
1108  . Fixed bug #77390 (feof might hang on TLS streams in case of fragmented TLS
1109    records). (Abyl Valg, Jakub Zelenka)
1110
1111- PDO_OCI:
1112  . Support Oracle Database tracing attributes ACTION, MODULE,
1113    CLIENT_INFO, and CLIENT_IDENTIFIER. (Cameron Porter)
1114
1115- PHAR:
1116  . Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
1117    (bishop)
1118  . Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow). (bishop)
1119
1120- phpdbg:
1121  . Fixed bug #76596 (phpdbg support for display_errors=stderr). (kabel)
1122
1123- SPL:
1124  . Fixed bug #51068 (DirectoryIterator glob:// don't support current path
1125    relative queries). (Ahmed Abdou)
1126  . Fixed bug #77431 (openFile() silently truncates after a null byte). (cmb)
1127
1128- Standard:
1129  . Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions).
1130    (John Stevenson)
1131  . Fixed bug #77612 (setcookie() sets incorrect SameSite header if all of its
1132    options filled). (Nikita)
1133
113407 Feb 2019, PHP 7.3.2
1135
1136- Core:
1137  . Fixed bug #77369 (memcpy with negative length via crafted DNS response). (Stas)
1138  . Fixed bug #77387 (Recursion detection broken when printing GLOBALS).
1139    (Laruence)
1140  . Fixed bug #77376 ("undefined function" message no longer includes
1141    namespace). (Laruence)
1142  . Fixed bug #77357 (base64_encode / base64_decode doest not work on nested
1143    VM). (Nikita)
1144  . Fixed bug #77339 (__callStatic may get incorrect arguments). (Dmitry)
1145  . Fixed bug #77317 (__DIR__, __FILE__, realpath() reveal physical path for
1146    subst virtual drive). (Anatol)
1147  . Fixed bug #77263 (Segfault when using 2 RecursiveFilterIterator). (Dmitry)
1148  . Fixed bug #77447 (PHP 7.3 built with ASAN crashes in
1149    zend_cpu_supports_avx2). (Nikita)
1150  . Fixed bug #77484 (Zend engine crashes when calling realpath in invalid
1151    working dir). (Anatol)
1152
1153- Curl:
1154  . Fixed bug #76675 (Segfault with H2 server push). (Pedro Magalh��es)
1155
1156- Fileinfo:
1157  . Fixed bug #77346 (webm files incorrectly detected as
1158    application/octet-stream). (Anatol)
1159
1160- FPM:
1161  . Fixed bug #77430 (php-fpm crashes with Main process exited, code=dumped,
1162    status=11/SEGV). (Jakub Zelenka)
1163
1164- GD:
1165  . Fixed bug #73281 (imagescale(���, IMG_BILINEAR_FIXED) can cause black border).
1166    (cmb)
1167  . Fixed bug #73614 (gdImageFilledArc() doesn't properly draw pies). (cmb)
1168  . Fixed bug #77272 (imagescale() may return image resource on failure). (cmb)
1169  . Fixed bug #77391 (1bpp BMPs may fail to be loaded). (Romain D��oux, cmb)
1170  . Fixed bug #77479 (imagewbmp() segfaults with very large images). (cmb)
1171
1172- ldap:
1173  . Fixed bug #77440 (ldap_bind using ldaps or ldap_start_tls()=exception in
1174    libcrypto-1_1-x64.dll). (Anatol)
1175
1176- Mbstring:
1177  . Fixed bug #77428 (mb_ereg_replace() doesn't replace a substitution
1178    variable). (Nikita)
1179  . Fixed bug #77454 (mb_scrub() silently truncates after a null byte).
1180    (64796c6e69 at gmail dot com)
1181
1182- MySQLnd:
1183  . Fixed bug #77308 (Unbuffered queries memory leak). (Dmitry)
1184  . Fixed bug #75684 (In mysqlnd_ext_plugin.h the plugin methods family has
1185      no external visibility). (Anatol)
1186
1187- Opcache:
1188  . Fixed bug #77266 (Assertion failed in dce_live_ranges). (Laruence)
1189  . Fixed bug #77257 (value of variable assigned in a switch() construct gets
1190    lost). (Nikita)
1191  . Fixed bug #77434 (php-fpm workers are segfaulting in zend_gc_addre).
1192    (Nikita)
1193  . Fixed bug #77361 (configure fails on 64-bit AIX when opcache enabled).
1194    (Kevin Adler)
1195  . Fixed bug #77287 (Opcache literal compaction is incompatible with EXT
1196    opcodes). (Nikita)
1197
1198- PCRE:
1199  . Fixed bug #77338 (get_browser with empty string). (Nikita)
1200
1201- PDO:
1202  . Fixed bug #77273 (array_walk_recursive corrupts value types leading to PDO
1203    failure). (Nikita)
1204
1205- PDO MySQL:
1206  . Fixed bug #77289 (PDO MySQL segfaults with persistent connection).
1207    (Lauri Kentt��)
1208
1209- SOAP:
1210  . Fixed bug #77410 (Segmentation Fault when executing method with an empty
1211    parameter). (Nikita)
1212
1213- Sockets:
1214  . Fixed bug #76839 (socket_recvfrom may return an invalid 'from' address
1215    on MacOS). (Michael Meyer)
1216
1217- SPL:
1218  . Fixed bug #77298 (segfault occurs when add property to unserialized empty
1219    ArrayObject). (jhdxr)
1220
1221- Standard:
1222  . Fixed bug #77395 (segfault about array_multisort). (Laruence)
1223  . Fixed bug #77439 (parse_str segfaults when inserting item into existing
1224    array). (Nikita)
1225
122610 Jan 2019, PHP 7.3.1
1227
1228- Core:
1229  . Fixed bug #76654 (Build failure on Mac OS X on 32-bit Intel). (Ryandesign)
1230  . Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
1231    (Valentin V. Bartenev)
1232  . Fixed bug #76046 (PHP generates "FE_FREE" opcode on the wrong line).
1233    (Nikita)
1234  . Fixed bug #77291 (magic methods inherited from a trait may be ignored).
1235    (cmb)
1236
1237- CURL:
1238  . Fixed bug #77264 (curl_getinfo returning microseconds, not seconds).
1239    (Pierrick)
1240
1241- COM:
1242  . Fixed bug #77177 (Serializing or unserializing COM objects crashes). (cmb)
1243
1244- Exif:
1245  . Fixed bug #77184 (Unsigned rational numbers are written out as signed
1246    rationals). (Colin Basnett)
1247
1248- GD:
1249  . Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()). (cmb)
1250  . Fixed bug #77198 (auto cropping has insufficient precision). (cmb)
1251  . Fixed bug #77200 (imagecropauto(���, GD_CROP_SIDES) crops left but not right).
1252    (cmb)
1253  . Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to
1254    use-after-free). (cmb)
1255  . Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). (cmb)
1256
1257- MBString:
1258  . Fixed bug #77367 (Negative size parameter in mb_split). (Stas)
1259  . Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token).
1260    (Stas)
1261  . Fixed bug #77371 (heap buffer overflow in mb regex functions
1262    - compile_string_node). (Stas)
1263  . Fixed bug #77381 (heap buffer overflow in multibyte match_at). (Stas)
1264  . Fixed bug #77382 (heap buffer overflow due to incorrect length in
1265    expand_case_fold_string). (Stas)
1266  . Fixed bug #77385 (buffer overflow in fetch_token). (Stas)
1267  . Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode).
1268    (Stas)
1269  . Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). (Stas)
1270
1271- OCI8:
1272  . Fixed bug #76804 (oci_pconnect with OCI_CRED_EXT not working). (KoenigsKind)
1273  . Added oci_set_call_timeout() for call timeouts.
1274  . Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
1275
1276- Opcache:
1277  . Fixed bug #77215 (CFG assertion failure on multiple finalizing switch
1278    frees in one block). (Nikita)
1279  . Fixed bug #77275 (OPcache optimization problem for ArrayAccess->offsetGet).
1280    (Nikita)
1281
1282- PCRE:
1283  . Fixed bug #77193 (Infinite loop in preg_replace_callback). (Anatol)
1284
1285- PDO:
1286  . Handle invalid index passed to PDOStatement::fetchColumn() as error. (Sergei
1287    Morozov)
1288
1289- Phar:
1290  . Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). (Stas)
1291
1292- Soap:
1293  . Fixed bug #77088 (Segfault when using SoapClient with null options).
1294    (Laruence)
1295
1296- Sockets:
1297  . Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS).
