April 2024ZendPHP Changes for 8.3.6, 8.2.18, 8.1.28, 8.0.30.1, 7.4.33.5, 7.3.33.10, 7.2.34.18IBM i PHP error log is stored as /www/zendphp/logs/php_errors.log by default for new installationsWindows build:OpenSSL v3.2.1Fixed PostrgreSQL drivers build. v.16.2Fixed MSI, added missing MSVC dependency library for imagick extensionZendPHP Changes for 8.3.6, 8.2.18, 8.1.28Debian and Ubuntu packages Fix php-fpm configuration file pathCommunity Fixes for 8.3.6Core:Fixed GH-13569: GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps.Fixed bug GH-13612: Corrupted memory in destructor with weak references.Fixed bug GH-13446: Restore exception handler after it finishes.Fixed bug GH-13784: AX_GCC_FUNC_ATTRIBUTE failure.Fixed bug GH-13670: GC does not scale well with a lot of objects created in destructor.DOM:Add some missing ZPP checks.Fix potential memory leak in XPath evaluation results.FPM:Fixed GH-11086: FPM: config test runs twice in daemonised mode.Fix incorrect check in fpm_shm_free().GD:Fixed bug GH-12019: add GDLIB_CFLAGS in feature tests.Gettext:Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL.MySQLnd:Fix GH-13452: Fixed handshake response [mysqlnd].Fix incorrect charset length in check_mb_eucjpms().Opcache:Fixed GH-13508: JITed QM_ASSIGN may be optimized out when op1 is null.Fixed GH-13712: Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded.Random:Fixed bug GH-13544: Pre-PHP 8.2 compatibility for mt_srand with unknown modes.Fixed bug GH-13690: Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used.Session:Fixed bug GH-13680: Segfault with session_decode and compilation error.SPL:Fixed bug GH-13685: Unexpected null pointer in zend_string.h.Standard:Fixed bug GH-11808: Live filesystem modified by tests.Fixed GH-13402: Added validation of \n in $additional_headers of mail().Fixed bug GH-13203: file_put_contents fail on strings over 4GB on Windows.Fix bug GH-13932: Attempt to fix mbstring on windows build (msvc).Community Fixes for 8.2.18Core:Fixed bug GH-13612: Corrupted memory in destructor with weak references.Fixed bug GH-13784: AX_GCC_FUNC_ATTRIBUTE failure.Fixed bug GH-13670: GC does not scale well with a lot of objects created in destructor.DOM:Add some missing ZPP checks.Fix potential memory leak in XPath evaluation results.Fix phpdoc for DOMDocument load methods.FPMFixed incorrect check in fpm_shm_free().GD:Fixed bug GH-12019: add GDLIB_CFLAGS in feature tests.Gettext:Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL.MySQLnd:Fix GH-13452: Fixed handshake response [mysqlnd].Fix incorrect charset length in check_mb_eucjpms().Opcache:Fixed GH-13508: JITed QM_ASSIGN may be optimized out when op1 is null.Fixed GH-13712: Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded.PDO:Fix various PDORow bugs.Random:Fixed bug GH-13544: Pre-PHP 8.2 compatibility for mt_srand with unknown modes.Fixed bug GH-13690: Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used.Session:Fixed bug GH-13680: Segfault with session_decode and compilation error.Sockets:Fixed bug GH-13604: socket_getsockname returns random characters in the end of the socket name.SPL:Fixed bug GH-13531: Unable to resize SplfixedArray after being unserialized in PHP 8.2.15.Fixed bug GH-13685: Unexpected null pointer in zend_string.h.Standard:Fixed bug GH-11808: Live filesystem modified by tests.Fixed GH-13402: Added validation of \n in $additional_headers of mail().Fixed bug GH-13203: file_put_contents fail on strings over 4GB on Windows.XML:Fixed bug GH-13517: Multiple test failures when building with --with-expat.Community CVE Fixes for 8.3.6, 8.2.18, 8.1.28Standard: Fixed bug GHSA-pc52-254m-w9w7: Command injection via array-ish $command parameter of proc_open. (CVE-2024-1874)Fixed bug GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix. (CVE-2024-2756)Fixed bug GHSA-h746-cjrr-wfmr: password_verify can erroneously return true, opening ATO risk. (CVE-2024-3096)Community CVE Fixes for 8.3.6Fixed bug GHSA-fjp9-9hwx-59fq: mb_encode_mimeheader runs endlessly for some inputs. (CVE-2024-2757)Backported CVE Fixes for 7.2.34.18, 7.3.33.10, 7.4.33.5, 8.0.30.1Standard: Fixed bug GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix. (CVE-2024-2756)Fix bug GHSA-h746-cjrr-wfmr: password_verify can erroneously return true, opening ATO risk. (CVE-2024-3096)Backported CVE Fixes for 7.4.33.5, 8.0.30.1Standard: Fixed bug GHSA-pc52-254m-w9w7: Command injection via array-ish $command parameter of proc_open. (CVE-2024-1874)