Community Changes
PHP Version PHP 8.5.0 Release
1. Backward Incompatible Changes
-
Core
- It is no longer possible to use
array and callable as class alias names in class_alias().
- Loosely comparing uncomparable objects (e.g. enums,
\CurlHandle and other internal classes) to booleans was previously inconsistent. If compared to a boolean literal $object == true, it would behave the same way as (bool) $object. If compared to a statically unknown value $object == $true, it would always return false. This behavior was consolidated to always follow the behavior of (bool) $object.
- The return value of
gc_collect_cycles() no longer includes strings and resources that were indirectly collected through cycles.
- It is now allowed to substitute
static with self or the concrete class name in final subclasses.
- The tick handlers are now deactivated after all shutdown functions, destructors have run and the output handlers have been cleaned up. This is a consequence of fixing GH-18033.
- Traits are now bound before the parent class. This is a subtle behavioral change, but should more closely match user expectations, demonstrated by GH-15753 and GH-16198.
- Errors emitted during compilation and class linking are now always delayed and handled after compilation or class linking. Fatal errors emitted during compilation or class linking cause any delayed errors to be handled immediately, without calling user-defined error handlers.
- Exceptions thrown by user-defined error handlers when handling class linking errors are not promoted to fatal errors anymore and do not prevent linking.
- Applying
ReflectionAttribute::newInstance() was called an error would be thrown. The error can be delayed from compilation to runtime using the new
- The
disable_classes INI setting has been removed as it causes various engine assumptions to be broken.
- Destructing non-array values (other than
NULL) using [] or list() now emits a warning.
- A warning is now emitted when casting floats (or strings that look like floats) to
int if they cannot be represented as one. This affects explicit int casts and implicit int casts.
- A warning is now emitted when casting
NAN to other types.
-
BZ2
bzcompress() now throws a ValueError when $block_size is not between 1 and 9.bzcompress() now throws a ValueError when $work_factor is not between 0 and 250.
-
DOM
- Cloning a
DOMNamedNodeMap, DOMNodeList, Dom\NamedNodeMap, Dom\NodeList, Dom\HTMLCollection, and Dom\DtdNamedNodeMap now fails. This never actually resulted in a working object, so the impact should actually be zero.
-
FileInfo
finfo_file() and finfo::file() now throws a ValueError instead of a TypeError when $filename contains nul bytes. This aligns the type of Error thrown to be consistent with the rest of the language.
-
Intl
- The extension now requires at least ICU 57.1.
- The behaviour of
Collator::SORT_REGULAR with respect to handling numeric strings is now aligned with the behaviour of SORT_REGULAR in ext/standard. This is a consequence of fixing bug GH-18566.
-
LDAP
ldap_get_option() and ldap_set_option() now throw a ValueError when passing an invalid option.
-
MBstring
- Unicode data tables have been updated to Unicode 17.0.
-
MySQLi
- Calling the
mysqli constructor on an already-constructed object is now no longer possible and throws an Error.
-
ODBC
- ODBC now assumes that at least ODBC 3.5 functionality is available. The
ODBCVER definition and build system flags to control it have been removed.
- ODBC no longer has build flags to build against specific drivers (except for DB2) and removes special cases for those drivers. It is strongly recommended to use a driver manager like iODBC or unixODBC on non-Windows.
-
Opcache
- The Opcache extension is now always built into the PHP binary and is always loaded. The INI directives
opcache.enable and opcache.enable_cli are still honored. The opcache.so or php_opcache.dll objects anymore. Using zend_extension=opcache.so or zend_extension=php_opcache.dll INI directives will emit a warning.
-
PCNTL
pcntl_exec() now throws ValueErrors when entries of the $args parameter contain null bytes.pcntl_exec() now throws ValueErrors when entries or keys of the $env_vars parameter contain null bytes.
-
PCRE
- The extension is compiled without semi-deprecated
PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK compile option.
-
PDO
- The constructor arguments set in conjunction with
PDO::FETCH_CLASS now follow the usual CUFA (call_user_func_array) semantics. This means string keys will act like a named argument. Moreover, automatic wrapping for by-value arguments passed to a by-ref parameter has been removed, and the usual E_WARNING about this is now emitted. To pass a variable by-ref to a constructor argument use the general array value reference assignment: $ctor_args = [&$valByRef].
- Attempting to call
PDOStatement::setFetchMode during a call to PDO::fetch(), PDO::fetchObject(), PDO::fetchAll(), for example using tricks such as passing the statement object as a constructor argument when fetching into an object, will now throw an Error.
- The value of the constants
PDO::FETCH_GROUP, PDO::FETCH_UNIQUE, PDO::FETCH_CLASSTYPE, PDO::FETCH_PROPS_LATE, and PDO::FETCH_SERIALIZE have changed.
- A
ValueError is now thrown if PDO::FETCH_PROPS_LATE is used with a fetch mode different than PDO::FETCH_CLASS, consistent with other fetch flags.
- A
ValueError is now thrown if PDO::FETCH_INTO is used as a fetch mode in PDO::fetchAll(), similar to PDO::FETCH_LAZY.
-
PDO_FIREBIRD
- A
ValueError is now thrown when trying to set a cursor name that is too long on a PDOStatement resulting from the Firebird driver.
-
Session
- Attempting to write session data where
$_SESSION has a key containing the pipe character will now emit a warning instead of silently failing.