1298    (Mizunashi Mana)
1299
1300- Sodium:
1301  . Fixed bug #77297 (SodiumException segfaults on PHP 7.3). (Nikita, Scott)
1302
1303- SPL:
1304  . Fixed bug #77359 (spl_autoload causes segfault). (Lauri Kentt��)
1305  . Fixed bug #77360 (class_uses causes segfault). (Lauri Kentt��)
1306
1307- SQLite3:
1308  . Fixed bug #77051 (Issue with re-binding on SQLite3). (BohwaZ)
1309
1310- Xmlrpc:
1311  . Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). (cmb)
1312  . Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). (Stas)
1313
131406 Dec 2018, PHP 7.3.0
1315
1316- Core:
1317  . Improved PHP GC. (Dmitry, Nikita)
1318  . Redesigned the old ext_skel program written in PHP, run:
1319    'php ext_skel.php' for all options. This means there are no dependencies,
1320    thus making it work on Windows out of the box. (Kalle)
1321  . Removed support for BeOS. (Kalle)
1322  . Add PHP_VERSION to phpinfo() <title/>. (github/MattJeevas)
1323  . Add net_get_interfaces(). (Sara, Joe, Anatol)
1324  . Added gc_status(). (Benjamin Eberlei)
1325  . Implemented flexible heredoc and nowdoc syntax, per
1326    RFC https://wiki.php.net/rfc/flexible_heredoc_nowdoc_syntaxes.
1327    (Thomas Punt)
1328  . Added support for references in list() and array destructuring, per
1329    RFC https://wiki.php.net/rfc/list_reference_assignment.
1330    (David Walker)
1331  . Improved effectiveness of ZEND_SECURE_ZERO for NetBSD and systems
1332    without native similar feature. (devnexen)
1333  . Added syslog.facility and syslog.ident INI entries for customizing syslog
1334    logging. (Philip Prindeville)
1335  . Fixed bug #75683 (Memory leak in zend_register_functions() in ZTS mode).
1336    (Dmitry)
1337  . Fixed bug #75031 (support append mode in temp/memory streams). (adsr)
1338  . Fixed bug #74860 (Uncaught exceptions not being formatted properly when
1339    error_log set to "syslog"). (Philip Prindeville)
1340  . Fixed bug #75220 (Segfault when calling is_callable on parent).
1341    (andrewnester)
1342  . Fixed bug #69954 (broken links and unused config items in distributed ini
1343    files). (petk)
1344  . Fixed bug #74922 (Composed class has fatal error with duplicate, equal const
1345    properties). (pmmaga)
1346  . Fixed bug #63911 (identical trait methods raise errors during composition).
1347    (pmmaga)
1348  . Fixed bug #75677 (Clang ignores fastcall calling convention on variadic
1349    function). (Li-Wen Hsu)
1350  . Fixed bug #54043 (Remove inconsitency of internal exceptions and user
1351    defined exceptions). (Nikita)
1352  . Fixed bug #53033 (Mathematical operations convert objects to integers).
1353    (Nikita)
1354  . Fixed bug #73108 (Internal class cast handler uses integer instead of
1355    float). (Nikita)
1356  . Fixed bug #75765 (Fatal error instead of Error exception when base class is
1357    not found). (Timur Ibragimov)
1358  . Fixed bug #76198 (Wording: "iterable" is not a scalar type). (Levi Morrison)
1359  . Fixed bug #76137 (config.guess/config.sub do not recognize RISC-V). (cmb)
1360  . Fixed bug #76427 (Segfault in zend_objects_store_put). (Laruence)
1361  . Fixed bug #76422 (ftruncate fails on files > 2GB). (Anatol)
1362  . Fixed bug #76509 (Inherited static properties can be desynchronized from
1363    their parent by ref). (Nikita)
1364  . Fixed bug #76439 (Changed behaviour in unclosed HereDoc). (Nikita, tpunt)
1365  . Fixed bug #63217 (Constant numeric strings become integers when used as
1366    ArrayAccess offset). (Rudi Theunissen, Dmitry)
1367  . Fixed bug #33502 (Some nullary functions don't check the number of
1368    arguments). (cmb)
1369  . Fixed bug #76392 (Error relocating sapi/cli/php: unsupported relocation
1370    type 37). (Peter Kokot)
1371  . The declaration and use of case-insensitive constants has been deprecated.
1372    (Nikita)
1373  . Added syslog.filter INI entry for syslog filtering. (Philip Prindeville)
1374  . Fixed bug #76667 (Segfault with divide-assign op and __get + __set).
1375    (Laruence)
1376  . Fixed bug #76030 (RE2C_FLAGS rarely honoured) (Cristian Rodr��guez)
1377  . Fixed broken zend_read_static_property (Laruence)
1378  . Fixed bug #76773 (Traits used on the parent are ignored for child classes).
1379    (daverandom)
1380  . Fixed bug #76767 (���asm��� operand has impossible constraints in zend_operators.h).
1381    (ondrej)
1382  . Fixed bug #76752 (Crash in ZEND_COALESCE_SPEC_TMP_HANDLER - assertion in
1383    _get_zval_ptr_tmp failed). (Laruence)
1384  . Fixed bug #76820 (Z_COPYABLE invalid definition). (mvdwerve, cmb)
1385  . Fixed bug #76510 (file_exists() stopped working for phar://). (cmb)
1386  . Fixed bug #76869 (Incorrect bypassing protected method accessibilty check).
1387    (Dmitry)
1388  . Fixed bug #72635 (Undefined class used by class constant in constexpr
1389    generates fatal error). (Nikita)
1390  . Fixed bug #76947 (file_put_contents() blocks the directory of the file
1391    (__DIR__)). (Anatol)
1392  . Fixed bug #76979 (define() error message does not mention resources as
1393    valid values). (Michael Moravec)
1394  . Fixed bug #76825 (Undefined symbols ___cpuid_count). (Laruence, cmb)
1395  . Fixed bug #77110 (undefined symbol zend_string_equal_val in C++ build).
1396    (Remi)
1397
1398- BCMath:
1399  . Implemented FR #67855 (No way to get current scale in use). (Chris Wright,
1400    cmb)
1401  . Fixed bug #66364 (BCMath bcmul ignores scale parameter). (cmb)
1402  . Fixed bug #75164 (split_bc_num() is pointless). (cmb)
1403  . Fixed bug #75169 (BCMath errors/warnings bypass PHP's error handling). (cmb)
1404
1405- CLI:
1406  . Fixed bug #44217 (Output after stdout/stderr closed cause immediate exit
1407    with status 0). (Robert Lu)
1408  . Fixed bug #77111 (php-win.exe corrupts unicode symbols from cli
1409    parameters). (Anatol)
1410
1411- cURL:
1412  . Expose curl constants from curl 7.50 to 7.61. (Pierrick)
1413  . Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).
1414    (cebe)
1415
1416- Date:
1417  . Implemented FR #74668: Add DateTime::createFromImmutable() method.
1418    (majkl578, Rican7)
1419  . Fixed bug #75222 (DateInterval microseconds property always 0). (jhdxr)
1420  . Fixed bug #68406 (calling var_dump on a DateTimeZone object modifies it).
1421    (jhdxr)
1422  . Fixed bug #76131 (mismatch arginfo for date_create). (carusogabriel)
1423  . Updated timelib to 2018.01RC1 to address several bugs:
1424    . Fixed bug #75577 (DateTime::createFromFormat does not accept 'v' format
1425      specifier). (Derick)
1426    . Fixed bug #75642 (Wrap around behaviour for microseconds is not working).
1427      (Derick)
1428
1429- DBA:
1430  . Fixed bug #75264 (compiler warnings emitted). (petk)
1431
1432- DOM:
1433  . Fixed bug #76285 (DOMDocument::formatOutput attribute sometimes ignored).
1434    (Andrew Nester, Laruence, Anatol)
1435
1436- Fileinfo:
1437  . Fixed bug #77095 (slowness regression in 7.2/7.3 (compared to 7.1)).
1438    (Anatol)
1439
1440- Filter:
1441  . Added the 'add_slashes' sanitization mode (FILTER_SANITIZE_ADD_SLASHES).
1442	(Kalle)
1443
1444- FPM:
1445  . Added fpm_get_status function. (Till Backhaus)
1446  . Fixed bug #62596 (getallheaders() missing with PHP-FPM). (Remi)
1447  . Fixed bug #69031 (Long messages into stdout/stderr are truncated
1448    incorrectly) - added new log related FPM configuration options:
1449    log_limit, log_buffering and decorate_workers_output. (Jakub Zelenka)
1450
1451- ftp:
1452  . Fixed bug #77151 (ftp_close(): SSL_read on shutdown). (Remi)
1453
1454- GD:
1455  . Added support for WebP in imagecreatefromstring(). (Andreas Treichel, cmb)
1456
1457- GMP:
1458  . Export internal structures and accessor helpers for GMP object. (Sara)
1459  . Added gmp_binomial(n, k). (Nikita)
1460  . Added gmp_lcm(a, b). (Nikita)
1461  . Added gmp_perfect_power(a). (Nikita)
1462  . Added gmp_kronecker(a, b). (Nikita)
1463
1464- iconv:
1465  . Fixed bug #53891 (iconv_mime_encode() fails to Q-encode UTF-8 string). (cmb)
1466  . Fixed bug #77147 (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).
