• Zend Server 2019.1.0

    Changes

    • Default customer web server port on IBM i Apache instance changed from 10080 to 10280 (ZEND-2258)
    • Updated PHP versions to 7.1.33.14, 7.2.34.9, 7.3.33.1
      • PHP CVE fixes after 2019.0.7: CVE-2021-21703, CVE-2021-21704, CVE-2021-21705, CVE-2021-21706, CVE-2021-21707
      • Backported functionality improvement for PHP 7.1: TLSv1.2 functionality for MySql
    • GeoIP library dynamic linking (required due to licensing type)

    Fixes

    • Fix: Removed PHPRC env variable in IBMi fastcgi.conf, now proper php.ini file is being used for active php version (ZEND-1348, ZEND-1486, ZEND-1773, ZEND-2002, ZEND-1773))
    • Fix: Filled Installation_UID placeholder in IBMi fastcgi.conf (ZEND-1182)
    • Fix: ZendMonitor segfault (ZEND-1488)
    • Fix: Buffer overflow fix (ZEND-2046)
    • Fix: HTTPS GUI access on linux, lighttpd is updated to v1.4.64
    • Fix: Broken jqd.ini file caused "Unable to connect to Job Queue server" (ZEND-797, ZEND-1007)
    • Fix: jobqueueAddJob output in JSON format (ZEND-2127)

    Updated extensions

    • xdebug 2.9.8 in all versions (ZEND-1485)
    • ssh2 extension v.1.3.1, libssh2 version to 1.9.0 (ZEND-2071)
    • ibm_db2 2.1.5
    • imagick 3.5.0 (Windows receives 3.7.0)
    • mongodb 1.11.1
    • pdo_ibm 1.4.2
    • redis 5.3.5
    • sqlsrv extension versions 5.9.0 (PHP 7.3), 5.8.1 (PHP 7.2), 5.6.1 (PHP 7.1); Windows installer sets up MS ODBC driver v 17.9
    • IBM i PHP Toolkit 1.9.1 (ZEND-1367)
    • ZendServerSDK to version 1.2.0 (ZEND-1224)
    • Backport Olson timezonedb from latest PHP to LTS PHP versions (ZEND-2287)
    • Apache v2.4.53 in Windows package
    • Oracle Instant Client updated to version 18.5.0.0.0 for all PHP versions on Windows (ZEND-1801)
    • MySql installer for Windows version 5.7.37, MySql server version 5.7.36 (ZEND-2389)

    Added

    • sqlsrv / pdo_sqlsrv extensions for Linux distributions (ZEND-1177)
    • Compile GD extension with WebP support - Linux, IBM i (ZEND-2168)

    Known issues

    • When changing configuration parameter via GUI, sometimes the order of parameters list is shuffled after saving.(ZEND-2190)
    • JobQueue email notifications not working reliably (ZEND-265)
    • GUI Time Not Synced With PHP & Services (ZEND-1206)
    • The export of monitor rules doesn't contain all necessary data (ZEND-2106)
    • ppc64 linux not supported, planned for 2019.2.0

  • Zend Server 9.1.13

    PHP version 7.1.33.13.

    Changes

    • Adds TLS v1.2 support for mysqlnd.

    Backported CVE fixes

    • Fix #79971: special character is breaking the path in xml function CVE-2021-2170729
    • Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation) CVE-2021-2170305
    • Fix #81420: ZipArchive::extractTo extracts outside of destination CVE-2021-2170602
    • Fix #81211: Symlinks are followed when creating PHAR archive
    • Fix #76448: Stack buffer overflow in firebird_info_cb CVE-2021-21704
    • Fix #76449: SIGSEGV in firebird_handle_doer
    • Fix #76450: SIGSEGV in firebird_stmt_execute
    • Fix #76452: Crash while parsing blob data in firebird_fetch_blob
    • Fix #81122: SSRF bypass in FILTER_VALIDATE_URL CVE-2021-2170503
    • Fix #80710: imap_mail_compose() header injection

  • ZendPHP August 2025 Releases

    ZendPHP Distribution Changes

    • Debian and Ubuntu packages now depend on the zendphp-utils package, adding zend-sessionclean, and the zendphpenmod/zendphpdismod tools. Those are forked tools from the Debian php-common packages to provide the same functionality for ZendPHP.

    Community Changes

    PHP Version 8.4.11 Changes

    • Calendar

      • Fixed jewishtojd overflow on year argument.

    • Core

      • Fixed bug GH-18833: Use after free with weakmaps dependent on destruction order.
      • Fixed bug GH-18907: Leak when creating cycle in hook.
      • Fix OSS-Fuzz #427814456.
      • Fix OSS-Fuzz #428983568 and #428760800.

    • Curl

      • Fix memory leaks when returning refcounted value from curl callback.
      • Remove incorrect string release.

    • DOM

      • Fixed bug GH-18979: Dom\XMLDocument::createComment() triggers undefined behavior with null byte.

    • LDAP

      • Fixed GH-18902 ldap_exop/ldap_exop_sync assert triggered on empty request OID.

    • MbString

      • Fixed bug GH-18901: integer overflow mb_split().

    • Opcache

      • Fixed bug GH-18639: Internal class aliases can break preloading + JIT.
      • Fixed bug GH-18899: JIT function crash when emitting undefined variable warning and opline is not set yet.
      • Fixed bug GH-14082: Segmentation fault on unknown address 0x600000000018 in ext/opcache/jit/zend_jit.c.
      • Fixed bug GH-18898: SEGV zend_jit_op_array_hot with property hooks and preloading.