-
SimpleXML
- Passing an XPath expression that returns something other than a node set to
SimpleXMLElement::xpath() will now emit a warning and return false, instead of silently failing and returning an empty array.
-
SPL
ArrayObject no longer accepts enums, as modifying the $name or $value properties can break engine assumptions.SplFileObject::fwrite's parameter $length is now nullable. The default value changed from 0 to null.
-
Standard
- Using a printf-family function with a formatter that did not specify the precision previously incorrectly reset the precision instead of treating it as a precision of 0. See GH-18897.
-
SOAP
SoapClient::__doRequest() expects a new, optional $uriParserClass parameter as described in the URL parsing API.
2. New Features
-
Core
Closure is now a proper subtype of callable.- Added support for Closures and first class callables in constant expressions.
- Fatal Errors (such as an exceeded maximum execution time) now include a backtrace.
- Added the
- Added the
(void) cast to indicate that not using a value is intentional. The (void) cast has no effect on the program's execution by itself, but it can be used to suppress warnings emitted by
- Added asymmetric visibility support for static properties.
- Added support for casts in constant expressions.
- Added support for attributes on compile-time non-class constants.
- The
- Added the pipe (
|>) operator.
- Constructor property promotion can now be used for
final properties.
- The
ReflectionAttribute::newInstance() is called.
-
Curl
- Added support for share handles that are persisted across multiple PHP requests, safely allowing for more effective connection reuse.
- Added support for
CURLINFO_USED_PROXY (libcurl >= 8.7.0), CURLINFO_HTTPAUTH_USED, and CURLINFO_PROXYAUTH_USED (libcurl >= 8.12.0) to the curl_getinfo() function. When curl_getinfo() returns an array, the same information is available as "used_proxy", "httpauth_used", and "proxyauth_used" keys. CURLINFO_USED_PROXY gets zero set if no proxy was used in the previous transfer or a non-zero value if a proxy was used. CURLINFO_HTTPAUTH_USED and CURLINFO_PROXYAUTH_USED get bitmasks indicating the HTTP and proxy authentication methods that were used in the previous request. See CURLAUTH_* constants for possible values.
- Added
CURLOPT_INFILESIZE_LARGE Curl option, which is a safe replacement for CURLOPT_INFILESIZE. On certain systems, CURLOPT_INFILESIZE only accepts a 32-bit signed integer as the file size (2.0 GiB) even on 64-bit systems. CURLOPT_INFILESIZE_LARGE accepts the largest integer value the system can handle.
- Added
CURLFOLLOW_OBEYCODE, CURLFOLLOW_FIRSTONLY and CURLFOLLOW_ALL values for CURLOPT_FOLLOWLOCATION curl_easy_setopt option. CURLFOLLOW_OBEYCODE to follow more strictly in regard to redirect if they are allowed. CURLFOLLOW_FIRSTONLY to follow only the first redirect thus if there is any follow up redirect, it won't go any further. CURLFOLLOW_ALL is equivalent to setting CURLOPT_FOLLOWLOCATION to true.
- Added support for
CURLINFO_CONN_ID (libcurl >= 8.2.0) to the curl_getinfo() function. This constant allows retrieving the unique ID of the connection used by a cURL transfer. It is primarily useful when connection reuse or connection pooling logic is needed in PHP-level applications. When curl_getinfo() returns an array, this value is available as the "conn_id" key.
- Added support for
CURLINFO_QUEUE_TIME_T (libcurl >= 8.6.0) to the curl_getinfo() function. This constant allows retrieving the time (in microseconds) that the request spent in libcurl’s connection queue before it was sent. This value can also be retrieved by passing CURLINFO_QUEUE_TIME_T to the curl_getinfo() $option parameter.
- Added support for
CURLOPT_SSL_SIGNATURE_ALGORITHMS to specify the signature algorithms to use for TLS.
-
DOM
- Added
Dom\Element::$outerHTML.
- Added
$children property to Dom\ParentNode implementations.
-
EXIF
- Add
OffsetTime* Exif tags.
- Added support for HEIF/HEIC.
-
Filter
- Add new
FILTER_THROW_ON_FAILURE flag which can be passed to the filter functions and will force an exception to be triggered when validation fails. The new flag cannot be combined with FILTER_NULL_ON_FAILURE; trying to do so will result in a ValueError being thrown.
-
Intl
- Added class constants
NumberFormatter::CURRENCY_ISO, NumberFormatter::CURRENCY_PLURAL, NumberFormatter::CASH_CURRENCY, and NumberFormatter::CURRENCY_STANDARD for various currency-related number formats.
- Added
Locale::addLikelySubtags and Locale::minimizeSubtags to handle likely tags on a given locale.
- Added
IntlListFormatter class to format, order, and punctuate a list of items with a given locale, IntlListFormatter::TYPE_AND, IntlListFormatter::TYPE_OR, IntlListFormatter::TYPE_UNITS operands and IntlListFormatter::WIDTH_WIDE, IntlListFormatter::WIDTH_SHORT and IntlListFormatter::WIDTH_NARROW widths. It is supported from icu 67.
-
PDO_Sqlite
- Added class constant
Pdo_Sqlite::ATTR_BUSY_STATEMENT.
- Added class constants
Pdo_Sqlite::ATTR_EXPLAIN_STATEMENT, Pdo_Sqlite::EXPLAIN_MODE_PREPARED, Pdo_Sqlite::EXPLAIN_MODE_EXPLAIN, Pdo_Sqlite::EXPLAIN_MODE_EXPLAIN_QUERY_PLAN.