1467    (cmb)
1468
1469- IMAP:
1470  . Fixed bug #77020 (null pointer dereference in imap_mail). (cmb)
1471  . Fixed bug #77153 (imap_open allows to run arbitrary shell commands via
1472    mailbox parameter). (Stas)
1473
1474- Interbase:
1475  . Fixed bug #75453 (Incorrect reflection for ibase_[p]connect). (villfa)
1476  . Fixed bug #76443 (php+php_interbase.dll crash on module_shutdown). (Kalle)
1477
1478
1479- intl:
1480  . Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead
1481    of destination). (andrewnester)
1482  . Fixed bug #76829 (Incorrect validation of domain on idn_to_utf8()
1483    function). (Anatol)
1484
1485- JSON:
1486  . Added JSON_THROW_ON_ERROR flag. (Andrea)
1487
1488- LDAP:
1489  . Added ldap_exop_refresh helper for EXOP REFRESH operation with dds overlay.
1490    (Come)
1491  . Added full support for sending and parsing ldap controls. (Come)
1492  . Fixed bug #49876 (Fix LDAP path lookup on 64-bit distros). (dzuelke)
1493
1494- libxml2:
1495  . Fixed bug #75871 (use pkg-config where available). (pmmaga)
1496
1497- litespeed:
1498  . Fixed bug #75248 (Binary directory doesn't get created when building
1499    only litespeed SAPI). (petk)
1500  . Fixed bug #75251 (Missing program prefix and suffix). (petk)
1501
1502- MBstring:
1503  . Updated to Oniguruma 6.9.0. (cmb)
1504  . Fixed bug #65544 (mb title case conversion-first word in quotation isn't
1505    capitalized). (Nikita)
1506  . Fixed bug #71298 (MB_CASE_TITLE misbehaves with curled apostrophe/quote).
1507    (Nikita)
1508  . Fixed bug #73528 (Crash in zif_mb_send_mail). (Nikita)
1509  . Fixed bug #74929 (mbstring functions version 7.1.1 are slow compared to 5.3
1510    on Windows). (Nikita)
1511  . Fixed bug #76319 (mb_strtolower with invalid UTF-8 causes segmentation
1512    fault). (Nikita)
1513  . Fixed bug #76574 (use of undeclared identifiers INT_MAX and LONG_MAX). (cmb)
1514  . Fixed bug #76594 (Bus Error due to unaligned access in zend_ini.c
1515    OnUpdateLong). (cmb, Nikita)
1516  . Fixed bug #76706 (mbstring.http_output_conv_mimetypes is ignored). (cmb)
1517  . Fixed bug #76958 (Broken UTF7-IMAP conversion). (Nikita)
1518  . Fixed bug #77025 (mb_strpos throws Unknown encoding or conversion error).
1519    (Nikita)
1520  . Fixed bug #77165 (mb_check_encoding crashes when argument given an empty
1521    array). (Nikita)
1522
1523- Mysqlnd:
1524  . Fixed bug #76386 (Prepared Statement formatter truncates fractional seconds
1525    from date/time column). (Victor Csiky)
1526
1527- ODBC:
1528  . Removed support for ODBCRouter. (Kalle)
1529  . Removed support for Birdstep. (Kalle)
1530  . Fixed bug #77079 (odbc_fetch_object has incorrect type signature).
1531    (Jon Allen)
1532
1533- Opcache:
1534  . Fixed bug #76466 (Loop variable confusion). (Dmitry, Laruence, Nikita)
1535  . Fixed bug #76463 (var has array key type but not value type). (Laruence)
1536  . Fixed bug #76446 (zend_variables.c:73: zend_string_destroy: Assertion
1537    `!(zval_gc_flags((str)->gc)). (Nikita, Laruence)
1538  . Fixed bug #76711 (OPcache enabled triggers false-positive "Illegal string
1539    offset"). (Dmitry)
1540  . Fixed bug #77058 (Type inference in opcache causes side effects). (Nikita)
1541  . Fixed bug #77092 (array_diff_key() - segmentation fault). (Nikita)
1542
1543- OpenSSL:
1544  . Added openssl_pkey_derive function. (Jim Zubov)
1545  . Add min_proto_version and max_proto_version ssl stream options as well as
1546    related constants for possible TLS protocol values. (Jakub Zelenka)
1547
1548- PCRE:
1549  . Implemented https://wiki.php.net/rfc/pcre2-migration. (Anatol, Dmitry)
1550  . Upgrade PCRE2 to 10.32. (Anatol)
1551  . Fixed bug #75355 (preg_quote() does not quote # control character).
1552    (Michael Moravec)
1553  . Fixed bug #76512 (\w no longer includes unicode characters). (cmb)
1554  . Fixed bug #76514 (Regression in preg_match makes it fail with
1555    PREG_JIT_STACKLIMIT_ERROR). (Anatol)
1556  . Fixed bug #76909 (preg_match difference between 7.3 and < 7.3). (Anatol)
1557
1558- PDO_DBlib:
1559  . Implemented FR #69592 (allow 0-column rowsets to be skipped automatically).
1560    (fandrieu)
1561  . Expose TDS version as \PDO::DBLIB_ATTR_TDS_VERSION attribute on \PDO
1562    instance. (fandrieu)
1563  . Treat DATETIME2 columns like DATETIME. (fandrieu)
1564  . Fixed bug #74243 (allow locales.conf to drive datetime format). (fandrieu)
1565
1566- PDO_Firebird:
1567  . Fixed bug #74462 (PDO_Firebird returns only NULLs for results with boolean
1568    for FIREBIRD >= 3.0). (Dorin Marcoci)
1569
1570- PDO_OCI:
1571  . Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized
1572    before PHP-FPM sets it up). (Ingmar Runge)
1573
1574- PDO SQLite
1575  . Add support for additional open flags
1576
1577- pgsql:
1578  . Added new error constants for pg_result_error(): PGSQL_DIAG_SCHEMA_NAME,
1579    PGSQL_DIAG_TABLE_NAME, PGSQL_DIAG_COLUMN_NAME, PGSQL_DIAG_DATATYPE_NAME,
1580    PGSQL_DIAG_CONSTRAINT_NAME and PGSQL_DIAG_SEVERITY_NONLOCALIZED. (Kalle)
1581  . Fixed bug #77047 (pg_convert has a broken regex for the 'TIME WITHOUT
1582    TIMEZONE' data type). (Andy Gajetzki)
1583
1584- phar:
1585  . Fixed bug #74991 (include_path has a 4096 char limit in some cases).
1586    (bwbroersma)
1587  . Fixed bug #65414 (deal with leading slash when adding files correctly).
1588    (bishopb)
1589
1590- readline:
1591  . Added completion_append_character and completion_suppress_append options
1592    to readline_info() if linked against libreadline. (krageon)
1593
1594- Session:
1595  . Fixed bug #74941 (session fails to start after having headers sent).
1596    (morozov)
1597
1598- SimpleXML:
1599  . Fixed bug #54973 (SimpleXML casts integers wrong). (Nikita)
1600  . Fixed bug #76712 (Assignment of empty string creates extraneous text node).
1601    (cmb)
1602
1603- Sockets:
1604  . Fixed bug #67619 (Validate length on socket_write). (thiagooak)
1605
1606- SOAP:
1607  . Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders).
1608    (villfa)
1609  . Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is
1610    used). (Anton Artamonov)
1611  . Fixed bug #50675 (SoapClient can't handle object references correctly).
1612    (Cameron Porter)
1613  . Fixed bug #76348 (WSDL_CACHE_MEMORY causes Segmentation fault). (cmb)
1614  . Fixed bug #77141 (Signedness issue in SOAP when precision=-1). (cmb)
1615
1616- SPL:
1617  . Fixed bug #74977 (Appending AppendIterator leads to segfault).
1618    (Andrew Nester)
1619  . Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach
1620    loop). (jhdxr)
1621  . Fixed bug #74372 (autoloading file with syntax error uses next autoloader,
1622    may hide parse error). (Nikita)
1623  . Fixed bug #75878 (RecursiveTreeIterator::setPostfix has wrong signature).
1624    (cmb)
1625  . Fixed bug #74519 (strange behavior of AppendIterator). (jhdxr)
1626  . Fixed bug #76131 (mismatch arginfo for splarray constructor).
1627    (carusogabriel)
1628
1629- SQLite3:
1630  . Updated bundled libsqlite to 3.24.0. (cmb)
1631
1632- Standard:
1633  . Added is_countable() function. (Gabriel Caruso)
1634  . Added support for the SameSite cookie directive, including an alternative
1635    signature for setcookie(), setrawcookie() and session_set_cookie_params().
1636    (Frederik Bosch, pmmaga)
1637  . Remove superfluous warnings from inet_ntop()/inet_pton(). (daverandom)
1638  . Fixed bug #75916 (DNS_CAA record results contain garbage). (Mike,
1639    Philip Sharp)
1640  . Fixed unserialize(), to disable creation of unsupported data structures
1641    through manually crafted strings. (Dmitry)
1642  . Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator
1643    that getrandom() is missing). (sarciszewski)
1644  . Fixed bug #74719 (fopen() should accept NULL as context). (Alexander Holman)
1645  . Fixed bug #69948 (path/domain are not sanitized in setcookie). (cmb)
1646  . Fixed bug #75996 (incorrect url in header for mt_rand). (tatarbj)
1647  . Added hrtime() function, to get high resolution time. (welting)
1648  . Fixed bug #48016 (stdClass::__setState is not defined although var_export()
1649    uses it). (Andrea)
1650  . Fixed bug #76136 (stream_socket_get_name should enclose IPv6 in brackets).