    • OpenSSL

      • Fixed bug #80770: It is not possible to get client peer certificate with stream_socket_server().

    • PCNTL

      • Fixed bug GH-18958: Fatal error during shutdown after pcntl_rfork() or pcntl_forkx() with zend-max-execution-timers.

    • Phar

      • Fix stream double free in phar.
      • Fix phar crash and file corruption with SplFileObject.

    • SOAP

      • Fixed bug GH-18990, bug #81029, bug #47314: SOAP HTTP socket not closing on object destruction.
      • Fix memory leak when URL parsing fails in redirect.

    • SPL

      • Fixed bug GH-19094: Attaching class with no Iterator implementation to MultipleIterator causes crash.

    • Standard

      • Fix misleading errors in printf().
      • Fix RCN violations in array functions.
      • Fixed GH-18976: pack() overflow with h/H format and INT_MAX repeater value.

    • Streams

      • Fixed GH-13264: fgets() and stream_get_line() do not return false on filter fatal error.

    • Zip

      • Fix leak when path is too long in ZipArchive::extractTo().

    PHP Version 8.3.24 Changes

    • Calendar

      • Fixed jewishtojd overflow on year argument.

    • Core

      • Fixed bug GH-18833: Use after free with weakmaps dependent on destruction order.
      • Fix OSS-Fuzz #427814456.
      • Fix OSS-Fuzz #428983568 and #428760800.
      • Fixed bug GH-17204: -Wuseless-escape warnings emitted by re2c.

    • Curl

      • Fix memory leaks when returning refcounted value from curl callback.
      • Remove incorrect string release.

    • Intl

      • Fix memleak on failure in collator_get_sort_key().

    • LDAP

      • Fixed GH-18902 ldap_exop/ldap_exop_sync assert triggered on empty request OID.

    • MbString

      • Fixed bug GH-18901: integer overflow mb_split().

    • OCI8

      • Fixed bug GH-18873: OCI_RETURN_LOBS flag causes oci8 to leak memory.

    • Opcache

      • Fixed bug GH-18639: Internal class aliases can break preloading + JIT.
      • Fixed bug GH-14082: Segmentation fault on unknown address 0x600000000018 in ext/opcache/jit/zend_jit.c.

    • OpenSSL

      • Fixed bug #80770: It is not possible to get client peer certificate with stream_socket_server().

    • PCNTL

      • Fixed bug GH-18958: Fatal error during shutdown after pcntl_rfork() or pcntl_forkx() with zend-max-execution-timers.

    • Phar

      • Fix stream double free in phar.
      • Fix phar crash and file corruption with SplFileObject.

    • SOAP

      • Fixed bug GH-18990, bug #81029, bug #47314: SOAP HTTP socket not closing on object destruction.
      • Fix memory leak when URL parsing fails in redirect.

    • SPL

      • Fixed bug GH-19094: Attaching class with no Iterator implementation to MultipleIterator causes crash.

    • Standard

      • Fix misleading errors in printf().
      • Fix RCN violations in array functions.
      • Fixed GH-18976: pack() overflow with h/H format and INT_MAX repeater value.

    • Streams

      • Fixed GH-13264: fgets() and stream_get_line() do not return false on filter fatal error.

    • Zip

      • Fix leak when path is too long in ZipArchive::extractTo().

  • ZendPHP July 2025 Releases

    Community Changes

    PHP Version 8.4.10 Changes

    • BcMath

      • Fixed bug GH-18641: Accessing a BcMath\Number property by ref crashes.

    • Core

      • Fixed bugs GH-17711 and GH-18022: Infinite recursion on deprecated attribute evaluation
      • Fixed GH-18464: Recursion protection for deprecation constants not released on bailout.
      • Fixed GH-18695: zend_ast_export() - float number is not preserved.
      • Fix handling of references in zval_try_get_long().
      • Do not delete main chunk in zend_gc.
      • Fix compile issues with zend_alloc and some non-default options.

    • Curl

      • Fix memory leak when setting a list via curl_setopt fails.

    • Date

      • Fix leaks with multiple calls to DatePeriod iterator current().

    • DOM

      • Fixed bug GH-18744: classList works not correctly if copy HTMLElement by clone keyword.

    • FPM

      • Fixed GH-18662: fpm_get_status segfault.

    • Hash:

      • Fixed bug GH-14551: PGO build fails with xxhash.

    • Intl

      • Fix memory leak in intl_datetime_decompose() on failure.
      • Fix memory leak in locale lookup on failure.

    • ODBC

      • Fix memory leak on php_odbc_fetch_hash() failure.

    • Opcache

      • Fixed bug GH-18743: Incompatibility in Inline TLS Assembly on Alpine 3.22.

    • OpenSSL

      • Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure.
      • Fixed bug #74796: Requests through http proxy set peer name.

    • PDO ODBC

      • Fix memory leak if WideCharToMultiByte() fails.

    • PDO Sqlite

      • Fixed memory leak with Pdo_Sqlite::createCollation when the callback has an incorrect return type.

    • PGSQL

      • Fix warning not being emitted when failure to cancel a query with pg_cancel_query().
      • Fixed CVE-2025-1735: pgsql extension failed to check for errors during escaping.

    • Phar

      • Add missing filter cleanups on phar failure.
      • Fixed bug GH-18642: Signed integer overflow in ext/phar fseek.

    • PHPDBG

      • Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0.

    • Random

      • Fix reference type confusion and leak in user random engine.