- Added
PDO\Sqlite::ATTR_TRANSACTION_MODE connection attribute with possible values PDO\Sqlite::TRANSACTION_MODE_DEFERRED, PDO\Sqlite::TRANSACTION_MODE_IMMEDIATE, and PDO\Sqlite::TRANSACTION_MODE_EXCLUSIVE, allowing to configure the transaction mode to use when calling beginTransaction().
-
Session
session_set_cookie_params(), session_get_cookie_params(), and session_start() now support partitioned cookies via the "partitioned" key.
-
SOAP
- Enumeration cases are now dumped in
__getTypes().
- Implemented request #61105: support for Soap 1.2 Reason Text
xml:lang attribute. The signature of SoapFault::__construct() and SoapServer::fault() therefore now have an optional $lang parameter. This support solves compatibility with .NET SOAP clients.
-
Sqlite
- Added class constants
Sqlite3Stmt::EXPLAIN_MODE_PREPARED, Sqlite3Stmt::EXPLAIN_MODE_EXPLAIN and Sqlite3Stmt::EXPLAIN_MODE_EXPLAIN_QUERY_PLAN.
-
Standard
mail() now returns the actual sendmail error and detects if the sendmail process was terminated unexpectedly. In such cases, a warning is emitted and the function returns false. Previously, these errors were silently ignored. This change affects only the sendmail transport.getimagesize() now supports HEIF/HEIC images.getimagesize() now supports SVG images when ext-libxml is also loaded. Similarly, image_type_to_extension() and image_type_to_mime_type() now also handle IMAGETYPE_SVG.- The array returned by
getimagesize() now has two additional entries: "width_unit" and "height_unit" to indicate in which units the dimensions are expressed. These units are px by default. They are not necessarily the same.
setcookie() and setrawcookie() now support the "partitioned" key.
-
XSL
- The
$namespace argument of XSLTProcessor::getParameter(), XSLTProcessor::setParameter() and XSLTProcessor::removeParameter() now actually works instead of being treated as empty. This only works if the $name argument does not use Clark notation and is not a QName because in those cases the namespace is taken from the namespace href or prefix respectively.
-
Zlib
flock() is now supported on zlib streams. Previously, this always failed to perform any locking action.
3. Changes in SAPI modules
-
CLI
- Trying to set a process title that is too long with
cli_set_process_title() will now fail instead of silently truncating the given title.
- Added a new
-
FPM
- FPM with httpd ProxyPass optionally decodes the full script path. Added
fastcgi.script_path_encoded INI setting to prevent this new behavior.
- FPM access log limit now respects
log_limit value.
4. Deprecated Functionality
-
Core
- Trying to produce output (e.g. with
echo) within a user output handler is deprecated. The deprecation warning will bypass the handler producing the output to ensure it is visible; if there are nested output handlers the next one will still be used.
- Non-canonical cast names
(boolean), (integer), (double), and (binary) have been deprecated, use (bool), (int), (float), and (string) respectively.
- The
$exclude_disabled parameter of the get_defined_functions() function has been deprecated, as it no longer has any effect since PHP 8.0.
- Terminating case statements with a semicolon instead of a colon has been deprecated.
- The backtick operator as an alias for
shell_exec() has been deprecated.
- Returning
null from __debugInfo() has been deprecated. Return an empty array instead. [cite: 118, 119]
- The
report_memleaks INI directive has been deprecated.
- Constant redeclaration has been deprecated.
- Enacted the follow-up phase of the "Path to Saner Increment/Decrement operators" RFC, meaning that incrementing non-numeric strings is now deprecated. Instead the
str_increment() function should be used.
- The following closure binding issues, which already emit an
E_WARNING, are now deprecated: Binding an instance to a static closure; Binding methods to objects that are not instances of the class (or subclass) that the method is defined; Unbinding $this from a method; Unbinding $this from a closure that uses $this; Binding a closure to the scope of an internal class; Rebinding the scope of a closure created from a function or method.
- Using
null as an array offset or when calling array_key_exists() is now deprecated. Instead an empty string should be used.
- Deriving
$_SERVER['argc'] and $_SERVER['argv'] from the query string for non-CLI SAPIs has been deprecated. Configure register_argc_argv=0 and switch to either $_GET or $_SERVER['QUERY_STRING'] to access the information, after verifying that the usage is safe.
- The
__sleep() and __wakeup() magic methods have been soft-deprecated. The __serialize() and __unserialize() magic methods should be used instead, or at the same time if compatibility with PHP 7 is required.
-
Curl
- The
curl_close() function has been deprecated, as CurlHandle objects are freed automatically.
- The
curl_share_close() function has been deprecated, as CurlShareHandle objects are freed automatically.
-
Date
- The
DATE_RFC7231 and DateTimeInterface::RFC7231 constants have been deprecated. This is because the associated timezone is ignored and always uses GMT.
- The
__wakeup() magic method of DateTimeInterface, DateTime, DateTimeImmutable, DateTimeZone, DateInterval, and DatePeriod has been deprecated in favour of the __unserialize() magic method.
-
FileInfo
- The
finfo_close() function has been deprecated. As finfo objects are freed automatically.
- The
$context parameter of the finfo_buffer() function has been deprecated as it is ignored.
-
GD
- The
imagedestroy() function has been deprecated, as GdImage objects are freed automatically.
