August 30, 2023

ZendPHP 7.2.x, 7.3.x, 7.4.x, 8.0.x, 8.1.x, and 8.2.x:

  • Added support for IBM i 7.5

August 14, 2023

ZendPHP 8.2.9

  • Build:
    • Fixed bug GH-11522 (PHP version check fails with '-' separator). 
 
  • CLI:
    • Fix interrupted CLI output causing the process to exit.
 
  • Core:
    • Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator). 
    • Fixed line number of JMP instruction over else block.
    • Fixed use-of-uninitialized-value with ??= on assert.
    • Fixed oss-fuzz #60411 (Fix double-compilation of arrow-functions).
    • Fixed build for FreeBSD before the 11.0 releases.
 
  • Curl:
    • Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION.
 
  • Date:
    • Fixed bug GH-11368 (Date modify returns invalid datetime).
    • Fixed bug GH-11600 (Can't parse time strings which include (narrow) non-breaking space characters).
 
  • DOM:
    • Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping 
    • <></> depending on libxml2 version).
 
  • Fileinfo:
    • Fixed bug GH-11298 (finfo returns wrong mime type for xz files).
 
  • FTP:
    • Fix context option check for "overwrite".
    • Fixed bug GH-10562 (Memory leak and invalid state with consecutive ftp_nb_fget).
 
  • GD:
    • Fix most of the external libgd test failures.
 
  • Intl:
    • Fix memory leak in MessageFormatter::format() on failure.
 
  • Libxml:
    • Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823)
 
  • MBString:
    • Fix GH-11300 (license issue: restricted unicode license headers)
 
  • Opcache:
    • Fixed bug GH-10914 (OPCache with Enum and Callback functions results in segmentation fault)
    • Prevent potential deadlock if accelerated globals cannot be allocated.
 
  • PCNTL:
    • Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open).
 
  • PDO:
    • Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled).
 
  • PDO SQLite:
    • Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt).
 
  • Phar:
    • Add missing check on EVP_VerifyUpdate() in phar util.
    • Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)
 
  • PHPDBG:
    • Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option).
 
  • Session:
    • Removed broken url support for transferring session ID.
 
  • Standard:
    • Fix serialization of RC1 objects appearing in object graph twice.
 
  • Streams:
    • Fixed bug GH-11735 (Use-after-free when unregistering user stream wrapper from itself).
 
  • SQLite3:
    • Fix replaced error handling in SQLite3Stmt::__construct.
 
  • XMLReader:
    • Fix GH-11548 (Argument corruption when calling XMLReader::open or XMLReader::XML non-statically with observer active).
 

ZendPHP 8.1.22

  • Build:
    • Fixed bug GH-11522 (PHP version check fails with '-' separator).
 
  • CLI:
    • Fix interrupted CLI output causing the process to exit.
 
  • Core:
    • Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).
    • Fixed use-of-uninitialized-value with ??= on assert.
    • Fixed build for FreeBSD before the 11.0 releases.
 
  • Curl:
    • Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION.
 
  • Date:
    • Fixed bug GH-11368 (Date modify returns invalid datetime).
 
  • DOM:
    • Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping <></> depending on libxml2 version).
 
  • Fileinfo:
    • Fixed bug GH-11298 (finfo returns wrong mime type for xz files).
 
  • FTP:
    • Fix context option check for "overwrite". (JonasQuinten)
    • Fixed bug GH-10562 (Memory leak and invalid state with consecutive ftp_nb_fget).
 
  • GD:
    • Fix most of the external libgd test failures.
 
  • Hash:
    • Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options parameter in signature.
 
  • Intl:
    • Fix memory leak in MessageFormatter::format() on failure.
 
  • Libxml:
    • Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) 
 
  • MBString:
    • Fix GH-11300 (license issue: restricted unicode license headers).
 
  • Opcache:
    • Fixed bug GH-10914 (OPCache with Enum and Callback functions results in segmentation fault).
    • Prevent potential deadlock if accelerated globals cannot be allocated.
 
  • PCNTL:
    • Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open).
 
  • PCRE:
    • Mangle PCRE regex cache key with JIT option.
 
  • PDO:
    • Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer
    filled).
  • PDO SQLite:
    • Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt).
    (KapitanOczywisty, CViniciusSDias)
  • Phar:
    • Add missing check on EVP_VerifyUpdate() in phar util.
    • Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)
 
  • PHPDBG:
    • Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option). 
 
  • Session:
    • Removed broken url support for transferring session ID. 
 
  • Standard:
    • Fix serialization of RC1 objects appearing in object graph twice.
 
  • SQLite3:
    • Fix replaced error handling in SQLite3Stmt::__construct.

 

ZendPHP 8.0.30

  • Libxml:
    • Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) 
 
  • Phar:
    • Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824) 
 

ZendPHP 7.4.33.4

  • Libxml:
    • Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) 
 
  • Phar:
    • Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)

ZendPHP 7.3.33.9

  • Libxml:
    • Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) 
 
  • Phar:
    • Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824) 
 

ZendPHP 7.2.34.17

  • Libxml:
    • Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) 
 
  • Phar:
    • Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)