    • Readline

      • Fix memory leak when calloc() fails in php_readline_completion_cb().

    • SimpleXML

      • Fixed bug GH-18597: Heap-buffer-overflow in zend_alloc.c when assigning string with UTF-8 bytes.

    • SOAP

      • Fix memory leaks in php_http.c when call_user_function() fails.
      • Fixed CVE-2025-6491: NULL pointer dereference in SOAP extension via large XML namespace prefix.

    • Standard

      • Fixed CVE-2025-1220: Null byte termination in hostnames.

    • Tidy

      • Fix memory leak in tidy output handler on error.
      • Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory.

    PHP Version 8.3.23 Changes

    • Core

      • Fixed GH-18695: zend_ast_export() - float number is not preserved.
      • Do not delete main chunk in zend_gc.
      • Fix compile issues with zend_alloc and some non-default options.

    • Curl

      • Fix memory leak when setting a list via curl_setopt fails.

    • Date

      • Fix leaks with multiple calls to DatePeriod iterator current().

    • FPM

      • Fixed GH-18662: fpm_get_status segfault.

    • Hash:

      • Fixed bug GH-14551: PGO build fails with xxhash.

    • Intl

      • Fix memory leak in intl_datetime_decompose() on failure.
      • Fix memory leak in locale lookup on failure.

    • ODBC

      • Fix memory leak on php_odbc_fetch_hash() failure.

    • Opcache

      • Fixed bug GH-18743: Incompatibility in Inline TLS Assembly on Alpine 3.22.

    • OpenSSL

      • Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure.
      • Fixed bug #74796: Requests through http proxy set peer name.

    • PDO ODBC

      • Fix memory leak if WideCharToMultiByte() fails.

    • PGSQL

      • Fix warning not being emitted when failure to cancel a query with pg_cancel_query().
      • Fixed CVE-2025-1735: pgsql extension failed to check for errors during escaping.

    • Phar

      • Add missing filter cleanups on phar failure.
      • Fixed bug GH-18642: Signed integer overflow in ext/phar fseek.

    • PHPDBG

      • Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0.

    • Random

      • Fix reference type confusion and leak in user random engine.

    • Readline

      • Fix memory leak when calloc() fails in php_readline_completion_cb().

    • SOAP

      • Fix memory leaks in php_http.c when call_user_function() fails.
      • Fixed CVE-2025-6491: NULL pointer dereference in SOAP extension via large XML namespace prefix.

    • Standard

      • Fixed CVE-2025-1220: Null byte termination in hostnames.

    • Tidy

      • Fix memory leak in tidy output handler on error.
      • Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory.

    Backported CVE Fixes for ZendPHP 8.2.29, 8.1.33, 8.0.30.7, 7.4.33.11, 7.3.33.17, and 7.2.34.25

    • PGSQL

      • Fixed CVE-2025-1735: pgsql extension failed to check for errors during escaping.

    • SOAP

      • Fixed CVE-2025-6491: NULL pointer dereference in SOAP extension via large XML namespace prefix.

    • Standard

      • Fixed CVE-2025-1220: Null byte termination in hostnames.

  • ZendPHP June 2025 Releases

    Community Changes

    PHP Version 8.4.8 Changes

    • Core

      • Fixed GH-18480: array_splice with large values for offset/length arguments.
      • Partially fixed GH-18572: nested object comparisons leading to stack overflow.
      • Fixed OSS-Fuzz #417078295.
      • Fixed OSS-Fuzz #418106144.

    • Curl

      • Fixed GH-18460: curl_easy_setopt with CURLOPT_USERPWD/CURLOPT_USERNAME/ CURLOPT_PASSWORD set the Authorization header when set to NULL.

    • Date

      • Fixed bug GH-18076: Since PHP 8, the date_sun_info() function returns inaccurate sunrise and sunset times, but other calculated times are correct
      • Fixed bug GH-18481: date_sunrise with unexpected nan value for the offset.

    • DOM

      • Backport lexbor/lexbor#274.

    • Intl

      • Fix various reference issues.

    • LDAP

      • Fixed bug GH-18529: LDAP no longer respects TLS_CACERT from ldaprc in ldap_start_tls().

    • Opcache

      • Fixed bug GH-18417: Windows SHM reattachment fails when increasing memory_consumption or jit_buffer_size.
      • Fixed bug GH-18297: Exception not handled when jit guard is triggered.
      • Fixed bug GH-18408: Snapshotted poly_func / poly_this may be spilled.
      • Fixed bug GH-18567: Preloading with internal class alias triggers assertion failure.
      • Fixed bug GH-18534: FPM exit code 70 with enabled opcache and hooked properties in traits.
      • Fix leak of accel_globals->key.

    • OpenSSL

      • Fix missing checks against php_set_blocking() in xp_ssl.c.

    • SPL

      • Fixed bug GH-18421: Integer overflow with large numbers in LimitIterator.

    • Standard

      • Fixed bug GH-17403: Potential deadlock when putenv fails.
      • Fixed bug GH-18400: http_build_query type error is inaccurate.
      • Fixed bug GH-18509: Dynamic calls to assert() ignore zend.assertions.

    • Windows

      • Fix leak+crash with sapi_windows_set_ctrl_handler().

    • Zip

      • Fixed bug GH-18431: Registering ZIP progress callback twice doesn't work.
      • Fixed bug GH-18438: Handling of empty data and errors in ZipArchive::addPattern.