-
Hash
- The
MHASH_* constants have been deprecated. These have been overlooked when the mhash*() function family has been deprecated.
-
Intl
- The
intl.error_level INI setting has been deprecated. Errors should either be checked manually or exceptions should be enabled by using the intl.use_exceptions INI setting.
-
LDAP
- Specific Oracle Instant Client calls and constants have been deprecated. List of affected calls:
ldap_connect() with wallet support, ldap_connect_wallet(). List of affected constants: GSLC_SSL_NO_UATH, GSLC_SSL_ONEWAY_UATH, GSLC_SSL_TWOWAY_UATH.
-
MySQLi
- The
mysqli_execute() alias function has been deprecated. Use mysqli_stmt_execute() instead. [cite: 136, 137]
-
OpenSSL
- The
$key_length parameter for openssl_pkey_derive() has been deprecated. This is because it is either ignored, or truncates the key, which can be a vulnerability.
-
PDO
- The "uri:" DSN scheme has been deprecated due to security concerns with DSNs coming from remote URIs.
- Driver specific constants in the
PDO class have been deprecated.
- Driver specific methods in the
PDO class have been deprecated.
-
PDO_PGSQL
- Constants related to transaction states have been deprecated:
PDO::PGSQL_TRANSACTION_IDLE, PDO::PGSQL_TRANSACTION_ACTIVE, PDO::PGSQL_TRANSACTION_INTRANS, PDO::PGSQL_TRANSACTION_INERROR, PDO::PGSQL_TRANSACTION_UNKNOWN.
-
Reflection
- The
setAccessible() methods of various Reflection objects have been deprecated, as those no longer have an effect.
- Calling
ReflectionClass::getConstant() for constants that do not exist has been deprecated.
- Calling
ReflectionProperty::getDefaultValue() for properties without default values has been deprecated.
-
SPL
- Unregistering all autoloaders by passing the
spl_autoload_call() function as a callback argument to spl_autoload_unregister() has been deprecated. Instead if this is needed, one should iterate over the return value of spl_autoload_functions() and call spl_autoload_unregister() on each value.
- The
SplObjectStorage::contains(), SplObjectStorage::attach(), and SplObjectStorage::detach() methods have been deprecated in favour of SplObjectStorage::offsetExists(), SplObjectStorage::offsetSet(), and SplObjectStorage::offsetUnset() respectively.
- Using
ArrayObject and ArrayIterator with objects has been deprecated.
-
Standard
- The
socket_set_timeout() alias function has been deprecated. Use stream_set_timeout() instead.
- Passing
null to readdir(), rewinddir(), and closedir() to use the last opened directory has been deprecated. Provide the last opened directory explicitly instead.
- Passing integers outside the interval [0, 255] to
chr() is now deprecated. This is because a byte can only hold a value within this interval.
- Passing a string which is not a single byte to
ord() is now deprecated, this is indicative of a bug.
- The locally predefined variable
$http_response_header is deprecated. Instead one should call the http_get_last_response_headers() function.
-
XML
- The
xml_parser_free() function has been deprecated, as XMLParser objects are freed automatically.
5. Changed Functions
-
Intl
IntlDateFormatter::setTimeZone()/datefmt_set_timezone() throws an IntlException on uninitialised classes/clone failures.grapheme_extract() properly assigns $next value when skipping over invalid starting bytes. Previously there were cases where it would point to the start of the grapheme boundary instead of the end.Locale:: methods throw a ValueError when locale inputs contain null bytes.transliterator_get_error_code(), transliterator_get_error_message() TransLiterator::getErrorCode(), and TransLiterator::getErrorMessage() have dropped the false from the return type union. Returning false was actually never possible.grapheme_strpos(), grapheme_stripos(), grapheme_strrpos(), grapheme_strripos(), grapheme_substr(), grapheme_strstr() and grapheme_stristr() functions add $locale parameter.
-
LDAP
ldap_get_option() now accepts a NULL connection, like ldap_set_option(), to allow retrieval of global options.
-
libxml
libxml_set_external_entity_loader() now has a formal return type of true.
-
OpenSSL
openssl_public_encrypt() and openssl_private_decrypt() have a new parameter $digest_algo that allows specifying the hash digest algorithm for OAEP padding.openssl_sign() and openssl_verify() have a new parameter $padding to allow using more secure RSA PSS padding.openssl_cms_encrypt() $cipher_algo parameter can be a string with the cipher name. That allows to use more algorithms including AES GCM cipher algorithms for auth enveloped data.
-
PCNTL
pcntl_exec() now has a formal return type of false.pcntl_waitid() takes an additional resource_usage argument to gather various platform specific metrics about the child process.
-
PDO_PGSQL
PDO::pgsqlCopyFromArray now supports Iterable inputs.Pdo\Pgsql::setAttribute and Pdo\Pgsql::prepare support setting PDO::ATTR_PREFETCH to 0 which enters lazy fetch mode. In this mode, statements cannot be run in parallel.
-
PDO_SQLITE
- SQLite
PDO::quote() will now throw an exception or emit a warning, depending on the error mode, if the string contains a null byte.
PDO::sqliteCreateCollation will now throw an exception if the callback has the wrong return type, making it more in line with Pdo_Sqlite::createCollation behavior.
-
PGSQL
pg_copy_from now supports Iterable inputs.pg_connect checks if the connection_string argument contains any null byte.pg_close_stmt checks if the statement_name argument contains any null byte.