1651    (seliver)
1652  . Fixed bug #76688 (Disallow excessive parameters after options array).
1653    (pmmaga)
1654  . Fixed bug #76713 (Segmentation fault caused by property corruption).
1655    (Laruence)
1656  . Fixed bug #76755 (setcookie does not accept "double" type for expire time).
1657    (Laruence)
1658  . Fixed bug #76674 (improve array_* failure messages exposing what was passed
1659    instead of an array). (carusogabriel)
1660  . Fixed bug #76803 (ftruncate changes file pointer). (Anatol)
1661  . Fixed bug #76818 (Memory corruption and segfault). (Remi)
1662  . Fixed bug #77081 (ftruncate() changes seek pointer in c mode). (cmb, Anatol)
1663
1664- Testing:
1665  . Implemented FR #62055 (Make run-tests.php support --CGI-- sections). (cmb)
1666
1667- Tidy:
1668  . Support using tidyp instead of tidy. (devnexen)
1669  . Fixed bug #74707 (Tidy has incorrect ReflectionFunction param counts for
1670    functions taking tidy). (Gabriel Caruso)
1671  . Fixed arginfo for tidy::__construct(). (Tyson Andre)
1672
1673- Tokenizer:
1674  . Fixed bug #76437 (token_get_all with TOKEN_PARSE flag fails to recognise
1675    close tag). (Laruence)
1676  . Fixed bug #75218 (Change remaining uncatchable fatal errors for parsing
1677    into ParseError). (Nikita)
1678  . Fixed bug #76538 (token_get_all with TOKEN_PARSE flag fails to recognise
1679    close tag with newline). (Nikita)
1680  . Fixed bug #76991 (Incorrect tokenization of multiple invalid flexible
1681    heredoc strings). (Nikita)
1682
1683- XML:
1684  . Fixed bug #71592 (External entity processing never fails). (cmb)
1685
1686- Zlib:
1687  . Added zlib/level context option for compress.zlib wrapper. (Sara)
1688
168908 Nov 2018, PHP 7.2.12
1690
1691- Core:
1692  . Fixed bug #76846 (Segfault in shutdown function after memory limit error).
1693    (Nikita)
1694  . Fixed bug #76946 (Cyclic reference in generator not detected). (Nikita)
1695  . Fixed bug #77035 (The phpize and ./configure create redundant .deps file).
1696    (Peter Kokot)
1697  . Fixed bug #77041 (buildconf should output error messages to stderr)
1698    (Mizunashi Mana)
1699
1700- Date:
1701  . Upgraded timelib to 2017.08. (Derick)
1702  . Fixed bug #75851 (Year component overflow with date formats "c", "o", "r"
1703    and "y"). (Adam Saponara)
1704  . Fixed bug #77007 (fractions in `diff()` are not correctly normalized).
1705    (Derick)
1706
1707- FCGI:
1708  . Fixed #76948 (Failed shutdown/reboot or end session in Windows). (Anatol)
1709  . Fixed bug #76954 (apache_response_headers removes last character from header
1710    name). (stodorovic)
1711
1712- FTP:
1713  . Fixed bug #76972 (Data truncation due to forceful ssl socket shutdown).
1714    (Manuel Mausz)
1715
1716- intl:
1717  . Fixed bug #76942 (U_ARGUMENT_TYPE_MISMATCH). (anthrax at unixuser dot org)
1718
1719- Reflection:
1720  . Fixed bug #76936 (Objects cannot access their private attributes while
1721    handling reflection errors). (Nikita)
1722  . Fixed bug #66430 (ReflectionFunction::invoke does not invoke closure with
1723    object scope). (Nikita)
1724
1725- Sodium:
1726  . Some base64 outputs were truncated; this is not the case any more.
1727    (jedisct1)
1728  . block sizes >= 256 bytes are now supposed by sodium_pad() even
1729    when an old version of libsodium has been installed. (jedisct1)
1730  . Fixed bug #77008 (sodium_pad() could read (but not return nor write)
1731    uninitialized memory when trying to pad an empty input). (jedisct1)
1732
1733- Standard:
1734  . Fixed bug #76965 (INI_SCANNER_RAW doesn't strip trailing whitespace).
1735    (Pierrick)
1736
1737- Tidy:
1738  . Fixed bug #77027 (tidy::getOptDoc() not available on Windows). (cmb)
1739
1740- XML:
1741  . Fixed bug #30875 (xml_parse_into_struct() does not resolve entities). (cmb)
1742  . Add support for getting SKIP_TAGSTART and SKIP_WHITE options. (cmb)
1743
1744- XMLRPC:
1745  . Fixed bug #75282 (xmlrpc_encode_request() crashes). (cmb)
1746
174711 Oct 2018, PHP 7.2.11
1748
1749- Core:
1750  . Fixed bug #76800 (foreach inconsistent if array modified during loop).
1751    (Dmitry)
1752  . Fixed bug #76901 (method_exists on SPL iterator passthrough method corrupts
1753    memory). (Nikita)
1754
1755- CURL:
1756  . Fixed bug #76480 (Use curl_multi_wait() so that timeouts are respected).
1757    (Pierrick)
1758
1759- iconv:
1760  . Fixed bug #66828 (iconv_mime_encode Q-encoding longer than it should be).
1761    (cmb)
1762
1763- Opcache:
1764  . Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS).
1765    (Anatol)
1766  . Fixed bug #76796 (Compile-time evaluation of disabled function in opcache
1767    causes segfault). (Nikita)
1768
1769- POSIX:
1770  . Fixed bug #75696 (posix_getgrnam fails to print details of group). (cmb)
1771
1772- Reflection:
1773  . Fixed bug #74454 (Wrong exception being thrown when using ReflectionMethod).
1774    (cmb)
1775
1776- Standard:
1777  . Fixed bug #73457 (Wrong error message when fopen FTP wrapped fails to open
1778    data connection). (Ville Hukkam��ki)
1779  . Fixed bug #74764 (Bindto IPv6 works with file_get_contents but fails with
1780    stream_socket_client). (Ville Hukkam��ki)
1781  . Fixed bug #75533 (array_reduce is slow when $carry is large array).
1782    (Manabu Matsui)
1783
1784- XMLRPC:
1785  . Fixed bug #76886 (Can't build xmlrpc with expat). (Thomas Petazzoni, cmb)
1786
1787- Zlib:
1788  . Fixed bug #75273 (php_zlib_inflate_filter() may not update bytes_consumed).
1789    (Martin Burke, cmb)
1790
179113 Sep 2018, PHP 7.2.10
1792
1793- Core:
1794  . Fixed bug #76754 (parent private constant in extends class memory leak).
1795    (Laruence)
1796  . Fixed bug #72443 (Generate enabled extension). (petk)
1797  . Fixed bug #75797 (Memory leak when using class_alias() in non-debug mode).
1798    (Massimiliano Braglia)
1799
1800- Apache2:
1801  . Fixed bug #76582 (Apache bucket brigade sometimes becomes invalid). (stas)
1802
1803- Bz2:
1804  . Fixed arginfo for bzcompress. (Tyson Andre)
1805
1806- gettext:
1807  . Fixed bug #76517 (incorrect restoring of LDFLAGS). (sji)
1808
1809- iconv:
1810  . Fixed bug #68180 (iconv_mime_decode can return extra characters in a
1811    header). (cmb)
1812  . Fixed bug #63839 (iconv_mime_decode_headers function is skipping headers).
1813    (cmb)
1814  . Fixed bug #60494 (iconv_mime_decode does ignore special characters). (cmb)
1815  . Fixed bug #55146 (iconv_mime_decode_headers() skips some headers). (cmb)
1816
1817- intl:
1818  . Fixed bug #74484 (MessageFormatter::formatMessage memory corruption with
1819    11+ named placeholders). (Anatol)
1820
1821- libxml:
1822  . Fixed bug #76777 ("public id" parameter of libxml_set_external_entity_loader
1823    callback undefined). (Ville Hukkam��ki)
1824
1825- mbstring:
1826  . Fixed bug #76704 (mb_detect_order return value varies based on argument
1827    type). (cmb)
1828
1829- Opcache:
1830  . Fixed bug #76747 (Opcache treats path containing "test.pharma.tld" as a phar
1831    file). (Laruence)
1832
1833- OpenSSL:
1834  . Fixed bug #76705 (unusable ssl => peer_fingerprint in
1835    stream_context_create()). (Jakub Zelenka)
1836
1837- phpdbg:
1838  . Fixed bug #76595 (phpdbg man page contains outdated information).
1839    (Kevin Abel)
1840
1841- SPL:
1842  . Fixed bug #68825 (Exception in DirectoryIterator::getLinkTarget()). (cmb)
1843  . Fixed bug #68175 (RegexIterator pregFlags are NULL instead of 0). (Tim
1844    Siebels)
1845
1846- Standard:
1847  . Fixed bug #76778 (array_reduce leaks memory if callback throws exception).