    PHP Version 8.3.22 Changes

    • Core

      • Fixed GH-18480: array_splice with large values for offset/length arguments.
      • Partially fixed GH-18572: nested object comparisons leading to stack overflow.
      • Fixed OSS-Fuzz #417078295.
      • Fixed OSS-Fuzz #418106144.

    • Curl

      • Fixed GH-18460: curl_easy_setopt with CURLOPT_USERPWD/CURLOPT_USERNAME/ CURLOPT_PASSWORD set the Authorization header when set to NULL.

    • Date

      • Fixed bug GH-18076: Since PHP 8, the date_sun_info() function returns inaccurate sunrise and sunset times, but other calculated times are correct
      • Fixed bug GH-18481: date_sunrise with unexpected nan value for the offset.

    • Intl

      • Fix various reference issues.

    • LDAP

      • Fixed bug GH-18529: LDAP no longer respects TLS_CACERT from ldaprc in ldap_start_tls().

    • Opcache

      • Fixed bug GH-18417: Windows SHM reattachment fails when increasing memory_consumption or jit_buffer_size.
      • Fixed bug GH-18567: Preloading with internal class alias triggers assertion failure.
      • Fix leak of accel_globals->key.

    • OpenSSL

      • Fix missing checks against php_set_blocking() in xp_ssl.c.

    • PDO_OCI

      • Fixed bug GH-18494: PDO OCI segfault in statement GC.

    • Sockets

      • Fixed bug GH-18617: socket_import_file_descriptor return value unchecked.

    • SPL

      • Fixed bug GH-18421: Integer overflow with large numbers in LimitIterator.

    • Standard

      • Fixed bug GH-17403: Potential deadlock when putenv fails.
      • Fixed bug GH-18509: Dynamic calls to assert() ignore zend.assertions.

    • Windows

      • Fix leak+crash with sapi_windows_set_ctrl_handler().

    • Zip

      • Fixed bug GH-18431: Registering ZIP progress callback twice doesn't work.
      • Fixed bug GH-18438: Handling of empty data and errors in ZipArchive::addPattern.

  • ZendPHP May 2025 Releases

    Community Changes

    PHP Version 8.4.7 Changes

    • Core

      • Fixed bug GH-18038: Lazy proxy calls magic methods twice.
      • Fixed bug GH-18209: Use-after-free in extract() with EXTR_REFS.
      • Fixed bug GH-18268: Segfault in array_walk() on object with added property hooks.
      • Fixed bug GH-18304: Changing the properties of a DateInterval through dynamic properties triggers a SegFault.
      • Fix some leaks in php_scandir.

    • DBA

      • Fixed bug GH-18247: dba_popen() memory leak on invalid path.

    • Filter

      • Fixed bug GH-18309: ipv6 filter integer overflow.

    • GD

      • Fixed imagecrop() overflow with rect argument with x/width y/height usage in gdImageCrop().
      • Fixed GH-18243: imagettftext() overflow/underflow on font size value.

    • Intl

      • Fix reference support for intltz_get_offset().

    • LDAP

      • Fixed bug GH-17776: LDAP_OPT_X_TLS_* options can't be overridden.
      • Fix NULL deref on high modification key.

    • libxml

      • Fixed custom external entity loader returning an invalid resource leading to a confusing TypeError message.
      • Fixed bug GH-18289: Fix segfault in JIT.
      • Fixed bug GH-18136: tracing JIT floating point register clobbering on Windows and ARM64.

    • OpenSSL

      • Fix memory leak in openssl_sign() when passing invalid algorithm.
      • Fix potential leaks when writing to BIO fails.

    • PDO Firebird

      • Fixed bug GH-18276: persistent connection - "zend_mm_heap corrupted" with setAttribute()
      • Fixed bug GH-17383: PDOException has wrong code and message since PHP 8.4

    • PDO Sqlite

      • Fix memory leak on error return of collation callback.

    • PgSql

      • Fix uouv in pg_put_copy_end().

    • SPL

      • Fixed bug GH-18322: SplObjectStorage debug handler mismanages memory.

    • Standard

      • Fixed bug GH-18145: php8ts crashes in php_clear_stat_cache().
      • Fix resource leak in iptcembed() on error.

    • Tests

      • Address deprecated PHP 8.4 session options to prevent test failures.

    • Zip

      • Fix uouv when handling empty options in ZipArchive::addGlob().
      • Fix memory leak when handling a too long path in ZipArchive::addGlob().

    PHP Version 8.3.21 Changes

    • Core

      • Fixed bug GH-18304: Changing the properties of a DateInterval through dynamic properties triggers a SegFault.
      • Fix some leaks in php_scandir.

    • Filter

      • Fixed bug GH-18309: ipv6 filter integer overflow.

    • GD

      • Fixed imagecrop() overflow with rect argument with x/width y/height usage in gdImageCrop().
      • Fixed GH-18243: imagettftext() overflow/underflow on font size value.

    • Intl

      • Fix reference support for intltz_get_offset().

    • LDAP

      • Fixed bug GH-17776: LDAP_OPT_X_TLS_* options can't be overridden.
      • Fix NULL deref on high modification key.

    • libxml

      • Fixed custom external entity loader returning an invalid resource leading to a confusing TypeError message.

    • OpenSSL

      • Fix memory leak in openssl_sign() when passing invalid algorithm.
      • Fix potential leaks when writing to BIO fails.

    • PDO Firebird

      • Fixed bug GH-18276: persistent connection - "zend_mm_heap corrupted" with setAttribute()

    • SPL

      • Fixed bug GH-18322: SplObjectStorage debug handler mismanages memory.