-
POSIX
posix_ttyname sets last_error to EBADF when encountering an invalid file descriptor.posix_isatty raises an E_WARNING message when encountering an invalid file descriptor.posix_fpathconf checks invalid file descriptors and sets last_error to EBADF and raises an E_WARNING message.posix_kill throws a ValueError when the process_id argument is lower or greater than what the platform supports (signed integer or long range).posix_setpgid throws a ValueError when the process_id or the process_group_id is lower than zero or greater than what the platform supports.posix_setrlimit throws a ValueError when the hard_limit or soft_limit arguments are lower than -1 or if soft_limit is greater than hard_limit.
-
Reflection
- The output of
ReflectionClass::__toString() for enums has changed to better indicate that the class is an enum, and that the enum cases are enum cases rather than normal class constants.
- The output of
ReflectionProperty::__toString() for properties with hooks has changed to indicate what hooks the property has, whether those hooks are final, and whether the property is virtual. This also affects the output of ReflectionClass::__toString() when a class contains hooked properties.
ReflectionAttribute::newInstance() can now throw errors for internal attributes if the attribute was applied on an invalid target and the error was delayed from compile time to runtime via the
-
Session
session_start is stricter in regard to the options argument. It throws a ValueError if the array is not a hashmap, or a TypeError if the read_and_close value is not a valid type compatible with int. [cite: 185, 186]
-
SNMP
snmpget, snmpset, snmp_get2, snmp_set2, snmp_get3, snmp_set3 and SNMP::__construct() throw a ValueError when the hostname is too large, contains any null byte or if the port is given when negative or greater than 65535, timeout and retries values are lower than -1 or too large.
-
Sockets
socket_create_listen, socket_bind and socket_sendto throw a ValueError if the port is lower than 0 or greater than 65535, and also if any of the hints array entries are indexed numerically.socket_addrinfo_lookup throws a TypeError if any of the hints values cannot be cast to int and can throw a ValueError if any of these values overflow.socket_set_option with MCAST_LEAVE_GROUP/MCAST_LEAVE_SOURCE_GROUP options will throw an exception if the value isn't a valid object or array.socket_create/socket_bind can create AF_PACKET family sockets.socket_getsockname gets the interface index and its string representation with AF_PACKET socket.socket_set_option with multicast context throws a ValueError when the created socket is not of AF_INET/AF_INET6 family.
-
Tidy
tidy::__construct/parseFile/parseString now throws a ValueError if the configuration contains an invalid value or attempts to set a read-only internal entry, and a TypeError if a configuration key is not a string.
-
Zlib
- The "use_include_path" argument for the
gzfile, gzopen and readgzfile functions has been changed from int to boolean.
gzfile, gzopen and readgzfile functions now respect the default stream context.
6. New Functions
-
Core
get_error_handler() allows retrieving the current user-defined error handler function.get_exception_handler() allows retrieving the current user-defined exception handler function.- The
clone language construct is now a function and supports reassigning (readonly) properties during cloning via the new $withProperties parameter.
- Added
Closure::getCurrent() to receive currently executing closure.
-
Curl
curl_multi_get_handles() allows retrieving all CurlHandles currently attached to a CurlMultiHandle. This includes both handles added using curl_multi_add_handle() and handles accepted by CURLMOPT_PUSHFUNCTION.curl_share_init_persistent() allows creating a share handle that is persisted across multiple PHP requests.
-
DOM
- Added
Dom\Element::getElementsByClassName().
- Added
Dom\Element::insertAdjacentHTML().
-
Enchant
- Added
enchant_dict_remove_from_session() to remove a word added to the spellcheck session via enchant_dict_add_to_session().
- Added
enchant_dict_remove() to put a word on the exclusion list and remove it from the session dictionary.
-
Intl
- Added
locale_is_right_to_left/Locale::isRightToLeft, returns true if the locale is written right to left (after its enrichment with likely subtags).
- Added
grapheme_levenshtein() function.
-
Opcache
- Added
opcache_is_script_cached_in_file_cache().
-
Pdo\Sqlite
- Added support for
Pdo\Sqlite::setAuthorizer(), which is the equivalent of SQLite3::setAuthorizer(). The only interface difference is that the pdo version returns void.
-
PGSQL
pg_close_stmt offers an alternative way to close a prepared statement from the DEALLOCATE sql command in that we can reuse its name afterwards.pg_service returns the ongoing service name of the connection.
-
Reflection
ReflectionConstant::getFileName() was introduced.ReflectionConstant::getExtension() and ReflectionConstant::getExtensionName() were introduced.ReflectionConstant::getAttributes() was introduced.ReflectionProperty::getMangledName() was introduced.
-
Sqlite
Sqlite3Stmt::busy to check if a statement had been fetched but not completely.
-
Standard
- Added
array_first() and array_last().
7. New Classes and Interfaces
-
Core
NoDiscard attribute was added.DelayedTargetValidation attribute was added.
-
Curl
CurlSharePersistentHandle representing a share handle that is persisted across multiple PHP requests.
-
Filter
Filter\FilterException and Filter\FilterFailedException for use when FILTER_THROW_ON_FAILURE has been enabled.
-
URI
Uri\UriException, Uri\InvalidUriException, Uri\UriComparisonMode, Uri\Rfc3986\Uri, Uri\WhatWg\InvalidUrlException, Uri\WhatWg\UrlValidationErrorType, Uri\WhatWg\UrlValidationError, and Uri\WhatWg\Url are added.