1848    (cmb)
1849
1850- zlib:
1851  . Fixed bug #65988 (Zlib version check fails when an include/zlib/ style dir
1852    is passed to the --with-zlib configure option). (Jay Bonci)
1853  . Fixed bug #76709 (Minimal required zlib library is 1.2.0.4). (petk)
1854
185516 Aug 2018, PHP 7.2.9
1856
1857- Calendar:
1858  . Fixed bug #52974 (jewish.c: compile error under Windows with GBK charset).
1859    (cmb)
1860
1861- Filter:
1862  . Fixed bug #76366 (References in sub-array for filtering breaks the filter).
1863    (ZiHang Gao)
1864
1865- PDO_Firebird:
1866  . Fixed bug #76488 (Memory leak when fetching a BLOB field). (Simonov Denis)
1867
1868- PDO_PgSQL:
1869  . Fixed bug #75402 (Possible Memory Leak using PDO::CURSOR_SCROLL option).
1870    (Anatol)
1871
1872- SQLite3:
1873  . Fixed #76665 (SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle).
1874    (cmb)
1875
1876- Standard:
1877  . Fixed bug #73817 (Incorrect entries in get_html_translation_table). (cmb)
1878  . Fixed bug #68553 (array_column: null values in $index_key become incrementing
1879    keys in result). (Laruence)
1880  . Fixed bug #76643 (Segmentation fault when using `output_add_rewrite_var`).
1881    (cmb)
1882
1883- Zip:
1884  . Fixed bug #76524 (ZipArchive memory leak (OVERWRITE flag and empty archive)).
1885    (Timur Ibragimov)
1886
188719 Jul 2018, PHP 7.2.8
1888
1889- Core:
1890  . Fixed bug #76534 (PHP hangs on 'illegal string offset on string references
1891    with an error handler). (Laruence)
1892  . Fixed bug #76520 (Object creation leaks memory when executed over HTTP).
1893    (Nikita)
1894  . Fixed bug #76502 (Chain of mixed exceptions and errors does not serialize
1895    properly). (Nikita)
1896
1897- Date:
1898  . Fixed bug #76462 (Undefined property: DateInterval::$f). (Anatol)
1899
1900- EXIF:
1901  . Fixed bug #76409 (heap use after free in _php_stream_free). (cmb)
1902  . Fixed bug #76423 (Int Overflow lead to Heap OverFlow in
1903    exif_thumbnail_extract of exif.c). (Stas)
1904  . Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif
1905    data). (Stas)
1906
1907- FPM:
1908  . Fixed bug #73342 (Vulnerability in php-fpm by changing stdin to
1909    non-blocking). (Nikita)
1910
1911- GMP:
1912  . Fixed bug #74670 (Integer Underflow when unserializing GMP and possible
1913    other classes). (Nikita)
1914
1915- intl:
1916  . Fixed bug #76556 (get_debug_info handler for BreakIterator shows wrong
1917    type). (cmb)
1918
1919- mbstring:
1920  . Fixed bug #76532 (Integer overflow and excessive memory usage
1921    in mb_strimwidth). (MarcusSchwarz)
1922
1923- Opcache:
1924  . Fixed bug #76477 (Opcache causes empty return value).
1925    (Nikita, Laruence)
1926
1927- PGSQL:
1928  . Fixed bug #76548 (pg_fetch_result did not fetch the next row). (Anatol)
1929
1930- phpdbg:
1931  . Fix arginfo wrt. optional/required parameters. (cmb)
1932
1933- Reflection:
1934  . Fixed bug #76536 (PHP crashes with core dump when throwing exception in
1935    error handler). (Laruence)
1936  . Fixed bug #75231 (ReflectionProperty#getValue() incorrectly works with
1937    inherited classes). (Nikita)
1938
1939- Standard:
1940  . Fixed bug #76505 (array_merge_recursive() is duplicating sub-array keys).
1941    (Laruence)
1942  . Fixed bug #71848 (getimagesize with $imageinfo returns false). (cmb)
1943
1944- Win32:
1945  . Fixed bug #76459 (windows linkinfo lacks openbasedir check). (Anatol)
1946
1947- ZIP:
1948  . Fixed bug #76461 (OPSYS_Z_CPM defined instead of OPSYS_CPM).
1949    (Dennis Birkholz, Remi)
1950
195107 Jun 2018, PHP 7.2.7
1952
1953- Core:
1954  . Fixed bug #76337 (segfault when opcache enabled + extension use
1955    zend_register_class_alias). (xKhorasan)
1956
1957- CLI Server:
1958  . Fixed bug #76333 (PHP built-in server does not find files if root path
1959    contains special characters). (Anatol)
1960
1961- OpenSSL:
1962  . Fixed bug #76296 (openssl_pkey_get_public does not respect open_basedir).
1963    (Erik Lax, Jakub Zelenka)
1964  . Fixed bug #76174 (openssl extension fails to build with LibreSSL 2.7).
1965    (Jakub Zelenka)
1966
1967- SPL:
1968  . Fixed bug #76367 (NoRewindIterator segfault 11). (Laruence)
1969
1970- Standard:
1971  . Fixed bug #76410 (SIGV in zend_mm_alloc_small). (Laruence)
1972  . Fixed bug #76335 ("link(): Bad file descriptor" with non-ASCII path).
1973    (Anatol)
1974
197524 May 2018, PHP 7.2.6
1976
1977- EXIF:
1978  . Fixed bug #76164 (exif_read_data zend_mm_heap corrupted). (cmb)
1979
1980- FPM:
1981  . Fixed bug #76075 --with-fpm-acl wrongly tries to find libacl on FreeBSD.
1982    (mgorny)
1983
1984- intl:
1985  . Fixed bug #74385 (Locale::parseLocale() broken with some arguments).
1986    (Anatol)
1987
1988- Opcache:
1989  . Fixed bug #76205 (PHP-FPM sporadic crash when running Infinitewp). (Dmitry)
1990  . Fixed bug #76275 (Assertion failure in file cache when unserializing empty
1991    try_catch_array). (Nikita)
1992  . Fixed bug #76281 (Opcache causes incorrect "undefined variable" errors).
1993    (Nikita)
1994
1995- Reflection:
1996  . Fixed arginfo of array_replace(_recursive) and array_merge(_recursive).
1997    (carusogabriel)
1998
1999- Session:
2000  . Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start
2001    with "#"). (Andrew Nester)
2002
200326 Apr 2018, PHP 7.2.5
2004
2005- Core:
2006  . Fixed bug #75722 (Convert valgrind detection to configure option).
2007    (Michael Heimpold)
2008
2009- Date:
2010  . Fixed bug #76131 (mismatch arginfo for date_create). (carusogabriel)
2011
2012- Exif:
2013  . Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value).
2014    (Stas)
2015
2016- FPM:
2017  . Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list
2018    too long). (Jacob Hipps)
2019  . Fixed incorrect write to getenv result in FPM reload. (Jakub Zelenka)
2020
2021- GD:
2022  . Fixed bug #52070 (imagedashedline() - dashed line sometimes is not visible).
2023    (cmb)
2024
2025- iconv:
2026  . Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on
2027    invalid sequence). (Stas)
2028
2029- intl:
2030  . Fixed bug #76153 (Intl compilation fails with icu4c 61.1). (Anatol)
2031
2032- ldap:
2033  . Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas)
2034
2035- mbstring:
2036  . Fixed bug #75944 (Wrong cp1251 detection). (dmk001)
2037  . Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1).
2038    (chrullrich, cmb)
2039
2040- ODBC:
2041  . Fixed bug #76088 (ODBC functions are not available by default on Windows).
2042    (cmb)
2043
2044- Opcache:
2045  . Fixed bug #76094 (Access violation when using opcache). (Laruence)
2046
2047- Phar:
2048  . Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas)
2049
2050- phpdbg:
2051  . Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite). (Laruence)
2052
2053- SPL:
2054  . Fixed bug #76131 (mismatch arginfo for splarray constructor).
2055    (carusogabriel)
2056
2057- standard:
2058  . Fixed bug #74139 (mail.add_x_header default inconsistent with docs). (cmb)
2059  . Fixed bug #75996 (incorrect url in header for mt_rand). (tatarbj)
2060
206129 Mar 2018, PHP 7.2.4
2062
2063- Core:
2064  . Fixed bug #76025 (Segfault while throwing exception in error_handler).
2065    (Dmitry, Laruence)
2066  . Fixed bug #76044 ('date: illegal option -- -' in ./configure on FreeBSD).