    • Standard

      • Fixed bug GH-18145: php8ts crashes in php_clear_stat_cache().
      • Fixed bug GH-18209: Use-after-free in extract() with EXTR_REFS.
      • Fixed bug GH-18212: fseek with SEEK_CUR whence value and negative offset leads to negative stream position.
      • Fix resource leak in iptcembed() on error.

    • Zip

      • Fix uouv when handling empty options in ZipArchive::addGlob().
      • Fix memory leak when handling a too long path in ZipArchive::addGlob().

  • ZendPHP April 2025 Releases

    Community changes

    PHP version 8.4.6 changes

    • BCMath

      • Fixed pointer subtraction for scale.

    • Core

      • Fixed property hook backing value access in multi-level inheritance.
      • Fixed accidentally inherited default value in overridden virtual properties.
      • Fixed bug GH-17376: Broken JIT polymorphism for property hooks added to child class.
      • Fixed bug GH-17913: ReflectionFunction::isDeprecated() returns incorrect results for closures created from magic __call().
      • Fixed bug GH-17941: Stack-use-after-return with lazy objects and hooks.
      • Fixed bug GH-17988: Incorrect handling of hooked props without get hook in get_object_vars().
      • Fixed bug GH-17998: Skipped lazy object initialization on primed SIMPLE_WRITE cache.
      • Fixed bug GH-17998: Assignment to backing value in set hook of lazy proxy calls hook again.
      • Fixed bug GH-17961: use-after-free during dl()'ed module class destruction.
      • Fixed bug GH-15367: dl() of module with aliased class crashes in shutdown.
      • Fixed OSS-Fuzz #403308724.
      • Fixed bug GH-13193 again: Significant performance degradation in foreach.

    • DBA

      • Fixed assertion violation when opening the same file with dba_open multiple times.

    • DOM

      • Fixed bug GH-17991: Assertion failure dom_attr_value_write.
      • Fix weird unpack behaviour in DOM.
      • Fixed bug GH-18090: DOM: SVG attributes and tag names are being lowercased.
      • Fix xinclude destruction of live attributes.

    • Fuzzer

      • Fixed bug GH-18081: Memory leaks in error paths of fuzzer SAPI.

    • GD

      • Fixed bug GH-17984: calls with arguments as array with references.

    • LDAP

      • Fixed bug GH-18015: Error messages for ldap_mod_replace are confusing.

    • Mbstring

      • Fixed bug GH-17989: mb_output_handler crash with unset http_output_conv_mimetypes.

    • Opcache

      • Fixed bug GH-15834: Segfault with hook "simple get" cache slot and minimal JIT.
      • Fixed bug GH-17966: Symfony JIT 1205 assertion failure.
      • Fixed bug GH-18037: SEGV Zend/zend_execute.c.
      • Fixed bug GH-18050: IN_ARRAY optimization in DFA pass is broken.
      • Fixed bug GH-18113: stack-buffer-overflow ext/opcache/jit/ir/ir_sccp.c.
      • Fixed bug GH-18112: NULL access with preloading and INI option.
      • Fixed bug GH-18107: Opcache CFG jmp optimization with try-finally breaks the exception table.

    • PDO

      • Fix memory leak when destroying PDORow.

    • PGSQL

      • Fixed bug GH-18148: pg_copy_from() regression with explicit \n terminator due to wrong offset check.

    • Standard

      • Fix memory leaks in array_any() / array_all().

    • SOAP

      • Fixed bug #66049: Typemap can break parsing in parse_packet_soap leading to a segfault.

    • SPL

      • Fixed bug GH-18018: RC1 data returned from offsetGet causes UAF in ArrayObject.

    • Treewide

      • Fixed bug GH-17736: Assertion failure zend_reference_destroy().

    • Windows

      • Fixed bug GH-17836: zend_vm_gen.php shouldn't break on Windows line endings.

    PHP version 8.3.20 changes

    • Core

      • Fixed bug GH-17961: use-after-free during dl()'ed module class destruction.
      • Fixed bug GH-15367: dl() of module with aliased class crashes in shutdown.
      • Fixed bug GH-13193 again: Significant performance degradation in foreach.

    • DOM

      • Fix weird unpack behaviour in DOM.
      • Fix xinclude destruction of live attributes.

    • Embed

      • Fixed bug GH-8533: Unable to link dynamic libphp on Mac.

    • Fuzzer

      • Fixed bug GH-18081: Memory leaks in error paths of fuzzer SAPI.

    • GD

      • Fixed bug GH-17984: calls with arguments as array with references.

    • Intl

      • Fix locale_compose and locale_lookup to work with their array argument with values as references.
      • Fix dateformat_format when the time is an array of references.
      • Fix UConverter::transcode with substitutes as references.

    • Mbstring

      • Fixed bug GH-17989: mb_output_handler crash with unset http_output_conv_mimetypes.

    • Opcache

      • Fixed bug GH-18112: NULL access with preloading and INI option.
      • Fixed bug GH-18107: Opcache CFG jmp optimization with try-finally breaks the exception table.

    • PDO

      • Fix memory leak when destroying PDORow.

    • SOAP

      • Fixed bug #66049: Typemap can break parsing in parse_packet_soap leading to a segfault.

    • SPL

      • Fixed bug GH-18018: RC1 data returned from offsetGet causes UAF in ArrayObject.

    • Treewide

      • Fixed bug GH-17736: Assertion failure zend_reference_destroy().