9. Other Changes to Extensions
-
Curl
curl_easy_setopt with CURLOPT_FOLLOWLOCATION option's value no longer is treated as boolean but integer to handle CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY.
-
Fileinfo
- Upgraded file from 5.45 to 5.46.
- The return type of
finfo_close() has been changed to true, rather than bool.
-
Intl
- Intl's internal error mechanism has been modernized so that it indicates more accurately which call site caused what error. Moreover, some ext/date exceptions have been wrapped inside a
IntlException now.
-
Lexbor
- An always enabled lexbor extension is added. It contains the lexbor library that was separated from ext/dom for being reused among other extensions. The new extension is not directly exposed to userland.
-
Opcache
- The Opcache extension is now always built into the PHP binary and is always loaded. The INI directives
opcache.enable and opcache.enable_cli are still honored.
-
URI
- An always enabled uri extension is added that can be used for handling URIs and URLs according to RFC 3986 and WHATWG URL.
-
PDO_Sqlite
- Increased minimum release version support from 3.7.7 to 3.7.17.
-
Readline
- The return types of
readline_add_history(), readline_clear_history(), and readline_callback_handler_install() have been changed to true, rather than bool.
-
Reflection
ReflectionConstant is no longer final.
10. New Global Constants
-
Core
PHP_BUILD_DATE.PHP_BUILD_PROVIDER.
-
Curl
CURLINFO_USED_PROXY.CURLINFO_HTTPAUTH_USED.CURLINFO_PROXYAUTH_USED.CURLINFO_CONN_ID.CURLINFO_QUEUE_TIME_T.CURLOPT_INFILESIZE_LARGE.CURLFOLLOW_ALL.CURLFOLLOW_OBEYCODE.CURLFOLLOW_FIRSTONLY.
-
Filter
-
Intl
DECIMAL_COMPACT_SHORT.DECIMAL_COMPACT_LONG.
-
OpenSSL
OPENSSL_PKCS1_PSS_PADDING.PKCS7_NOSMIMECAP.PKCS7_CRLFEOL.PKCS7_NOCRL.PKCS7_NO_DUAL_CONTENT.
-
POSIX
-
Sockets
IPPROTO_ICMP/IPPROTO_ICMPV6.TCP_FUNCTION_BLK (FreeBSD only).TCP_FUNCTION_ALIAS (FreeBSD only).TCP_REUSPORT_LB_NUMA (FreeBSD only).TCP_REUSPORT_LB_NUMA_NODOM (FreeBSD only).TCP_REUSPORT_LB_NUMA_CURDOM (FreeBSD only).TCP_BBR_ALGORITHM (FreeBSD only).AF_PACKET (Linux only).ETH_P_IP (Linux only).ETH_P_IPV6 (Linux only).ETH_P_LOOP (Linux only).ETH_P_ALL (Linux only).IP_BINDANY (FreeBSD/NetBSD/OpenBSD only).SO_BUSY_POLL (Linux only).UDP_SEGMENT (Linux only).SHUT_RD.SHUT_WR.SHUT_RDWR.
-
Tokenizer
-
Standard
IMAGETYPE_SVG when libxml is loaded.
11. Changes to INI File Handling
-
Core
- Added
fatal_error_backtraces to control whether fatal errors should include a backtrace.
- Added startup-only
max_memory_limit INI setting to control the maximum memory_limit that may be configured at startup or runtime. Exceeding this value emits a warning, unless set to -1, and sets memory_limit to the current max_memory_limit instead.
-
Opcache
- Added
opcache.file_cache_read_only to support a read-only opcache.file_cache directory, for use with read-only file systems (e.g. read-only Docker containers). Best used with opcache.validate_timestamps=0, opcache.enable_file_override=1, and opcache.file_cache_consistency_checks=0.
- The default value of
opcache.jit_hot_loop is now 61 (a prime) to prevent it from being a multiple of loop iteration counts. It is recommended that this parameter is set to a prime number.
- Changing
opcache.memory_consumption when OPcache SHM is already set up will now correctly report a failure instead of silently doing nothing and showing misleading values in PHPInfo.
-
OpenSSL
- Added
openssl.libctx to select the OpenSSL library context type. Either custom libctx for each thread can be used or a single global (default) libctx is used.
12. Windows Support
-
Core
- The configuration variables
PHP_VERSION, PHP_MINOR_VERSION, and PHP_RELEASE_VERSION are now always numbers. Previously, they have been strings for buildconf builds.
phpize builds now reflect the source tree in the build dir (as it already worked for in-tree builds); some extension builds (especially when using Makefile.frag.w32) may need adjustments.- The
--with-uncritical-warn-choke configuration option for clang builds is no longer supported. Select warnings to suppress via CFLAGS instead.
-
COM
- The extension is now build shared by default; previously it defaulted to a static extension, although the official Windows binaries built a shared extension.
-
FFI
- It is no longer necessary to specify the library when using
FFI::cdef() and FFI::load(). However, this convenience feature should not be used in production.
-
Streams
- If only pipe streams are contained in the
$read array, and the $write and $except arrays are empty, stream_select() now behaves similar to POSIX systems, i.e. the function only returns if at least one pipe is ready to be read, or after the timeout expires. Previously, stream_select() returned immediately, reporting all streams as ready to read.
13. Other Changes
-
Core
- The high resolution timer (
hrtime()) on macOS now uses the recommended clock_gettime_nsec_np(CLOCK_UPTIME_RAW) API instead of mach_absolute_time().