2067    (Anatol)
2068
2069- FPM:
2070  . Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache
2071    access controls). (Jakub Zelenka)
2072
2073- FTP:
2074  . Fixed ftp_pasv arginfo. (carusogabriel)
2075
2076-GD:
2077  . Fixed bug #73957 (signed integer conversion in imagescale()). (cmb)
2078  . Fixed bug #76041 (null pointer access crashed php). (cmb)
2079  . Fixed imagesetinterpolation arginfo. (Gabriel Caruso)
2080
2081- iconv:
2082  . Fixed bug #75867 (Freeing uninitialized pointer). (Philip Prindeville)
2083
2084- Mbstring:
2085  . Fixed bug #62545 (wrong unicode mapping in some charsets). (cmb)
2086
2087- Opcache:
2088  . Fixed bug #75969 (Assertion failure in live range DCE due to block pass
2089    misoptimization). (Nikita)
2090
2091- OpenSSL:
2092  . Fixed openssl_* arginfos. (carusogabriel)
2093
2094- PCNTL:
2095  . Fixed bug #75873 (pcntl_wexitstatus returns incorrect on Big_Endian platform
2096    (s390x)). (Sam Ding)
2097
2098- Phar:
2099  . Fixed bug #76085 (Segmentation fault in buildFromIterator when directory
2100    name contains a \n). (Laruence)
2101
2102- Standard:
2103  . Fixed bug #75961 (Strange references behavior). (Laruence)
2104  . Fixed some arginfos. (carusogabriel)
2105  . Fixed bug #76068 (parse_ini_string fails to parse "[foo]\nbar=1|>baz" with
2106    segfault). (Anatol)
2107
210801 Mar 2018, PHP 7.2.3
2109
2110- Core:
2111  . Fixed bug #75864 ("stream_isatty" returns wrong value on s390x). (Sam Ding)
2112
2113- Apache2Handler:
2114  . Fixed bug #75882 (a simple way for segfaults in threadsafe php just with
2115    configuration). (Anatol)
2116
2117- Date:
2118  . Fixed bug #75857 (Timezone gets truncated when formatted). (carusogabriel)
2119  . Fixed bug #75928 (Argument 2 for `DateTimeZone::listIdentifiers()` should
2120    accept `null`). (Pedro Lacerda)
2121  . Fixed bug #68406 (calling var_dump on a DateTimeZone object modifies it).
2122    (jhdxr)
2123
2124- LDAP:
2125  . Fixed bug #49876 (Fix LDAP path lookup on 64-bit distros). (dzuelke)
2126
2127- libxml2:
2128  . Fixed bug #75871 (use pkg-config where available). (pmmaga)
2129
2130- PGSQL:
2131  . Fixed bug #75838 (Memory leak in pg_escape_bytea()). (ard_1 at mail dot ru)
2132
2133- Phar:
2134  . Fixed bug #54289 (Phar::extractTo() does not accept specific directories to
2135    be extracted). (bishop)
2136  . Fixed bug #65414 (deal with leading slash while adding files correctly).
2137    (bishopb)
2138  . Fixed bug #65414 (deal with leading slash when adding files correctly).
2139    (bishopb)
2140
2141- ODBC:
2142  . Fixed bug #73725 (Unable to retrieve value of varchar(max) type). (Anatol)
2143
2144- Opcache:
2145  . Fixed bug #75729 (opcache segfault when installing Bitrix). (Nikita)
2146  . Fixed bug #75893 (file_get_contents $http_response_header variable bugged
2147    with opcache). (Nikita)
2148  . Fixed bug #75938 (Modulus value not stored in variable). (Nikita)
2149
2150- SPL:
2151  . Fixed bug #74519 (strange behavior of AppendIterator). (jhdxr)
2152
2153- Standard:
2154  . Fixed bug #75916 (DNS_CAA record results contain garbage). (Mike,
2155    Philip Sharp)
2156  . Fixed bug #75981 (Prevent reading beyond buffer start in http wrapper).
2157    (Stas)
2158
215901 Feb 2018, PHP 7.2.2
2160
2161- Core:
2162  . Fixed bug #75742 (potential memleak in internal classes's static members).
2163    (Laruence)
2164  . Fixed bug #75679 (Path 260 character problem). (Anatol)
2165  . Fixed bug #75614 (Some non-portable == in shell scripts). (jdolecek)
2166  . Fixed bug #75786 (segfault when using spread operator on generator passed
2167    by reference). (Nikita)
2168  . Fixed bug #75799 (arg of get_defined_functions is optional). (carusogabriel)
2169  . Fixed bug #75396 (Exit inside generator finally results in fatal error).
2170    (Nikita)
2171
2172- FCGI:
2173  . Fixed bug #75794 (getenv() crashes on Windows 7.2.1 when second parameter is
2174    false). (Anatol)
2175
2176- IMAP:
2177  . Fixed bug #75774 (imap_append HeapCorruction). (Anatol)
2178
2179- Opcache:
2180  . Fixed bug #75720 (File cache not populated after SHM runs full). (Dmitry)
2181  . Fixed bug #75687 (var 8 (TMP) has array key type but not value type).
2182    (Nikita, Laruence)
2183  . Fixed bug #75698 (Using @ crashes php7.2-fpm). (Nikita)
2184  . Fixed bug #75579 (Interned strings buffer overflow may cause crash).
2185    (Dmitry)
2186
2187- PDO:
2188  . Fixed bug #75616 (PDO extension doesn't allow to be built shared on Darwin).
2189    (jdolecek)
2190
2191- PDO MySQL:
2192  . Fixed bug #75615 (PDO Mysql module can't be built as module). (jdolecek)
2193
2194- PGSQL:
2195  . Fixed bug #75671 (pg_version() crashes when called on a connection to
2196    cockroach). (magicaltux at gmail dot com)
2197
2198- Readline:
2199  . Fixed bug #75775 (readline_read_history segfaults with empty file).
2200    (Anatol)
2201
2202- SAPI:
2203  . Fixed bug #75735 ([embed SAPI] Segmentation fault in
2204    sapi_register_post_entry). (Laruence)
2205
2206- SOAP:
2207  . Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is
2208    used). (Anton Artamonov)
2209  . Fixed bug #75502 (Segmentation fault in zend_string_release). (Nikita)
2210
2211- SPL:
2212  . Fixed bug #75717 (RecursiveArrayIterator does not traverse arrays by
2213    reference). (Nikita)
2214  . Fixed bug #75242 (RecursiveArrayIterator doesn't have constants from parent
2215    class). (Nikita)
2216  . Fixed bug #73209 (RecursiveArrayIterator does not iterate object
2217    properties). (Nikita)
2218
2219- Standard:
2220   . Fixed bug #75781 (substr_count incorrect result). (Laruence)
2221   . Fixed bug #75653 (array_values don't work on empty array). (Nikita)
2222
2223- Zip:
2224  . Display headers (buildtime) and library (runtime) versions in phpinfo
2225    (with libzip >= 1.3.1). (Remi)
2226
222704 Jan 2018, PHP 7.2.1
2228
2229- Core:
2230  . Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26). (Laruence)
2231  . Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
2232    (Anatol)
2233  . Fixed bug #75525 (Access Violation in vcruntime140.dll). (Anatol)
2234  . Fixed bug #74862 (Unable to clone instance when private __clone defined).
2235    (Daniel Ciochiu)
2236  . Fixed bug #75074 (php-process crash when is_file() is used with strings
2237    longer 260 chars). (Anatol)
2238  . Fixed bug #69727 (Remove timestamps from build to make it reproducible).
2239    (jelle van der Waa)
2240
2241- CLI server:
2242  . Fixed bug #73830 (Directory does not exist). (Anatol)
2243
2244- FPM:
2245  . Fixed bug #64938 (libxml_disable_entity_loader setting is shared between
2246    requests). (Remi)
2247
2248- GD:
2249  . Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).
2250    (Christoph)
2251
2252- Opcache:
2253  . Fixed bug #75608 ("Narrowing occurred during type inference" error).
2254    (Laruence, Dmitry)
2255  . Fixed bug #75579 (Interned strings buffer overflow may cause crash).
2256    (Dmitry)
2257  . Fixed bug #75570 ("Narrowing occurred during type inference" error).
2258    (Dmitry)
2259  . Fixed bug #75681 (Warning: Narrowing occurred during type inference,
2260    specific case). (Nikita)
2261  . Fixed bug #75556 (Invalid opcode 138/1/1). (Laruence)
2262
2263- PCRE:
2264  . Fixed bug #74183 (preg_last_error not returning error code after error).
2265    (Andrew Nester)
2266
2267- Phar:
2268  . Fixed bug #74782 (remove file name from output to avoid XSS). (stas)
2269
2270- Standard:
2271  . Fixed bug #75511 (fread not free unused buffer). (Laruence)
2272  . Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit)
2273    (Remi)
2274  . Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP
2275    segment fault). (Nikita)
2276  . Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator
2277    that getrandom() is missing). (sarciszewski)
2278  . Fixed bug #73124 (php_ini_scanned_files() not reporting correctly).
2279    (John Stevenson)
2280  . Fixed bug #75574 (putenv does not work properly if parameter contains
2281    non-ASCII unicode character). (Anatol)
2282
2283- Zip:
2284  . Fixed bug #75540 (Segfault with libzip 1.3.1). (Remi)
2285
228630 Nov 2017, PHP 7.2.0
2287
2288- BCMath:
2289  . Fixed bug #46564 (bcmod truncates fractionals). (liborm85)
2290
2291- CLI:
2292  . Fixed bug #74849 (Process is started as interactive shell in PhpStorm).