    • Windows

      • Fixed bug GH-17836: zend_vm_gen.php shouldn't break on Windows line endings.

  • ZendPHP March 2025 LTS Releases

    Backported CVE Fixes for ZendPHP 8.0.30.6, 7.4.33.10, 7.3.33.16, and 7.2.34.24

    • LibXML

      • Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714).
      • Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong content-type header when requesting a redirected resource). (CVE-2025-1219)

    • Streams

      • Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736)
      • Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861)
      • Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734)
      • Fixed GHSA-v8xr-gpvj-cx9g (Header parser of http stream wrapper does not handle folded headers). (CVE-2025-1217)

  • ZendPHP March 2025 Releases

    Community CVE Fixes

    PHP version 8.4.5, 8.3.19 CVE fixes

    • Core

      • Fixed GHSA-rwp7-7vc6-8477: Reference counting in php_request_shutdown causes Use-After-Free. (CVE-2024-11235)

    • LibXML

      • Fixed GHSA-p3x9-6h7p-cgfc: libxml streams use wrong content-type header when requesting a redirected resource. (CVE-2025-1219)

    • Streams

      • Fixed GHSA-hgf54-96fm-v528: Stream HTTP wrapper header check might omit basic auth header. (CVE-2025-1736)
      • Fixed GHSA-52jp-hrpf-2jff: Stream HTTP wrapper truncate redirect location to 1024 bytes. (CVE-2025-1861)
      • Fixed GHSA-pcmh-g36c-qc44: Streams HTTP wrapper does not fail for headers without colon. (CVE-2025-1734)
      • Fixed GHSA-v8xr-gpvj-cx9g: Header parser of http stream wrapper does not handle folded headers. (CVE-2025-1217)

    PHP version 8.2.28, 8.1.32 CVE fixes

    • LibXML

      • Fixed GHSA-p3x9-6h7p-cgfc: libxml streams use wrong content-type header when requesting a redirected resource. (CVE-2025-1219)

    • Streams

      • Fixed GHSA-hgf54-96fm-v528: Stream HTTP wrapper header check might omit basic auth header. (CVE-2025-1736)
      • Fixed GHSA-52jp-hrpf-2jff: Stream HTTP wrapper truncate redirect location to 1024 bytes. (CVE-2025-1861)
      • Fixed GHSA-pcmh-g36c-qc44: Streams HTTP wrapper does not fail for headers without colon. (CVE-2025-1734)
      • Fixed GHSA-v8xr-gpvj-cx9g: Header parser of http stream wrapper does not handle folded headers. (CVE-2025-1217)

    Community Changes

    PHP version 8.4.5 changes

    • BCMath

      • Fixed bug GH-17398: bcmul memory leak.

    • Core

      • Fixed bug GH-17623: Broken stack overflow detection for variable compilation.
      • Fixed bug GH-17618: UnhandledMatchError does not take zend.exception_ignore_args=1 into account.
      • Fix fallback paths in fast_long_{add,sub}_function.
      • Fixed bug OSS-Fuzz #391975641: Crash when accessing property backing value by reference.
      • Fixed bug GH-17718: Calling static methods on an interface that has __callStatic is allowed.
      • Fixed bug GH-17713: ReflectionProperty::getRawValue() and related methods may call hooks of overridden properties.
      • Fixed bug GH-17916: Final abstract properties should error.
      • Fixed bug GH-17866: zend_mm_heap corrupted error after upgrading from 8.4.3 to 8.4.4.

    • DOM

      • Fixed bug GH-17609: Typo in error message: Dom\NO_DEFAULT_NS instead of Dom\HTML_NO_DEFAULT_NS.
      • Fixed bug GH-17802: \Dom\HTMLDocument querySelector attribute name is case sensitive in HTML.
      • Fixed bug GH-17847: xinclude destroys live node.
      • Fix using Dom\Node with Dom\XPath callbacks.

    • GD

      • Fixed bug GH-17703: imagescale with both width and height negative values triggers only an Exception on width.

    • FFI

      • Fix FFI Parsing of Pointer Declaration Lists.

    • FPM

      • Fixed bug GH-17643: FPM with httpd ProxyPass encoded PATH_INFO env.

    • GD

      • Fixed bug GH-17772: imagepalettetotruecolor crash with memory_limit=2M.

    • LDAP

      • Fixed bug GH-17704: ldap_search fails when $attributes contains a non-packed array with numerical keys.

    • LibXML

      • Fixed GHSA-wg4p-4hqh-c3g9: Reoccurrence of #72714.

    • MBString

      • Fixed bug GH-17503: Undefined float conversion in mb_convert_variables.

    • Opcache

      • Fixed bug GH-17654: Multiple classes using same trait causes function JIT crash.
      • Fixed bug GH-17577: JIT packed type guard crash.
      • Fixed bug GH-17747: Exception on reading property in register-based FETCH_OBJ_R breaks JIT.
      • Fixed bug GH-17715: Null pointer deref in observer API when calling cases() method on preloaded enum.
      • Fixed bug GH-17868: Cannot allocate memory with tracing JIT on 8.4.4.

    • PDO_SQLite

      • Fixed GH-17837: ()::getColumnMeta() on unexecuted statement segfaults.
      • Fix cycle leak in sqlite3 setAuthorizer().
      • Fix memory leaks in pdo_sqlite callback registration.

    • Phar

      • Fixed bug GH-17808: PharFileInfo refcount bug.

    • PHPDBG

      • Partially fixed bug GH-17387: Trivial crash in phpdbg lexer.
      • Fix memory leak in phpdbg calling registered function.

