ZendPHP August 2025 Second Releases

Community Changes

PHP Version 8.4.12 Changes

  • Core:

    • Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro.
    • Fixed bug GH-19053: Duplicate property slot with hooks and interface property.
    • Fixed bug GH-19044: Protected properties are not scoped according to their prototype.
    • Fixed bug GH-18581: Coerce numeric string keys from iterators when argument unpacking.
    • Fixed OSS-Fuzz #434346548: Failed assertion with throwing __toString() in binary const expr.
    • Fixed bug GH-19305: Operands may be being released during comparison.
    • Fixed bug GH-19303: Unpacking empty packed array into uninitialized array causes assertion failure.
    • Fixed bug GH-19306: Generator can be resumed while fetching next value from delegated Generator.
    • Fixed bug GH-19326: Calling Generator::throw() on a running generator with a non-Generator delegate crashes.
    • Fixed bug GH-19280: Stale array iterator position on rehashing.
    • Fixed bug GH-18736: Circumvented type check with return by ref + finally.
    • Fixed bug GH-19065: Long match statement can segfault compiler during recursive SSA renaming.

  • Calendar

    • Fixed bug GH-19371 integer overflow in calendar.c.

  • FTP

    • Fix theoretical issues with hrtime() not being available.

  • GD

    • Fix incorrect comparison with result of php_stream_can_cast().

  • Hash

    • Fix crash on clone failure.

  • Intl

    • Fix memleak on failure in collator_get_sort_key().
    • Fix return value on failure for resourcebundle count handler.

  • LDAP

    • Fixed bug GH-18529: additional inheriting of TLS int options.

  • LibXML

    • Fixed bug GH-19098: libxml 2.13 segmentation fault caused by php_libxml_node_free.

  • MbString

    • Fixed bug GH-19397: mb_list_encodings() can cause crashes on shutdown.

  • Opcache

    • Reset global pointers to prevent use-after-free in zend_jit_status().
    • Fix issue with JIT restart and hooks.
    • Fix crash with dynamic function defs in hooks during preload.

  • OpenSSL

    • Fixed bug GH-18986: OpenSSL backend: incorrect RAND_{load,write}_file() return value check.
    • Fix error return check of EVP_CIPHER_CTX_ctrl().
    • Fixed bug GH-19428: openssl_pkey_derive segfaults for DH derive with low key_length param.

  • PDO Pgsql

    • Fixed dangling pointer access on _pdo_pgsql_trim_message helper.

  • SOAP

    • Fixed bug GH-18640: heap-use-after-free ext/soap/php_encoding.c:299:32 in soap_check_zval_ref.

  • Sockets

    • Fix some potential crashes on incorrect argument value.

  • Standard

    • Fixed OSS Fuzz #433303828: Leak in failed unserialize() with opcache.
    • Fix theoretical issues with hrtime() not being available.
    • Fixed bug GH-19300: Nested array_multisort invocation with error breaks.

  • Windows

    • Free opened_path when opened_path_len >= MAXPATHLEN.

PHP Version 8.3.25 Changes

  • Core

    • Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro.
    • Fixed bug GH-18581: Coerce numeric string keys from iterators when argument unpacking.
    • Fixed OSS-Fuzz #434346548: Failed assertion with throwing __toString() in binary const expr.
    • Fixed bug GH-19305: Operands may be being released during comparison.
    • Fixed bug GH-19303: Unpacking empty packed array into uninitialized array causes assertion failure.
    • Fixed bug GH-19306: Generator can be resumed while fetching next value from delegated Generator.
    • Fixed bug GH-19326: Calling Generator::throw() on a running generator with a non-Generator delegate crashes.
    • Fixed bug GH-18736: Circumvented type check with return by ref + finally.
    • Fixed zend call stack size for macOs/arm64.
    • Fixed bug GH-19065: Long match statement can segfault compiler during recursive SSA renaming.

  • Calendar

    • Fixed bug GH-19371 integer overflow in calendar.c.

  • FTP

    • Fix theoretical issues with hrtime() not being available.

  • GD

    • Fix incorrect comparison with result of php_stream_can_cast().

  • Hash

    • Fix crash on clone failure.

  • Intl

    • Fixed GH-19261: msgfmt_parse_message leaks on message creation failure.
    • Fix return value on failure for resourcebundle count handler.

  • LDAP

    • Fixed bug GH-18529: additional inheriting of TLS int options.

  • LibXML

    • Fixed bug GH-19098: libxml 2.13 segmentation fault caused by php_libxml_node_free.

  • MbString

    • Fixed bug GH-19397: mb_list_encodings() can cause crashes on shutdown.

  • Opcache

    • Reset global pointers to prevent use-after-free in zend_jit_status().

  • OpenSSL

    • Fixed bug GH-18986: OpenSSL backend: incorrect RAND_{load,write}_file() return value check.
    • Fix error return check of EVP_CIPHER_CTX_ctrl().
    • Fixed bug GH-19428: openssl_pkey_derive segfaults for DH derive with low key_length param.

  • PDO Pgsql

    • Fixed dangling pointer access on _pdo_pgsql_trim_message helper.

  • Readline

    • Fixed bug GH-19250 and bug #51360: Invalid conftest for rl_pending_input.

  • SOAP

    • Fixed bug GH-18640: heap-use-after-free ext/soap/php_encoding.c:299:32 in soap_check_zval_ref.

  • Sockets

    • Fix some potential crashes on incorrect argument value.

  • Standard

    • Fixed OSS Fuzz #433303828: Leak in failed unserialize() with opcache.
    • Fix theoretical issues with hrtime() not being available.
    • Fixed bug GH-19300: Nested array_multisort invocation with error breaks.

  • Windows

    • Free opened_path when opened_path_len >= MAXPATHLEN.