ZendPHP January 2026 Releases

Community Changes

PHP Version PHP ZendPHP 8.5.2 Changes

  • Core

    • Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature with dynamic class const lookup default argument). (ilutov)
    • Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()). (ndossche)
    • Fixed bug GH-20714 (Uncatchable exception thrown in generator). (ilutov)
    • Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant ob_start() during error deactivation). (ndossche)
    • Fixed bug GH-20745 ("Casting out of range floats to int" applies to strings). (Bob)

  • DOM

    • Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning via clone on malformed objects). (ndossche)
    • Fixed bug GH-20444 (Dom\XMLDocument::C14N() seems broken compared to DOMDocument::C14N()). (ndossche)

  • EXIF

    • Fixed bug GH-20631 (Integer underflow in exif HEIF parsing when pos.size 2). (Oblivionsage)

  • Intl

    • Fix leak in umsg_format_helper(). (ndossche)

  • LDAP

    • Fix memory leak in ldap_set_options(). (ndossche)

  • Lexbor

    • Fixed bug GH-20668 (\Uri\WhatWg\Url::withHost() crashes (SEGV) for URLs using the file: scheme). (lexborisov)

  • Mbstring

    • Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator). (Yuya Hamada)

  • OpenSSL

    • Fixed bug GH-20802 (undefined behavior with invalid SNI_server_certs options). (David Carlier)

  • PCNTL

    • Fixed bug with pcntl_getcpuaffinity() on solaris regarding invalid process ids handling. (David Carlier)

  • Phar

    • Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails). (ndossche)
    • Fix SplFileInfo::openFile() in write mode. (ndossche)
    • Fix build on legacy OpenSSL 1.1.0 systems. (Giovanni Giacobbi)
    • Fixed bug #74154 (Phar extractTo creates empty files). (ndossche)

  • Session

    • Fix support for MM module. (Michael Orlitzky)

  • Sqlite3

    • Fixed bug GH-20699 (SQLite3Result fetchArray return array|false, null returned). (ndossche, plusminmax)

  • Standard

    • Fix error check for proc_open() command. (ndossche)
    • Fix memory leak in mail() when header key is numeric. (Girgias)
    • Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed). (ndossche)

  • URI

    • Fixed bug GH-20771 (Assertion failure when getUnicodeHost() returns empty string). (ndossche)

  • Zlib

    • Fix OOB gzseek() causing assertion failure. (ndossche)

PHP Version PHP ZendPHP 8.4.17 Changes

  • Core

    • Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature with dynamic class const lookup default argument). (ilutov)
    • Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()). (ndossche)
    • Fixed bug GH-20714 (Uncatchable exception thrown in generator). (ilutov)
    • Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant ob_start() during error deactivation). (ndossche)

  • Bz2

    • Fixed bug GH-20620 (bzcompress overflow on large source size). (David Carlier)

  • DOM

    • Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning via clone on malformed objects). (ndossche)
    • Fixed bug GH-20444 (Dom\XMLDocument::C14N() seems broken compared to DOMDocument::C14N()). (ndossche)

  • GD

    • Fixed bug GH-20622 (imagestring/imagestringup overflow). (David Carlier)

  • Intl

    • Fix leak in umsg_format_helper(). (ndossche)

  • LDAP

    • Fix memory leak in ldap_set_options(). (ndossche)

  • Mbstring

    • Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator). (Yuya Hamada)

  • OpenSSL

    • Fixed bug GH-20802 (undefined behavior with invalid SNI_server_certs options). (David Carlier)

  • PCNTL

    • Fixed bug with pcntl_getcpuaffinity() on solaris regarding invalid process ids handling. (David Carlier)

  • Phar

    • Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails). (ndossche)
    • Fix SplFileInfo::openFile() in write mode. (ndossche)
    • Fix build on legacy OpenSSL 1.1.0 systems. (Giovanni Giacobbi)
    • Fixed bug #74154 (Phar extractTo creates empty files). (ndossche)

  • POSIX

    • Fixed crash on posix groups to php array creation on macos. (David Carlier)

  • SPL

    • Fixed bug GH-20678 (resource created by GlobIterator crashes with fclose()). (David Carlier)

  • Sqlite3

    • Fixed bug GH-20699 (SQLite3Result fetchArray return array|false, null returned). (ndossche, plusminmax)

  • Standard

    • Fix error check for proc_open() command. (ndossche)
    • Fix memory leak in mail() when header key is numeric. (Girgias)
    • Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed). (ndossche)

  • Zlib

    • Fix OOB gzseek() causing assertion failure. (ndossche)

PHP Version PHP ZendPHP 8.3.30 Changes

  • Core

    • Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature with dynamic class const lookup default argument). (ilutov)
    • Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()). (ndossche)
    • Fixed bug GH-20714 (Uncatchable exception thrown in generator). (ilutov)
    • Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant ob_start() during error deactivation). (ndossche)

  • Bz2

    • Fixed bug GH-20620 (bzcompress overflow on large source size). (David Carlier)

  • DOM

    • Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning via clone on malformed objects). (ndossche)

  • GD

    • Fixed bug GH-20622 (imagestring/imagestringup overflow). (David Carlier)

  • Intl

    • Fix leak in umsg_format_helper(). (ndossche)

  • LDAP

    • Fix memory leak in ldap_set_options(). (ndossche)

  • Mbstring

    • Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator). (Yuya Hamada)

  • Phar

    • Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails). (ndossche)
    • Fix SplFileInfo::openFile() in write mode. (ndossche)
    • Fix build on legacy OpenSSL 1.1.0 systems. (Giovanni Giacobbi)

  • POSIX

    • Fixed crash on posix groups to php array creation on macos. (David Carlier)

  • SPL

    • Fixed bug GH-20678 (resource created by GlobIterator crashes with fclose()). (David Carlier)

  • Sqlite3

    • Fixed bug GH-20699 (SQLite3Result fetchArray return array|false, null returned). (ndossche, plusminmax)

  • Standard

    • Fix error check for proc_open() command. (ndossche)
    • Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed). (ndossche)

  • Zlib

    • Fix OOB gzseek() causing assertion failure. (ndossche)

ZendHQ 1.7.5 Changes

  • Added copy or export to file option for Jobqueue Job history item