2293    (Anatol)
2294  . Fixed bug #74979 (Interactive shell opening instead of script execution
2295    with -f flag). (Anatol)
2296
2297- CLI server:
2298  . Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router
2299    script). (SammyK)
2300
2301- Core:
2302  . Added ZEND_COUNT, ZEND_GET_CLASS, ZEND_GET_CALLED_CLASS, ZEND_GET_TYPE,
2303    ZEND_FUNC_NUM_ARGS, ZEND_FUNC_GET_ARGS instructions, to implement
2304    corresponding builtin functions. (Dmitry)
2305  . "Countable" interface is moved from SPL to Core. (Dmitry)
2306  . Added ZEND_IN_ARRAY instruction, implementing optimized in_array() builtin
2307    function, through hash lookup in flipped array. (Dmitry)
2308  . Removed IS_TYPE_IMMUTABLE (it's the same as COPYABLE & !REFCOUNTED). (Dmitry)
2309  . Removed the sql.safe_mode directive. (Kalle)
2310  . Removed support for Netware. (Kalle)
2311  . Renamed ReflectionClass::isIterateable() to ReflectionClass::isIterable()
2312    (alias original name for BC). (Sara)
2313  . Fixed bug #54535 (WSA cleanup executes before MSHUTDOWN). (Kalle)
2314  . Implemented FR #69791 (Disallow mail header injections by extra headers)
2315    (Yasuo)
2316  . Implemented FR #49806 (proc_nice() for Windows). (Kalle)
2317  . Fix pthreads detection when cross-compiling (ffontaine)
2318  . Fixed memory leaks caused by exceptions thrown from destructors. (Bob,
2319    Dmitry).
2320  . Fixed bug #73215 (uniqid() should use better random source). (Yasuo)
2321  . Implemented FR #72768 (Add ENABLE_VIRTUAL_TERMINAL_PROCESSING flag for
2322    php.exe). (Michele Locati)
2323  . Implemented "Convert numeric keys in object/array casts" RFC, fixes
2324    bugs #53838, #61655, #66173, #70925, #72254, etc. (Andrea)
2325  . Implemented "Deprecate and Remove Bareword (Unquoted) Strings" RFC.
2326    (Rowan Collins)
2327  . Raised minimum supported Windows versions to Windows 7/Server 2008 R2.
2328    (Anatol)
2329  . Implemented minor optimization in array_keys/array_values(). (Sara)
2330  . Added PHP_OS_FAMILY constant to determine on which OS we are. (Jan Altensen)
2331  . Fixed bug #73987 (Method compatibility check looks to original
2332    definition and not parent). (pmmaga)
2333  . Fixed bug #73991 (JSON_OBJECT_AS_ARRAY not respected). (Sara)
2334  . Fixed bug #74053 (Corrupted class entries on shutdown when a destructor
2335    spawns another object). (jim at commercebyte dot com)
2336  . Fixed bug #73971 (Filename got limited to MAX_PATH on Win32 when scan
2337    directory). (Anatol)
2338  . Fixed bug #72359, bug #72451, bug #73706, bug #71115 and others related
2339    to interned strings handling in TS builds. (Anatol, Dmitry)
2340  . Implemented "Trailing Commas In List Syntax" RFC for group use lists only.
2341    (Sammy Kaye Powers)
2342  . Fixed bug #74269 (It's possible to override trait property with different
2343    loosely-equal value). (pmmaga)
2344  . Fixed bug #61970 (Restraining __construct() access level in subclass gives
2345    a fatal error). (pmmaga)
2346  . Fixed bug #63384 (Cannot override an abstract method with an abstract
2347    method). (pmmaga, wes)
2348  . Fixed bug #74607 (Traits enforce different inheritance rules). (pmmaga)
2349  . Fixed misparsing of abstract unix domain socket names. (Sara)
2350  . Change PHP_OS_FAMILY value from "OSX" to "Darwin". (Sebastian, Kalle)
2351  . Allow loading PHP/Zend extensions by name in ini files (extension=<name>).
2352    (francois at tekwire dot net)
2353  . Added object type annotation. (brzuchal)
2354  . Fixed bug #74815 (crash with a combination of INI entries at startup).
2355    (Anatol)
2356  . Fixed bug #74836 (isset on zero-prefixed numeric indexes in array broken).
2357    (Dmitry)
2358  . Added new VM instuctions ISSET_ISEMPTY_CV and UNSET_CV. Previously they
2359    were implemented as ISSET_ISEMPTY_VAR and UNSET_VAR variants with
2360    ZEND_QUICK_SET flag. (Nikita, Dmitry)
2361  . Fixed bug #49649 (unserialize() doesn't handle changes in property
2362    visibility). (pmmaga)
2363  . Fixed #74866 (extension_dir = "./ext" now use current directory for base).
2364    (Francois Laupretre)
2365  . Implemented FR #74963 (Improved error message on fetching property of
2366    non-object). (Laruence)
2367  . Fixed Bug #75142 (buildcheck.sh check for autoconf version needs to be updated
2368    for v2.64). (zizzy at zizzy dot net, Remi)
2369  . Fixed bug #74878 (Data race in ZTS builds). (Nikita, Dmitry)
2370  . Fixed bug #75515 ("stream_copy_to_stream" doesn't stream anymore). (Sara)
2371
2372- cURL:
2373  . Fixed bug #75093 (OpenSSL support not detected). (Remi)
2374  . Better fix for #74125 (use pkg-config instead of curl-config). (Remi)
2375
2376- Date:
2377  . Fixed bug #55407 (Impossible to prototype DateTime::createFromFormat).
2378    (kelunik)
2379  . Implemented FR #71520 (Adding the DateTime constants to the
2380    DateTimeInterface interface). (Majkl578)
2381  . Fixed bug #75149 (redefinition of typedefs ttinfo and t1info). (Remi)
2382  . Fixed bug #75222 (DateInterval microseconds property always 0). (jhdxr)
2383
2384- Dba:
2385  . Fixed bug #72885 (flatfile: dba_fetch() fails to read replaced entry).
2386    (Anatol)
2387
2388- DOM:
2389  . Implement #74837 (Implement Countable for DomNodeList and DOMNamedNodeMap).
2390    (Andreas Treichel)
2391
2392- EXIF:
2393  . Added support for vendor specific tags for the following formats:
2394    Samsung, DJI, Panasonic, Sony, Pentax, Minolta, Sigma/Foveon, AGFA,
2395	Kyocera, Ricoh & Epson. (Kalle)
2396  . Fixed bug #72682 (exif_read_data() fails to read all data for some
2397    images). (Kalle)
2398  . Fixed bug #71534 (Type confusion in exif_read_data() leading to heap
2399    overflow in debug mode). (hlt99 at blinkenshell dot org, Kalle)
2400  . Fixed bug #68547 (Exif Header component value check error).
2401    (sjh21a at gmail dot com, Kalle)
2402  . Fixed bug #66443 (Corrupt EXIF header: maximum directory nesting level
2403    reached for some cameras). (Kalle)
2404  . Fixed Redhat bug #1362571 (PHP not returning full results for
2405    exif_read_data function). (Kalle)
2406  . Implemented #65187 (exif_read_data/thumbnail: add support for stream
2407    resource). (Kalle)
2408  . Deprecated the read_exif_data() alias. (Kalle)
2409  . Fixed bug #74428 (exif_read_data(): "Illegal IFD size" warning occurs with
2410    correct exif format). (bradpiccho at gmail dot com, Kalle)
2411  . Fixed bug #72819 (EXIF thumbnails not read anymore). (Kalle)
2412  . Fixed bug #62523 (php crashes with segfault when exif_read_data called).
2413    (Kalle)
2414  . Fixed bug #50660 (exif_read_data(): Illegal IFD offset (works fine with
2415    other exif readers). (skinny dot bravo at gmail dot com, Kalle)
2416
2417- Fileinfo:
2418  . Upgrade bundled libmagic to 5.31. (Anatol)
2419
2420- FPM:
2421  . Configuration to limit fpm slow log trace callers. (Sannis)
2422  . Fixed bug #75212 (php_value acts like php_admin_value). (Remi)
2423
2424- FTP:
2425  . Implement MLSD for structured listing of directories. (blar)
2426  . Added ftp_append() function. (blar)
2427
2428- GD:
2429  . Implemented imageresolution as getter and setter (Christoph)
2430  . Fixed bug #74744 (gd.h: stdarg.h include missing for va_list use in
2431    gdErrorMethod). (rainer dot jung at kippdata dot de, cmb)
2432  . Fixed bug #75111 (Memory disclosure or DoS via crafted .bmp image). (cmb)
2433
2434- GMP:
2435  . Fixed bug #70896 (gmp_fact() silently ignores non-integer input). (Sara)
2436
2437- Hash:
2438  . Changed HashContext from resource to object. (Rouven We��ling, Sara)
2439  . Disallowed usage of non-cryptographic hash functions with HMAC and PBKDF2.
2440    (Andrey Andreev, Nikita)
2441  . Fixed Bug #75284 (sha3 is not supported on bigendian machine). (Remi)
2442
2443- IMAP:
2444  . Fixed bug #72324 (imap_mailboxmsginfo() return wrong size).
