ZendPHP August 2025 Releases
ZendPHP Distribution Changes
- Debian and Ubuntu packages now depend on the
zendphp-utils
package, addingzend-sessionclean
, and thezendphpenmod
/zendphpdismod
tools. Those are forked tools from the Debianphp-common
packages to provide the same functionality for ZendPHP.
Community Changes
PHP Version 8.4.11 Changes
-
Calendar
- Fixed jewishtojd overflow on year argument.
-
Core
- Fixed bug GH-18833: Use after free with weakmaps dependent on destruction order.
- Fixed bug GH-18907: Leak when creating cycle in hook.
- Fix OSS-Fuzz #427814456.
- Fix OSS-Fuzz #428983568 and #428760800.
-
Curl
- Fix memory leaks when returning
refcounted
value from curl callback. - Remove incorrect string release.
- Fix memory leaks when returning
-
DOM
- Fixed bug GH-18979:
Dom\XMLDocument::createComment()
triggers undefined behavior with null byte.
- Fixed bug GH-18979:
-
LDAP
- Fixed GH-18902
ldap_exop
/ldap_exop_sync
assert triggered on empty request OID.
- Fixed GH-18902
-
MbString
- Fixed bug GH-18901: integer overflow
mb_split()
.
- Fixed bug GH-18901: integer overflow
-
Opcache
- Fixed bug GH-18639: Internal class aliases can break preloading + JIT.
- Fixed bug GH-18899: JIT function crash when emitting undefined variable warning and opline is not set yet.
- Fixed bug GH-14082: Segmentation fault on unknown address 0x600000000018 in
ext/opcache/jit/zend_jit.c
. - Fixed bug GH-18898: SEGV
zend_jit_op_array_hot
with property hooks and preloading.
-
OpenSSL
- Fixed bug #80770: It is not possible to get client peer certificate with
stream_socket_server()
.
- Fixed bug #80770: It is not possible to get client peer certificate with
-
PCNTL
- Fixed bug GH-18958: Fatal error during shutdown after
pcntl_rfork()
orpcntl_forkx()
withzend-max-execution-timers
.
- Fixed bug GH-18958: Fatal error during shutdown after
-
Phar
- Fix stream double free in phar.
- Fix phar crash and file corruption with
SplFileObject
.
-
SOAP
- Fixed bug GH-18990, bug #81029, bug #47314: SOAP HTTP socket not closing on object destruction.
- Fix memory leak when URL parsing fails in redirect.
-
SPL
- Fixed bug GH-19094: Attaching class with no
Iterator
implementation toMultipleIterator
causes crash.
- Fixed bug GH-19094: Attaching class with no
-
Standard
- Fix misleading errors in
printf()
. - Fix RCN violations in array functions.
- Fixed GH-18976:
pack()
overflow withh
/H
format andINT_MAX
repeater value.
- Fix misleading errors in
-
Streams
- Fixed GH-13264:
fgets()
andstream_get_line()
do not return false on filter fatal error.
- Fixed GH-13264:
-
Zip
- Fix leak when path is too long in
ZipArchive::extractTo()
.
- Fix leak when path is too long in
PHP Version 8.3.24 Changes
-
Calendar
- Fixed jewishtojd overflow on year argument.
-
Core
- Fixed bug GH-18833: Use after free with weakmaps dependent on destruction order.
- Fix OSS-Fuzz #427814456.
- Fix OSS-Fuzz #428983568 and #428760800.
- Fixed bug GH-17204:
-Wuseless-escape
warnings emitted by re2c.
-
Curl
- Fix memory leaks when returning
refcounted
value from curl callback. - Remove incorrect string release.
- Fix memory leaks when returning
-
Intl
- Fix memleak on failure in
collator_get_sort_key()
.
- Fix memleak on failure in
-
LDAP
- Fixed GH-18902
ldap_exop
/ldap_exop_sync
assert triggered on empty request OID.
- Fixed GH-18902
-
MbString
- Fixed bug GH-18901: integer overflow
mb_split()
.
- Fixed bug GH-18901: integer overflow
-
OCI8
- Fixed bug GH-18873:
OCI_RETURN_LOBS
flag causes oci8 to leak memory.
- Fixed bug GH-18873:
-
Opcache
- Fixed bug GH-18639: Internal class aliases can break preloading + JIT.
- Fixed bug GH-14082: Segmentation fault on unknown address 0x600000000018 in
ext/opcache/jit/zend_jit.c
.
-
OpenSSL
- Fixed bug #80770: It is not possible to get client peer certificate with
stream_socket_server()
.
- Fixed bug #80770: It is not possible to get client peer certificate with
-
PCNTL
- Fixed bug GH-18958: Fatal error during shutdown after
pcntl_rfork()
orpcntl_forkx()
withzend-max-execution-timers
.
- Fixed bug GH-18958: Fatal error during shutdown after
-
Phar
- Fix stream double free in phar.
- Fix phar crash and file corruption with
SplFileObject
.
-
SOAP
- Fixed bug GH-18990, bug #81029, bug #47314: SOAP HTTP socket not closing on object destruction.
- Fix memory leak when URL parsing fails in redirect.
-
SPL
- Fixed bug GH-19094: Attaching class with no
Iterator
implementation toMultipleIterator
causes crash.
- Fixed bug GH-19094: Attaching class with no
-
Standard
- Fix misleading errors in
printf()
. - Fix RCN violations in array functions.
- Fixed GH-18976:
pack()
overflow withh
/H
format andINT_MAX
repeater value.
- Fix misleading errors in
-
Streams
- Fixed GH-13264:
fgets()
andstream_get_line()
do not return false on filter fatal error.
- Fixed GH-13264:
-
Zip
- Fix leak when path is too long in
ZipArchive::extractTo()
.
- Fix leak when path is too long in