-
CLI/CGI
- The
-z or -d zend_extension= instead.
-
PDO_ODBC
- The fetch behaviour for larger columns has been changed. Rather than fetching 256 byte blocks, PDO_ODBC will try to fetch a larger block size; currently, this is the page size minus string overhead. Drivers that return
SQL_NO_TOTAL in SQLGetData are also better handled as well. This should improve compatibility and performance. See GH-10809, GH-10733.
14. Performance Improvements
-
Core
- Remove OPcodes for identity comparisons against booleans, particularly for the
match(true) pattern.
- Add OPcode specialization for
=== [] and !== [] comparisons.
- Creating exception objects is now much faster.
- The parts of the code that used SSE2 have been adapted to use SIMD with ARM NEON as well.
- Introduced the TAILCALL VM, enabled by default when compiling with Clang>=19 on x86_64 or aarch64. The TAILCALL VM is as fast as the HYBRID VM used when compiling with GCC. This makes PHP binaries built with Clang>=19 as fast as binaries built with GCC. The performance of the CALL VM, used with other compilers, has also improved considerably.
-
Intl
- Now avoids creating extra string copies when converting strings for use in the collator.
-
MBString
- The parts of the code that used SSE2 have been adapted to use SIMD with ARM NEON as well.
-
Opcache
- Improved performance of fetching TLS variables in JIT'ed code in non-Glibc builds.
-
ReflectionProperty
- Improved performance of the following methods:
getValue(), getRawValue(), isInitialized(), setValue(), setRawValue().
-
SPL
- Improved performance of dimension accessors and methods of
SplFixedArray.
-
Standard
- Improved performance of array functions with callbacks (
array_find, array_filter, array_map, usort, ...).
- Improved performance of
urlencode() and rawurlencode().
- Improved
unpack() performance with nameless repetitions by avoiding creating temporary strings and reparsing them.
- Improved
pack() performance.
- Minor improvements in
array_chunk() performance.
-
XMLReader
- Improved property access performance.
-
XMLWriter
- Improved performance and reduced memory consumption.
CE changes
-
Core
- Added the
- Added the
(void) cast to indicate that not using a value is intentional. (timwolla, edorian)
- Added
get_error_handler(), get_exception_handler() functions. (Arnaud)
- Added support for casts in constant expressions. (nielsdos)
- Added the pipe (
|>) operator. (crell)
- Added support for
final with constructor property promotion. (DanielEScherzer)
- Added support for configuring the URI parser for the FTP/FTPS as well as the SSL/TLS stream wrappers as described in the URL parsing API plugability RFC. (kocsismate)
- Added
PHP_BUILD_PROVIDER constant. (timwolla)
- Added
PHP_BUILD_DATE constant. (cmb)
- Added support for Closures and first class callables in constant expressions. (timwolla, edorian) [cite: 276, 277]
- Add support for backtraces for fatal errors. (enorris)
- Add clone-with support to the
clone() function. (timwolla, edorian)
- Add RFC 3986 and WHATWG URL compliant APIs for URL parsing and manipulation (kocsismate, timwolla)
- Fixed AST printing for immediately invoked Closure. (Dmitrii Derepko)
- Properly handle
__debugInfo() returning an array reference. (nielsdos)
- Properly handle reference return value from
__toString(). (nielsdos)
- Improved error message of
UnhandledMatchError for zend.exception_string_param_max_len=0. (timwolla)
- Fixed bug GH-15753 and GH-16198 (Bind traits before parent class). (ilutov)
- Fixed bug GH-17951 (
memory_limit is not always limited by max_memory_limit). (manuelm)
- Fixed bug GH-20183 (Stale
EG(opline_before_exception) pointer through eval). (ilutov)
- Fixed bug GH-20113 (Missing
new Foo(...) error in constant expressions). (ilutov)
- Fixed bug GH-19844 (Don't bail when closing resources on shutdown). (ilutov)
- Fixed bug GH-20177 (Accessing overridden private property in
get_object_vars() triggers assertion error). (ilutov)
- Fix OSS-Fuzz #447521098 (Fatal error during sccp shift eval). (ilutov)
- Fixed bug GH-20002 (Broken build on *BSD with MSAN). (outtersg)
- Fixed bug GH-19352 (Cross-compilation with musl C library). (henderkes, Peter Kokot)
- Fixed bug GH-19765 (
object_properties_load() bypasses readonly property checks). (timwolla)
- Fixed hard_timeout with
- Fixed bug GH-19839 (Incorrect
HASH_FLAG_HAS_EMPTY_IND flag on userland array). (ilutov)
- Fixed bug GH-19823 (
register_argc_argv deprecation emitted twice when using OPcache). (timwolla)
- Fixed bug GH-19480 (
error_log php.ini cannot be unset when open_basedir is configured). (nielsdos)
- Fixed bug GH-19719 (Allow empty statements before
declare(strict_types)). (nielsdos) [cite: 290, 291]
- Fixed bug GH-19934 (CGI with
auto_globals_jit=0 causes uouv). (ilutov)
- Fixed bug GH-19613 (Stale array iterator pointer). (ilutov)
- Fixed bug GH-19679 (
zend_ssa_range_widening may fail to converge). (Arnaud)
- Fixed bug GH-19681 (