2445    (ronaldpoon at udomain dot com dot hk, Kalle)
2446
2447- Intl:
2448  . Fixed bug #63790 (test using Spoofchecker which may be unavailable). (Sara)
2449  . Fixed bug #75378 ([REGRESSION] IntlDateFormatter::parse() does not change
2450    $position argument). (Laruence)
2451
2452- JSON:
2453  . Add JSON_INVALID_UTF8_IGNORE and JSON_INVALID_UTF8_SUBSTITUTE options for
2454    json_encode and json_decode to ignore or replace invalid UTF-8 byte
2455    sequences - it addresses request #65082. (Jakub Zelenka)
2456  . Fixed bug #75185 (Buffer overflow in json_decode() with
2457    JSON_INVALID_UTF8_IGNORE or JSON_INVALID). (Jakub Zelenka)
2458  . Fixed bug #68567 (JSON_PARTIAL_OUTPUT_ON_ERROR can result in JSON with null
2459    key). (Jakub Zelenka)
2460
2461- LDAP:
2462  . Implemented FR #69445 (Support for LDAP EXOP operations)
2463  . Fixed support for LDAP_OPT_SERVER_CONTROLS and LDAP_OPT_CLIENT_CONTROLS in ldap_get_option
2464  . Fixed passing an empty array to ldap_set_option for client or server controls.
2465
2466- Mbstring:
2467  . Implemented request #66024 (mb_chr() and mb_ord()). (Masakielastic, Yasuo)
2468  . Implemented request #65081 (mb_scrub()). (Masakielastic, Yasuo)
2469  . Implemented request #69086 (enhancement for mb_convert_encoding() that
2470    handles multibyte replacement char nicely). (Masakielastic, Yasuo)
2471  . Added array input support to mb_convert_encoding(). (Yasuo)
2472  . Added array input support to mb_check_encoding(). (Yasuo)
2473  . Fixed bug #69079 (enhancement for mb_substitute_character). (masakielastic)
2474  . Update to oniguruma version 6.3.0. (Remi)
2475  . Fixed bug #69267 (mb_strtolower fails on titlecase characters). (Nikita)
2476
2477- Mcrypt:
2478  . The deprecated mcrypt extension has been moved to PECL. (leigh)
2479
2480- Opcache:
2481  . Added global optimisation passes based on data flow analysis using Single
2482    Static Assignment (SSA) form: Sparse Conditional Constant Propagation (SCCP),
2483    Dead Code Elimination (DCE), and removal of unused local variables
2484    (Nikita, Dmitry)
2485  . Fixed incorect constant conditional jump elimination. (Dmitry)
2486  . Fixed bug #75230 (Invalid opcode 49/1/8 using opcache). (Laruence)
2487  . Fixed bug (assertion fails with extended info generated). (Laruence)
2488  . Fixed bug (Phi sources removel). (Laruence)
2489  . Fixed bug #75370 (Webserver hangs on valid PHP text). (Laruence)
2490  . Fixed bug #75357 (segfault loading WordPress wp-admin). (Laruence)
2491
2492- OpenSSL:
2493  . Use TLS_ANY for default ssl:// and tls:// negotiation. (kelunik)
2494  . Fix leak in openssl_spki_new(). (jelle at vdwaa dot nl)
2495  . Added openssl_pkcs7_read() and pk7 parameter to openssl_pkcs7_verify().
2496    (jelle at vdwaa dot nl)
2497  . Add ssl security_level stream option to support OpenSSL security levels.
2498    (Jakub Zelenka).
2499  . Allow setting SNI cert and private key in separate files. (Jakub Zelenka)
2500  . Fixed bug #74903 (openssl_pkcs7_encrypt() uses different EOL than before).
2501    (Anatol)
2502  . Automatically load OpenSSL configuration file. (Jakub Zelenka)
2503
2504- PCRE:
2505  . Added support for PCRE JIT fast path API. (dmitry)
2506  . Fixed bug #61780 (Inconsistent PCRE captures in match results). (cmb)
2507  . Fixed bug #74873 (Minor BC break: PCRE_JIT changes output of preg_match()).
2508    (Dmitry)
2509  . Fixed bug #75089 (preg_grep() is not reporting PREG_BAD_UTF8_ERROR after
2510    first input string). (Dmitry)
2511  . Fixed bug #75223 (PCRE JIT broken in 7.2). (Dmitry)
2512  . Fixed bug #75285 (Broken build when system libpcre don't have jit support).
2513    (Remi)
2514
2515- phar:
2516  . Fixed bug #74196 (phar does not correctly handle names containing dots).
2517    (mhagstrand)
2518
2519- PDO:
2520  . Add "Sent SQL" to debug dump for emulated prepares. (Adam Baratz)
2521  . Add parameter types for national character set strings. (Adam Baratz)
2522
2523- PDO_DBlib:
2524  . Fixed bug #73234 (Emulated statements let value dictate parameter type).
2525    (Adam Baratz)
2526  . Fixed bug #73396 (bigint columns are returned as strings). (Adam Baratz)
2527  . Expose DB-Library version as \PDO::DBLIB_ATTR_VERSION attribute on \PDO
2528    instance. (Adam Baratz)
2529  . Add test coverage for bug #72969. (Jeff Farr)
2530
2531- PDO_OCI:
2532  . Fixed Bug #74537 (Align --with-pdo-oci configure option with --with-oci8 syntax).
2533    (Tianfang Yang)
2534
2535- PDO_Sqlite
2536  . Switch to sqlite3_prepare_v2() and sqlite3_close_v2() functions (rasmus)
2537
2538- PHPDBG
2539  . Added extended_value to opcode dump output. (Sara)
2540
2541- Session:
2542  . Fixed bug #73461 (Prohibit session save handler recursion). (Yasuo)
2543  . PR #2233 Removed register_globals related code and "!" can be used as $_SESSION key name. (Yasuo)
2544  . Improved bug #73100 fix. 'user' save handler can only be set by session_set_save_handler()
2545  . Fixed bug #74514 (5 session functions incorrectly warn when calling in
2546    read-only/getter mode). (Yasuo)
2547  . Fixed bug #74936 (session_cache_expire/cache_limiter/save_path() trigger a
2548    warning in read mode). (morozov)
2549  . Fixed bug #74941 (session fails to start after having headers sent).
2550    (morozov)
2551
2552- Sodium:
2553  . New cryptographic extension
2554  . Added missing bindings for libsodium > 1.0.13. (Frank)
2555
2556- SPL:
2557  . Fixed bug #71412 (Incorrect arginfo for ArrayIterator::__construct).
2558    (tysonandre775 at hotmail dot com)
2559  . Added spl_object_id(). (Tyson Andre)
2560
2561- SQLite3:
2562  . Implement writing to blobs. (bohwaz at github dot com)
2563  . Update to Sqlite 3.20.1. (cmb)
2564
2565- Standard:
2566  . Fixed bug #69442 (closing of fd incorrect when PTS enabled). (jaytaph)
2567  . Fixed bug #74300 (unserialize accepts two plus/minus signs for float number exponent part).
2568    (xKerman)
2569  . Compatibility with libargon2 versions 20161029 and 20160821.
2570    (charlesportwoodii at erianna dot com)
2571  . Fixed Bug #74737 (mysqli_get_client_info reflection info).
2572    (mhagstrand at gmail dot com)
2573  . Add support for extension name as argument to dl().
2574    (francois at tekwire dot net)
2575  . Fixed bug #74851 (uniqid() without more_entropy performs badly).
2576    (Emmanuel Dreyfus)
2577  . Fixed bug #74103 (heap-use-after-free when unserializing invalid array
2578    size). (Nikita)
2579  . Fixed bug #75054 (A Denial of Service Vulnerability was found when
2580    performing deserialization). (Nikita)
2581  . Fixed bug #75170 (mt_rand() bias on 64-bit machines). (Nikita)
2582  . Fixed bug #75221 (Argon2i always throws NUL at the end). (cmb)
2583
2584- Streams:
2585  . Default ssl/single_dh_use and ssl/honor_cipher_order to true. (kelunik)
2586
2587- XML:
2588  . Moved utf8_encode() and utf8_decode() to the Standard extension. (Andrea)
2589
2590- XMLRPC:
2591  . Use Zend MM for allocation in bundled libxmlrpc (Joe)
2592
2593- ZIP:
2594  . Add support for encrypted archives. (Remi)
2595  . Use of bundled libzip is deprecated, --with-libzip option is recommended. (Remi)
2596  . Fixed Bug #73803 (Reflection of ZipArchive does not show public properties). (Remi)
2597  . ZipArchive implements countable, added ZipArchive::count() method. (Remi)
2598  . Fix segfault in php_stream_context_get_option call. (Remi)
2599  . Fixed bug #75143 (new method setEncryptionName() seems not to exist
2600    in ZipArchive). (Anatol)
2601
2602- zlib:
2603  . Expose inflate_get_status() and inflate_get_read_len() functions.
2604    (Matthew Trescott)
2605