January 2023 Releases

January 26, 2023

ARM Support for ZendPHP and ZendHQ Now Available

ARM support for ZendPHP and ZendHQ is now available for ZendPHP 7.2 and up.

Supported Platforms and PHP Versions

For a complete list of supported platforms and PHP versions, please visit our ZendPHP documentation page.

Docker Images

All Docker images available via our container registry now include additional tags providing ARM variants.

January 18, 2023

Backported Security Fix for PHP 7.4, 7.3, 7.2, and 7.1

Version 7.4.33.1, 7.3.33.5, 7.2.34.13, 7.1.33.17 backported security fix:

• PDO/SQLite:
  • Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)

January 10, 2023

Version 8.2.1 Community Fixes

    • Core:
        • Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
        • Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file).
        • Fixed bug GH-9890 (OpenSSL legacy providers not available on Windows).
        • Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]).
        • Fixed potentially undefined behavior in Windows ftok(3) emulation.
        • Fixed GH-9769 (Misleading error message for unpacking of objects).
    • Apache:
        • Fixed bug GH-9949 (Partial content on incomplete POST request).
    • FPM:
        • Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694).
        • Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING).
        • Fixed bug #80669 (FPM numeric user fails to set groups).
        • Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said).
    • Imap:
        • Fixed bug GH-10051 (IMAP: there's no way to check if a IMAP\Connection is still open).
    • MBString:
        • Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1).
    • Opcache:
        • Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
    • OpenSSL:
        • Fixed bug GH-9997 (OpenSSL engine clean up segfault).
        • Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec).
        • Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa).
    • Pcntl:
        • Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
    • PDO_Firebird:
        • Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
    • PDO/SQLite:
        • Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
    • Session:
        • Fixed GH-9932 (session name silently fails with . and [).
    • SPL:
        • Fixed GH-9883 (SplFileObject::__toString() reads next line).
        • Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered).
    • SQLite3:
        • Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI).
    • TSRM:
        • Fixed Windows shmget() wrt. IPC_PRIVATE.

Version 8.1.14 Community Fixes

    • Core:
        • Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
        • Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file).
        • Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]).
        • Fixed potentially undefined behavior in Windows ftok(3) emulation.
    • Date:
        • Fixed bug GH-9699 (DateTimeImmutable::diff differences in 8.1.10 onwards - timezone related).
        • Fixed bug GH-9700 (DateTime::createFromFormat: Parsing TZID string is too greedy).
        • Fixed bug GH-9866 (Time zone bug with \DateTimeInterface::diff()).
        • Fixed bug GH-9880 (DateTime diff returns wrong sign on day count when using a timezone).
    • FPM:
        • Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694).
        • Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING).
        • Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said).
    • MBString:
        • Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1).
    • Opcache:
        • Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
    • OpenSSL:
        • Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec).
        • Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa).
    • Pcntl:
        • Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
    • PDO_Firebird:
        • Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
    • PDO/SQLite:
        • Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
    • Session:
        • Fixed GH-9932 (session name silently fails with . and [).
    • SPL:
        • Fixed GH-9883 (SplFileObject::__toString() reads next line).
        • Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered).
    • SQLite3:
        • Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI).

Version 8.0.27 Community Fixes

    • PDO/SQLite:
        • Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)