August 2023August 30, 2023ZendPHP 7.2.x, 7.3.x, 7.4.x, 8.0.x, 8.1.x, and 8.2.x:Added support for IBM i 7.5August 14, 2023ZendPHP 8.2.9Build:Fixed bug GH-11522 (PHP version check fails with '-' separator). CLI:Fix interrupted CLI output causing the process to exit. Core:Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator). Fixed line number of JMP instruction over else block.Fixed use-of-uninitialized-value with ??= on assert.Fixed oss-fuzz #60411 (Fix double-compilation of arrow-functions).Fixed build for FreeBSD before the 11.0 releases. Curl:Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION. Date:Fixed bug GH-11368 (Date modify returns invalid datetime).Fixed bug GH-11600 (Can't parse time strings which include (narrow) non-breaking space characters). DOM:Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping <></> depending on libxml2 version). Fileinfo:Fixed bug GH-11298 (finfo returns wrong mime type for xz files). FTP:Fix context option check for "overwrite".Fixed bug GH-10562 (Memory leak and invalid state with consecutive ftp_nb_fget). GD:Fix most of the external libgd test failures. Intl:Fix memory leak in MessageFormatter::format() on failure. Libxml:Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) MBString:Fix GH-11300 (license issue: restricted unicode license headers) Opcache:Fixed bug GH-10914 (OPCache with Enum and Callback functions results in segmentation fault)Prevent potential deadlock if accelerated globals cannot be allocated. PCNTL:Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open). PDO:Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled). PDO SQLite:Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt). Phar:Add missing check on EVP_VerifyUpdate() in phar util.Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824) PHPDBG:Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option). Session:Removed broken url support for transferring session ID. Standard:Fix serialization of RC1 objects appearing in object graph twice. Streams:Fixed bug GH-11735 (Use-after-free when unregistering user stream wrapper from itself). SQLite3:Fix replaced error handling in SQLite3Stmt::__construct. XMLReader:Fix GH-11548 (Argument corruption when calling XMLReader::open or XMLReader::XML non-statically with observer active). ZendPHP 8.1.22Build:Fixed bug GH-11522 (PHP version check fails with '-' separator). CLI:Fix interrupted CLI output causing the process to exit. Core:Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).Fixed use-of-uninitialized-value with ??= on assert.Fixed build for FreeBSD before the 11.0 releases. Curl:Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION. Date:Fixed bug GH-11368 (Date modify returns invalid datetime). DOM:Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping <></> depending on libxml2 version). Fileinfo:Fixed bug GH-11298 (finfo returns wrong mime type for xz files). FTP:Fix context option check for "overwrite". (JonasQuinten)Fixed bug GH-10562 (Memory leak and invalid state with consecutive ftp_nb_fget). GD:Fix most of the external libgd test failures. Hash:Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options parameter in signature. Intl:Fix memory leak in MessageFormatter::format() on failure. Libxml:Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) MBString:Fix GH-11300 (license issue: restricted unicode license headers). Opcache:Fixed bug GH-10914 (OPCache with Enum and Callback functions results in segmentation fault).Prevent potential deadlock if accelerated globals cannot be allocated. PCNTL:Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open). PCRE:Mangle PCRE regex cache key with JIT option. PDO:Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled).PDO SQLite:Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt). (KapitanOczywisty, CViniciusSDias)Phar:Add missing check on EVP_VerifyUpdate() in phar util.Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824) PHPDBG:Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option). Session:Removed broken url support for transferring session ID. Standard:Fix serialization of RC1 objects appearing in object graph twice. SQLite3:Fix replaced error handling in SQLite3Stmt::__construct. ZendPHP 8.0.30Libxml:Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) Phar:Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824) ZendPHP 7.4.33.4Libxml:Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) Phar:Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)ZendPHP 7.3.33.9Libxml:Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) Phar:Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824) ZendPHP 7.2.34.17Libxml:Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) Phar:Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)