    • Reflection

      • Fixed bug GH-15902: Core dumped in ext/reflection/php_reflection.c.
      • Fixed missing final and abstract flags when dumping properties.

    • Standard

      • Fixed bug #72666: stat cache clearing inconsistent between file:// paths and plain paths.

    • Streams

      • Fixed bug GH-17650: realloc with size 0 in user_filters.c.
      • Fix memory leak on overflow in _php_stream_scandir().

    • Windows

      • Fixed phpize for Windows 11 (24H2).
      • Fixed GH-17855: CURL_STATICLIB flag set even if linked with shared lib.

    • Zlib

      • Fixed bug GH-17745: zlib extension incorrectly handles object arguments.
      • Fix memory leak when encoding check fails.
      • Fix zlib support for large files.

    PHP version 8.3.19 changes

    • BCMath

      • Fixed bug GH-17398: bcmul memory leak.

    • Core

      • Fixed bug GH-17623: Broken stack overflow detection for variable compilation.
      • Fixed bug GH-17618: UnhandledMatchError does not take zend.exception_ignore_args=1 into account.
      • Fix fallback paths in fast_long_{add,sub}_function.
      • Fixed bug GH-17718: Calling static methods on an interface that has __callStatic is allowed.
      • Fixed bug GH-17797: zend_test_compile_string crash on invalid script path.

    • DOM

      • Fixed bug GH-17847: xinclude destroys live node.

    • FFI

      • Fix FFI Parsing of Pointer Declaration Lists.

    • FPM

      • Fixed bug GH-17643: FPM with httpd ProxyPass encoded PATH_INFO env.

    • GD

      • Fixed bug GH-17772: imagepalettetotruecolor crash with memory_limit=2M.

    • LDAP

      • Fixed bug GH-17704: ldap_search fails when $attributes contains a non-packed array with numerical keys.

    • LibXML

      • Fixed GHSA-wg4p-4hqh-c3g9: Reoccurrence of #72714.

    • MBString

      • Fixed bug GH-17503: Undefined float conversion in mb_convert_variables.

    • Opcache

      • Fixed bug GH-17654: Multiple classes using same trait causes function JIT crash.
      • Fixed bug GH-17577: JIT packed type guard crash.
      • Fixed bug GH-17899: zend_test_compile_string with invalid path when opcache is enabled.
      • Fixed bug GH-17868: Cannot allocate memory with tracing JIT.

    • PDO_SQLite

      • Fixed GH-17837: ()::getColumnMeta() on unexecuted statement segfaults.
      • Fix cycle leak in sqlite3 setAuthorizer().

    • Phar

      • Fixed bug GH-17808: PharFileInfo refcount bug.

    • PHPDBG

      • Partially fixed bug GH-17387: Trivial crash in phpdbg lexer.
      • Fix memory leak in phpdbg calling registered function.

    • Reflection

      • Fixed bug GH-15902: Core dumped in ext/reflection/php_reflection.c.

    • Standard

      • Fixed bug #72666: stat cache clearing inconsistent between file:// paths and plain paths.

    • Streams

      • Fixed bug GH-17650: realloc with size 0 in user_filters.c.
      • Fix memory leak on overflow in _php_stream_scandir().

    • Windows

      • Fixed phpize for Windows 11 (24H2).
      • Fixed GH-17855: CURL_STATICLIB flag set even if linked with shared lib.

    • Zlib

      • Fixed bug GH-17745: zlib extension incorrectly handles object arguments.
      • Fix memory leak when encoding check fails.
      • Fix zlib support for large files.

    PHP version 8.2.28 changes

    • Core

      • Fixed bug GH-17211: observer segfault on function loaded with dl().

    • LibXML

      • Fixed GHSA-wg4p-4hqh-c3g9: Reocurrence of #72714.

    • Windows

      • Fixed phpize for Windows 11 (24H2).

    PHP version 8.1.32 changes

    • LibXML

      • Fixed GHSA-wg4p-4hqh-c3g9: Reocurrence of #72714.

    • Windows

      • Fixed phpize for Windows 11 (24H2).

  • ZendPHP February 2025 Releases

    Community changes

    PHP version 8.4.4 changes

    • Core

      • Fixed bug GH-17234: Numeric parent hook call fails with assertion
      • Fixed bug GH-16892: ini_parse_quantity() fails to parse inputs starting with 0x0b
      • Fixed bug GH-16886: ini_parse_quantity() fails to emit warning for 0x+0
      • Fixed bug GH-17222: __PROPERTY__ magic constant does not work in all constant expression contexts
      • Fixed bug GH-17214: Relax final+private warning for trait methods with inherited final
      • Fixed NULL arithmetic during system program execution on Windows
      • Fixed potential OOB when checking for trailing spaces on Windows
      • Fixed bug GH-17408: Assertion failure Zend/zend_exceptions.c
      • Fix may_have_extra_named_args flag for ZEND_AST_UNPACK
      • Fix NULL arithmetic in System V shared memory emulation for Windows
      • Fixed bug GH-17597: #[\Deprecated] does not work for __call() and __callStatic()

    • DOM

      • Fixed bug GH-17397: Assertion failure ext/dom/php_dom.c
      • Fixed bug GH-17486: Incorrect error line numbers reported in Dom\HTMLDocument::createFromString
      • Fixed bug GH-17481: UTF-8 corruption in Dom\HTMLDocument
      • Fixed bug GH-17500: Segfault with requesting nodeName on nameless doctype
      • Fixed bug GH-17485: Self-closing tag on void elements shouldn't be a parse error/warning in Dom\HTMLDocument
      • Fixed bug GH-17572: getElementsByTagName returns collections with tagName-based indexing

