Skip to main content

Secondary Navigation

  • PHP Security Center
  • Blog
  • Store
  • Downloads
    • Downloads
    • Plugins
    • MyZend Account
  • Company
    • About Zend by Perforce
    • Careers at Perforce
    • Customers
    • Partners
    • Press
  • Contact
    • Contact Us
    • Request Pricing
    • Request Support
    • Subscribe
Home
Zend

Main Navigation - Mega Menu

  • Products

    Main Navigation - Mega Menu

    • ZendPHP
      PHP Runtime and Support
    • PHP LTS
      Patches for EOL PHP
    • ZendHQ
      Must-Have Extension for ZendPHP
    • Zend Server
      PHP Application Server
  • Services

    Main Navigation - Mega Menu

    • Service Overview
    • Migration Services
    • Audits
    • Custom Consulting
    • Admin as a Service
    • Zend Black Belt Services

    Services

    Innovate faster and cut risk with PHP experts from Zend Services.

    Explore Services

  • Solutions

    Main Navigation - Mega Menu

    • PHP Cloud Solutions
    • PHP Container Solutions
    • PHP Security Solutions
    • Windows Solutions
    • Hosting Provider Solutions

    Zend Solutions Cloud

    See How Zend Helps Leading Hosting Providers Keep Their Managed Sites on Secure PHP

    Read More

  • Training

    Main Navigation - Mega Menu

    • Training Overview
    • Zend PHP Certification

    Training

    Learn PHP from PHP experts with free, on-demand, and instructor led courses.

    Explore Training

  • Resources

    Main Navigation - Mega Menu

    • Explore Resources
    • Events & Webinars
    • Papers & Videos
    • Recorded Webinars
    • Blog
    Cloud Orchestration

    Orchestrating Your PHP Applications

    Watch Now
  • Support

    Main Navigation - Mega Menu

    • Explore Support
    • PHP Long-Term Support
    • Knowledgebase
    • Documentation
    • Download Software
    • Download Plugins
    • Request Support

    Support

    Submit support requests and browse self-service resources.

    Explore Support

  • Try Free
  • PHP Security Center
  • Blog
  • Store
  • Downloads

    Main Navigation - Mega Menu

    • Downloads
    • Plugins
    • MyZend Account
    • Downloads
    • Plugins
    • MyZend Account
  • Company

    Main Navigation - Mega Menu

    • About Zend by Perforce
    • Careers at Perforce
    • Customers
    • Partners
    • About Zend by Perforce
    • Careers at Perforce
    • Customers
    • Partners
  • Contact

    Main Navigation - Mega Menu

    • Contact Us
    • Request Support
    • Subscribe

ZendPHP Release Notes

Get RSS Updates (.xml)

May 2025 Releases

May 2025

Community Changes

PHP Version 8.4.7 Changes

  • Core

    • Fixed bug GH-18038: Lazy proxy calls magic methods twice.
    • Fixed bug GH-18209: Use-after-free in extract() with EXTR_REFS.
    • Fixed bug GH-18268: Segfault in array_walk() on object with added property hooks
Read More

April 2025 Releases

April 2025

Community changes

PHP version 8.4.6 changes

  • BCMath

    • Fixed pointer subtraction for scale.
  • Core

    • Fixed property hook backing value access in multi-level inheritance.
    • Fixed accidentally inherited default value in overridden virtual properties.
    • Fixed bug
Read More

March 2025 LTS Releases

March 2025

Backported CVE Fixes for ZendPHP 8.0.30.6, 7.4.33.10, 7.3.33.16, and 7.2.34.24

  • LibXML

    • Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714).
    • Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong content-type header when requesting a redirected resource).
Read More

March 2025 Releases

March 2025

Community CVE Fixes

PHP version 8.4.5, 8.3.19 CVE fixes

  • Core

    • Fixed GHSA-rwp7-7vc6-8477: Reference counting in php_request_shutdown causes Use-After-Free. (CVE-2024-11235)
  • LibXML

    • Fixed GHSA-p3x9-6h7p-cgfc: libxml streams use wrong content-type heade
Read More

