ZendPHP August 2025 Releases

ZendPHP Distribution Changes

  • Debian and Ubuntu packages now depend on the zendphp-utils package, adding zend-sessionclean, and the zendphpenmod/zendphpdismod tools. Those are forked tools from the Debian php-common packages to provide the same functionality for ZendPHP.

Community Changes

PHP Version 8.4.11 Changes

  • Calendar

    • Fixed jewishtojd overflow on year argument.

  • Core

    • Fixed bug GH-18833: Use after free with weakmaps dependent on destruction order.
    • Fixed bug GH-18907: Leak when creating cycle in hook.
    • Fix OSS-Fuzz #427814456.
    • Fix OSS-Fuzz #428983568 and #428760800.

  • Curl

    • Fix memory leaks when returning refcounted value from curl callback.
    • Remove incorrect string release.

  • DOM

    • Fixed bug GH-18979: Dom\XMLDocument::createComment() triggers undefined behavior with null byte.

  • LDAP

    • Fixed GH-18902 ldap_exop/ldap_exop_sync assert triggered on empty request OID.

  • MbString

    • Fixed bug GH-18901: integer overflow mb_split().

  • Opcache

    • Fixed bug GH-18639: Internal class aliases can break preloading + JIT.
    • Fixed bug GH-18899: JIT function crash when emitting undefined variable warning and opline is not set yet.
    • Fixed bug GH-14082: Segmentation fault on unknown address 0x600000000018 in ext/opcache/jit/zend_jit.c.
    • Fixed bug GH-18898: SEGV zend_jit_op_array_hot with property hooks and preloading.

  • OpenSSL

    • Fixed bug #80770: It is not possible to get client peer certificate with stream_socket_server().

  • PCNTL

    • Fixed bug GH-18958: Fatal error during shutdown after pcntl_rfork() or pcntl_forkx() with zend-max-execution-timers.

  • Phar

    • Fix stream double free in phar.
    • Fix phar crash and file corruption with SplFileObject.

  • SOAP

    • Fixed bug GH-18990, bug #81029, bug #47314: SOAP HTTP socket not closing on object destruction.
    • Fix memory leak when URL parsing fails in redirect.

  • SPL

    • Fixed bug GH-19094: Attaching class with no Iterator implementation to MultipleIterator causes crash.

  • Standard

    • Fix misleading errors in printf().
    • Fix RCN violations in array functions.
    • Fixed GH-18976: pack() overflow with h/H format and INT_MAX repeater value.

  • Streams

    • Fixed GH-13264: fgets() and stream_get_line() do not return false on filter fatal error.

  • Zip

    • Fix leak when path is too long in ZipArchive::extractTo().

PHP Version 8.3.24 Changes

  • Calendar

    • Fixed jewishtojd overflow on year argument.

  • Core

    • Fixed bug GH-18833: Use after free with weakmaps dependent on destruction order.
    • Fix OSS-Fuzz #427814456.
    • Fix OSS-Fuzz #428983568 and #428760800.
    • Fixed bug GH-17204: -Wuseless-escape warnings emitted by re2c.

  • Curl

    • Fix memory leaks when returning refcounted value from curl callback.
    • Remove incorrect string release.

  • Intl

    • Fix memleak on failure in collator_get_sort_key().

  • LDAP

    • Fixed GH-18902 ldap_exop/ldap_exop_sync assert triggered on empty request OID.

  • MbString

    • Fixed bug GH-18901: integer overflow mb_split().

  • OCI8

    • Fixed bug GH-18873: OCI_RETURN_LOBS flag causes oci8 to leak memory.

  • Opcache

    • Fixed bug GH-18639: Internal class aliases can break preloading + JIT.
    • Fixed bug GH-14082: Segmentation fault on unknown address 0x600000000018 in ext/opcache/jit/zend_jit.c.

  • OpenSSL

    • Fixed bug #80770: It is not possible to get client peer certificate with stream_socket_server().

  • PCNTL

    • Fixed bug GH-18958: Fatal error during shutdown after pcntl_rfork() or pcntl_forkx() with zend-max-execution-timers.

  • Phar

    • Fix stream double free in phar.
    • Fix phar crash and file corruption with SplFileObject.

  • SOAP

    • Fixed bug GH-18990, bug #81029, bug #47314: SOAP HTTP socket not closing on object destruction.
    • Fix memory leak when URL parsing fails in redirect.

  • SPL

    • Fixed bug GH-19094: Attaching class with no Iterator implementation to MultipleIterator causes crash.

  • Standard

    • Fix misleading errors in printf().
    • Fix RCN violations in array functions.
    • Fixed GH-18976: pack() overflow with h/H format and INT_MAX repeater value.

  • Streams

    • Fixed GH-13264: fgets() and stream_get_line() do not return false on filter fatal error.

  • Zip

    • Fix leak when path is too long in ZipArchive::extractTo().