    • Enchant

      • Fix crashes in enchant when passing null bytes

    • FTP

      • Fixed bug GH-16800: ftp functions can abort with EINTR

    • GD

      • Fixed bug GH-17349: Tiled truecolor filling loses single color transparency
      • Fixed bug GH-17373: imagefttext() ignores clipping rect for palette images
      • Ported fix for libgd 223: gdImageRotateGeneric() does not properly interpolate
      • Added support for reading GIFs without colormap to bundled libgd

    • Gettext

      • Fixed bug GH-17400: bindtextdomain SEGV on invalid domain

    • Intl

      • Fixed bug GH-11874: intl causing segfault in docker images

    • Opcache

      • Fixed bug GH-15981: Segfault with frameless jumps and minimal JIT
      • Fixed bug GH-17307: Internal closure causes JIT failure
      • Fixed bug GH-17428: Assertion failure ext/opcache/jit/zend_jit_ir.c:8940
      • Fixed bug GH-17564: Potential UB when reading from/writing to struct padding

    • PCNTL

      • Fixed pcntl_setcpuaffinity exception type from ValueError to TypeError for the cpu mask argument with entries type different than int/string

    • PCRE

      • Fixed bug GH-17122: memory leak in regex

    • PDO

      • Fixed a memory leak when the GC is used to free a PDOStatement
      • Fixed a crash in the PDO Firebird Statement destructor
      • Fixed UAFs when changing default fetch class ctor args

    • PgSql

      • Fixed build failure when the constant PGRES_TUPLES_CHUNK is not present in the system

    • Phar

      • Fixed bug GH-17518: offset overflow phar extractTo()

    • PHPDBG

      • Fix crashes in function registration + test

    • Session

      • Fix type confusion with session SID constant
      • Fixed bug GH-17541: ext/session NULL pointer dereferencement during ID reset

    • SimpleXML

      • Fixed bug GH-17409: Assertion failure Zend/zend_hash.c:1730

    • SNMP

      • Fixed bug GH-17330: SNMP::setSecurity segfault on closed session

    • SPL

      • Fixed bug GH-15833: Segmentation fault (access null pointer) in ext/spl/spl_array.c
      • Fixed bug GH-17516: SplFileTempObject::getPathInfo() Undefined behavior on invalid class

    • Standard

      • Fixed bug GH-17447: Assertion failure when array popping a self-addressing variable

    • Windows

      • Fixed clang compiler detection

    • Zip

      • Fixed bug GH-17139: Fix zip_entry_name() crash on invalid entry

    PHP version 8.3.17 changes

    • Core

      • Fixed bug GH-16892: ini_parse_quantity() fails to parse inputs starting with 0x0b
      • Fixed bug GH-16886: ini_parse_quantity() fails to emit warning for 0x+0
      • Fixed bug GH-17214: Relax final+private warning for trait methods with inherited final
      • Fixed NULL arithmetic during system program execution on Windows
      • Fixed potential OOB when checking for trailing spaces on Windows
      • Fixed bug GH-17408: Assertion failure Zend/zend_exceptions.c
      • Fix may_have_extra_named_args flag for ZEND_AST_UNPACK
      • Fix NULL arithmetic in System V shared memory emulation for Windows

    • DOM

      • Fixed bug GH-17500: Segfault with requesting nodeName on nameless doctype

    • Enchant

      • Fix crashes in enchant when passing null bytes

    • FTP

      • Fixed bug GH-16800: ftp functions can abort with EINTR

    • GD

      • Fixed bug GH-17349: Tiled truecolor filling loses single color transparency
      • Fixed bug GH-17373: imagefttext() ignores clipping rect for palette images
      • Ported fix for libgd 223: gdImageRotateGeneric() does not properly interpolate

    • Intl

      • Fixed bug GH-11874: intl causing segfault in docker images
      • Fixed bug GH-17469: UConverter::transcode always emit E_WARNING on invalid encoding

    • Opcache

      • Fixed bug GH-17307: Internal closure causes JIT failure
      • Fixed bug GH-17564: Potential UB when reading from/writing to struct padding

    • PDO

      • Fixed a memory leak when the GC is used to free a PDOStatement
      • Fixed a crash in the PDO Firebird Statement destructor
      • Fixed UAFs when changing default fetch class ctor args

    • Phar

      • Fixed bug GH-17518: offset overflow phar extractTo()

    • PHPDBG

      • Fix crashes in function registration + test

    • Session

      • Fix type confusion with session SID constant
      • Fixed bug GH-17541: ext/session NULL pointer dereferencement during ID reset

    • SimpleXML

      • Fixed bug GH-17409: Assertion failure Zend/zend_hash.c:1730

    • SNMP

      • Fixed bug GH-17330: SNMP::setSecurity segfault on closed session

    • SPL

      • Fixed bug GH-17463: crash on SplTempFileObject::ftruncate with negative value

    • Zip

      • Fixed bug GH-17139: Fix zip_entry_name() crash on invalid entry

    ZendPHP Changes

    PHP version 8.0.30.5, 7.4.33.9, 7.3.33.15 and 7.2.34.23 changes

    • OpenSSL
      • Fixed bug #79589: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading.

    PHP version 7.3.33.14 and 7.2.34.22 changes

    • OPcache
      • Fixed bug: Backport "Avoid UB in overflow checks"