February 2025 Releases

February 2025

Community changes

PHP version 8.4.4 changes

  • Core

    • Fixed bug GH-17234: Numeric parent hook call fails with assertion
    • Fixed bug GH-16892: ini_parse_quantity() fails to parse inputs starting with 0x0b
    • Fixed bug GH-16886: ini_parse_quantity() fails to emit
Read More

January 2025 Releases

January 2025

Community changes

PHP version 8.4.3 changes

  • BcMath

    • Fixed bug GH-17049: Correctly compare 0 and -0
    • Fixed bug GH-17061: Number::round() does not remove trailing zeros
    • Fixed bug GH-17064: Correctly round rounding mode with zero edge case
    • Fixed bug GH
Read More

December 2024 Releases

December 2024

Community changes

PHP version 8.4.2 changes

  • BcMath

    • Fixed bug GH-16978: Avoid unnecessary padding with leading zeros
  • COM

    • Fixed bug GH-16991: Getting typeinfo of non DISPATCH variant segfaults
  • Core

    • Fixed bug GH-16344: setRawValueWithoutLazyInitia
Read More

November 2024 Releases

November 2024

ZendPHP Changes

PHP version 8.4.1

Community dropped some extensions from the PHP main sources, extensions are now built from PECL sources, therefore the packaging changes on Linux and IBM i:

  • oci8
    • have different packaging names for RPM based releases
Read More

October 2024 Releases

October 2024

Community Fixes

PHP version 8.3.13 fixes

  • Calendar

    • Fixed GH-16240: jdtounix overflow on argument value.
    • Fixed GH-16241: easter_days/easter_date overflow on year argument.
    • Fixed GH-16263: jddayofweek overflow.
    • Fixed GH-16234: jewishtojd overflow.
  • CLI

Read More

September 2024 Releases

September 2024

ZendPHP Changes

  • Support ended for IBM i = V7R2
    • PHP is now built with OpenSSL v3. OpenSSL 3 is available from IBM i v7r3 OpenSource base rpm repositories.
    • NOTE FOR USERS ON IBM i : due to packaging issues by IBM, postgresql12-libpq package upgrade may not complete properly (missing symbolic links for libraries) and causes PHP postgreql extensions to not load. Fix: yum reinstall postgresql12-libpq

Community CVE Fixes

PHP version 8.3.12, 8.2.24, 8.1.30 CVE fixes

  • CGI

    • Fixed bug GHSA-p99j-rfp4-xqvq: Bypass of CVE-2024-4577, Parameter Injection Vulnerability. (CVE-2024-8926)
    • Fixed bug GHSA-94p6-54jq-9mwp: cgi.force_redirect configuration is bypassable due to the environment variable collision. (CVE-2024-8927)
  • FPM

    • Fixed bug GHSA-865w-9rf3-2wh5: Logs from childrens may be altered. (CVE-2024-9026)
  • SAPI

    • Fixed bug GHSA-9pqp-7h25-4f32: Erroneous parsing of multipart form data. (CVE-2024-8925)

Backported PHP CVE Fixes

PHP version 7.2.34.20, 7.3.33.12, 7.4.33.7, 8.0.30.3 CVE fixes

  • CGI

    • Fixed bug GHSA-p99j-rfp4-xqvq: Bypass of CVE-2024-4577, Parameter Injection Vulnerability. (CVE-2024-8926)
    • Fixed bug GHSA-94p6-54jq-9mwp: cgi.force_redirect configuration is bypassable due to the environment variable collision. (CVE-2024-8927)
  • SAPI

    • Fixed bug GHSA-9pqp-7h25-4f32: Erroneous parsing of multipart form data. (CVE-2024-8925)

PHP version 7.4.33.7, 8.0.30.3 CVE fixes

  • FPM
    • Fixed bug GHSA-865w-9rf3-2wh5: Logs from childrens may be altered. (CVE-2024-9026)

Community Fixes

PHP version 8.3.12 fixes

  • Core

    • Fixed bug GH-15408: MSan false-positve on zend_max_execution_timer.
    • Fixed bug GH-15515: Configure error grep illegal option q.
    • Fixed bug GH-15514: Configure error: genif.sh: syntax error.
    • Fixed bug GH-15565: --disable-ipv6 during compilation produces error EAI_SYSTEM not found.
    • Fixed bug GH-15587: CRC32 API build error on arm 32-bit.
    • Fixed bug GH-15330: Do not scan generator frames more than once.
    • Fixed uninitialized lineno in constant AST of internal enums.
  • Curl

