ZendPHP July 2025 Releases
Community Changes
PHP Version 8.4.10 Changes
-
BcMath
- Fixed bug GH-18641: Accessing a
BcMath\Number
property by ref crashes.
- Fixed bug GH-18641: Accessing a
-
Core
- Fixed bugs GH-17711 and GH-18022: Infinite recursion on deprecated attribute evaluation
- Fixed GH-18464: Recursion protection for deprecation constants not released on bailout.
- Fixed GH-18695:
zend_ast_export()
- float number is not preserved. - Fix handling of references in
zval_try_get_long()
. - Do not delete main chunk in
zend_gc
. - Fix compile issues with
zend_alloc
and some non-default options.
-
Curl
- Fix memory leak when setting a list via
curl_setopt
fails.
- Fix memory leak when setting a list via
-
Date
- Fix leaks with multiple calls to
DatePeriod
iteratorcurrent()
.
- Fix leaks with multiple calls to
-
DOM
- Fixed bug GH-18744:
classList
works not correctly if copyHTMLElement
by clone keyword.
- Fixed bug GH-18744:
-
FPM
- Fixed GH-18662:
fpm_get_status
segfault.
- Fixed GH-18662:
-
Hash:
- Fixed bug GH-14551: PGO build fails with
xxhash
.
- Fixed bug GH-14551: PGO build fails with
-
Intl
- Fix memory leak in
intl_datetime_decompose()
on failure. - Fix memory leak in locale lookup on failure.
- Fix memory leak in
-
ODBC
- Fix memory leak on
php_odbc_fetch_hash()
failure.
- Fix memory leak on
-
Opcache
- Fixed bug GH-18743: Incompatibility in Inline TLS Assembly on Alpine 3.22.
-
OpenSSL
- Fix memory leak of X509_STORE in
php_openssl_setup_verify()
on failure. - Fixed bug #74796: Requests through http proxy set peer name.
- Fix memory leak of X509_STORE in
-
PDO ODBC
- Fix memory leak if
WideCharToMultiByte()
fails.
- Fix memory leak if
-
PDO Sqlite
- Fixed memory leak with
Pdo_Sqlite::createCollation
when the callback has an incorrect return type.
- Fixed memory leak with
-
PGSQL
- Fix warning not being emitted when failure to cancel a query with
pg_cancel_query()
. - Fixed CVE-2025-1735: pgsql extension failed to check for errors during escaping.
- Fix warning not being emitted when failure to cancel a query with
-
Phar
- Add missing filter cleanups on phar failure.
- Fixed bug GH-18642: Signed integer overflow in ext/phar
fseek
.
-
PHPDBG
- Fix 'phpdbg --help' segfault on shutdown with
USE_ZEND_ALLOC=0
.
- Fix 'phpdbg --help' segfault on shutdown with
-
Random
- Fix reference type confusion and leak in user random engine.
-
Readline
- Fix memory leak when
calloc()
fails inphp_readline_completion_cb()
.
- Fix memory leak when
-
SimpleXML
- Fixed bug GH-18597: Heap-buffer-overflow in
zend_alloc.c
when assigning string with UTF-8 bytes.
- Fixed bug GH-18597: Heap-buffer-overflow in
-
SOAP
- Fix memory leaks in
php_http.c
whencall_user_function()
fails. - Fixed CVE-2025-6491: NULL pointer dereference in SOAP extension via large XML namespace prefix.
- Fix memory leaks in
-
Standard
- Fixed CVE-2025-1220: Null byte termination in hostnames.
-
Tidy
- Fix memory leak in tidy output handler on error.
- Fix
tidyOptIsReadonly
deprecation, usingtidyOptGetCategory
.
PHP Version 8.3.23 Changes
-
Core
- Fixed GH-18695:
zend_ast_export()
- float number is not preserved. - Do not delete main chunk in
zend_gc
. - Fix compile issues with
zend_alloc
and some non-default options.
- Fixed GH-18695:
-
Curl
- Fix memory leak when setting a list via
curl_setopt
fails.
- Fix memory leak when setting a list via
-
Date
- Fix leaks with multiple calls to
DatePeriod
iteratorcurrent()
.
- Fix leaks with multiple calls to
-
FPM
- Fixed GH-18662:
fpm_get_status
segfault.
- Fixed GH-18662:
-
Hash:
- Fixed bug GH-14551: PGO build fails with
xxhash
.
- Fixed bug GH-14551: PGO build fails with
-
Intl
- Fix memory leak in
intl_datetime_decompose()
on failure. - Fix memory leak in locale lookup on failure.
- Fix memory leak in
-
ODBC
- Fix memory leak on
php_odbc_fetch_hash()
failure.
- Fix memory leak on
-
Opcache
- Fixed bug GH-18743: Incompatibility in Inline TLS Assembly on Alpine 3.22.
-
OpenSSL
- Fix memory leak of X509_STORE in
php_openssl_setup_verify()
on failure. - Fixed bug #74796: Requests through http proxy set peer name.
- Fix memory leak of X509_STORE in
-
PDO ODBC
- Fix memory leak if
WideCharToMultiByte()
fails.
- Fix memory leak if
-
PGSQL
- Fix warning not being emitted when failure to cancel a query with
pg_cancel_query()
. - Fixed CVE-2025-1735: pgsql extension failed to check for errors during escaping.
- Fix warning not being emitted when failure to cancel a query with
-
Phar
- Add missing filter cleanups on phar failure.
- Fixed bug GH-18642: Signed integer overflow in ext/phar
fseek
.
-
PHPDBG
- Fix 'phpdbg --help' segfault on shutdown with
USE_ZEND_ALLOC=0
.
- Fix 'phpdbg --help' segfault on shutdown with
-
Random
- Fix reference type confusion and leak in user random engine.
-
Readline
- Fix memory leak when
calloc()
fails inphp_readline_completion_cb()
.
- Fix memory leak when
-
SOAP
- Fix memory leaks in
php_http.c
whencall_user_function()
fails. - Fixed CVE-2025-6491: NULL pointer dereference in SOAP extension via large XML namespace prefix.
- Fix memory leaks in
-
Standard
- Fixed CVE-2025-1220: Null byte termination in hostnames.
-
Tidy
- Fix memory leak in tidy output handler on error.
- Fix
tidyOptIsReadonly
deprecation, usingtidyOptGetCategory
.
Backported CVE Fixes for ZendPHP 8.2.29, 8.1.33, 8.0.30.7, 7.4.33.11, 7.3.33.17, and 7.2.34.25
-
PGSQL
- Fixed CVE-2025-1735: pgsql extension failed to check for errors during escaping.
-
SOAP
- Fixed CVE-2025-6491: NULL pointer dereference in SOAP extension via large XML namespace prefix.
-
Standard
- Fixed CVE-2025-1220: Null byte termination in hostnames.