    • FIxed bug GH-15547: curl_multi_select overflow on timeout argument.
  • DOM

    • Fixed bug GH-15551: Segmentation fault (access null pointer) in ext/dom/xml_common.h.
    • Fixed bug GH-15654: Signed integer overflow in ext/dom/nodelist.c.
  • Fileinfo

    • Fixed bug GH-15752: Incorrect error message for finfo_file with an empty filename argument.
  • MySQLnd

    • Fixed bug GH-15432: Heap corruption when querying a vector.
  • Opcache

    • Fixed bug GH-15661: Access null pointer in Zend/Optimizer/zend_inference.c.
    • Fixed bug GH-15658: Segmentation fault in Zend/zend_vm_execute.h.
  • Standard

    • Fixed bug GH-15552: Signed integer overflow in ext/standard/scanf.c.
  • Streams

    • Fixed bug GH-15628: php_stream_memory_get_buffer() not zero-terminated.

PHP version 8.2.24 fixes

  • Core

    • Fixed bug GH-15408: MSan false-positve on zend_max_execution_timer.
    • Fixed bug GH-15515: Configure error grep illegal option q.
    • Fixed bug GH-15514: Configure error: genif.sh: syntax error.
    • Fixed bug GH-15565: --disable-ipv6 during compilation produces error EAI_SYSTEM not found.
    • Fixed bug GH-15587: CRC32 API build error on arm 32-bit.
    • Fixed bug GH-15330: Do not scan generator frames more than once.
    • Fixed uninitialized lineno in constant AST of internal enums.
  • Curl

    • FIxed bug GH-15547: curl_multi_select overflow on timeout argument.
  • DOM

    • Fixed bug GH-15551: Segmentation fault (access null pointer) in ext/dom/xml_common.h.
  • Fileinfo

    • Fixed bug GH-15752: Incorrect error message for finfo_file with an empty filename argument.
  • MySQLnd

    • Fixed bug GH-15432: Heap corruption when querying a vector.
  • Opcache

    • Fixed bug GH-15661: Access null pointer in Zend/Optimizer/zend_inference.c.
    • Fixed bug GH-15658: Segmentation fault in Zend/zend_vm_execute.h.
  • SOAP

    • Fixed bug #73182: PHP SOAPClient does not support stream context HTTP headers in array form.
  • Standard

    • Fixed bug GH-15552: Signed integer overflow in ext/standard/scanf.c.
  • Streams

    • Fixed bug GH-15628: php_stream_memory_get_buffer() not zero-terminated.
Read More

Pagination

  • Current page 1
  • Page 2
  • Page 3
  • Next pageNext ›

Footer menu

  • Products
    • ZendPHP
    • PHP Long-Term Support
    • ZendHQ
    • Zend Server
    • Laminas Enterprise Support
    • PHP Development Tools
  • Services
    • PHP Long-Term Support
    • Migration Services
    • Audits
    • CI/CD Services
    • Custom Consulting
    • Admin as a Service
  • Free Trials and Demos
    • ZendPHP Trial
    • Zend Server Trial
    • ZendHQ Demo
  • Training
  • Resources
    • PHP Security Center
    • Papers & Videos
    • Events & Webinars
    • Recorded Webinars
    • Blog
    • Case Studies
  • Hubs
    • PHP Versions Guide
    • Developing Web Apps With PHP
    • Guide to PHP and IBM i
    • PHP Security
  • Store
  • Downloads
    • MyZend Account
    • Plugins
    • Container Registry
  • Support
    • PHP Long-term Support
    • Knowledgebase
    • Documentation
    • Software End of Life Policy
  • Contact
    • Request Pricing
    • Request Support
    • Subscribe
  • Company
    • About Zend by Perforce
    • Careers at Perforce
    • Customers
    • Partners
    • Press
Home

Zend by Perforce © Perforce Software, Inc.
Terms of Use  |  Privacy Policy | Sitemap

Social Menu

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube
  • RSS
Send Feedback