PHP_EXPAND_PATH broken with bash 5.3.0). (Remi)
- Fixed bug GH-18850 (Repeated inclusion of file with
__halt_compiler() triggers "Constant already defined" warning). (ilutov)
- Fixed bug GH-19476 (pipe operator fails to correctly handle returning by reference). (alexandre-daubois)
- Fixed bug GH-19081 (Wrong lineno in property error with constructor property promotion). (ilutov)
- Fixed bug GH-17959 (Relax missing trait fatal error to error exception). (ilutov)
- Fixed bug GH-18033 (NULL-ptr dereference when using
register_tick_function in destructor). (nielsdos)
- Fixed bug GH-18026 (Improve "expecting token" error for ampersand). (ilutov)
- The
report_memleaks INI directive has been deprecated. (alexandre-daubois)
- Fixed OSS-Fuzz #439125710 (Pipe cannot be used in write context). (nielsdos)
- Fixed bug GH-19548 (Shared memory violation on property inheritance). (alexandre-daubois)
- Fixed bug GH-19544 (GC treats
ZEND_WEAKREF_TAG_MAP references as WeakMap references). (Arnaud, timwolla) [cite: 299, 300]
- Fixed bug GH-18373 (Don't substitute self/parent with anonymous class). (ilutov)
- Fix support for non-userland stream notifiers. (timwolla)
- Fixed bug GH-19305 (Operands may be being released during comparison). (Arnaud)
- Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator). (Arnaud)
- Fixed bug GH-19326 (Calling
Generator::throw() on a running generator with a non-Generator delegate crashes). (Arnaud)
- Fix OSS-Fuzz #427814452 (pipe compilation fails with assert). (nielsdos, ilutov)
- Fixed bug GH-16665 (
\array and \callable should not be usable in class_alias). (nielsdos)
- Use
clock_gettime_nsec_np() for high resolution timer on macOS if available. (timwolla)
- Make
clone() a function. (timwolla, edorian)
- Introduced the TAILCALL VM, enabled by default when compiling with Clang>=19 on x86_64 or aarch64. (Arnaud)
- Enacted the follow-up phase of the "Path to Saner Increment/Decrement operators" RFC, meaning that incrementing non-numeric strings is now deprecated. (Girgias).
- Various closure binding issues are now deprecated. (alexandre-daubois)
- Constant redeclaration has been deprecated. (alexandre-daubois)
- Marks the stack as non-executable on Haiku. (David Carlier)
- Deriving
$_SERVER['argc'] and $_SERVER['argv'] from the query string is now deprecated. (timwolla, nicolasgrekas) [cite: 310, 311]
- Using
null as an array offset or when calling array_key_exists() is now deprecated. (alexandre-daubois)
- The
disable_classes INI directive has been removed. (Girgias)
- The locally predefined variable
$http_response_header is deprecated. (Girgias)
- Non-canonical cast names
(boolean), (integer), (double), and (binary) have been deprecated. (Girgias)
- The
$exclude_disabled parameter of the get_defined_functions() function has been deprecated, as it no longer has any effect since PHP 8.0. (Girgias)
- Terminating case statements with a semicolon instead of a colon has been deprecated. (theodorejb)
- The backtick operator as an alias for
shell_exec() has been deprecated. (timwolla)
- Returning
null from __debugInfo() has been deprecated. (DanielEScherzer)
- Support
- Destructing non-array values (other than
NULL) using [] or list() now emits a warning. (Girgias)
- Casting floats that are not representable as ints now emits a warning. (Girgias)
- Casting
NAN to other types now emits a warning. (Girgias)
- Implement GH-15680 (Enhance
zend_dump_op_array to properly represent non-printable characters in string literals). (nielsdos, WangYihang)
- Fixed bug GH-17442 (Engine UAF with reference assign and dtor). (nielsdos)
- Do not use
RTLD_DEEPBIND if dlmopen is available. (Daniil Gentili) [cite: 321, 322]
-
BCMath
- Simplify
bc_divide() code. (SakiTakamachi)
- If the result is 0,
n_scale is set to 0. (SakiTakamachi)
- If size of
BC_VECTOR array is within 64 bytes, stack area is now used. (SakiTakamachi)
- Fixed bug GH-20006 (Power of 0 of BcMath number causes UB). (nielsdos)
-
Bz2
- Fixed bug GH-19810 (Broken
bzopen() stream mode validation). (ilutov)
-
CLI
- Add
- Drop support for
-z CLI/CGI flag. (nielsdos)
- Fixed GH-17956 - development server 404 page does not adapt to mobiles. (pascalchevrel)
- Fix useless "Failed to poll event" error logs due to
EAGAIN in CLI server with PHP_CLI_SERVER_WORKERS. (leotaku)
- Fixed bug GH-19461 (Improve error message on listening error with IPv6 address). (alexandre-daubois)
-
COM
- Fixed property access of PHP objects wrapped in variant. (cmb)
- Fixed method calls for PHP objects wrapped in variant. (cmb) [cite: 330, 331]
-
Curl
- Added
CURLFOLLOW_ALL, CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY values for CURLOPT_FOLLOWLOCATION curl_easy_setopt option. (David Carlier)
- Added
curl_multi_get_handles(). (timwolla)
- Added
curl_share_init_persistent(). (enorris)
- Added
CURLINFO_USED_PROXY, CURLINFO_HTTPAUTH_USED, and CURLINFO_PROXYAUTH_USED support to curl_getinfo. (Ayesh Karunaratne)
- Add support for
CURLINFO_CONN_ID in curl_getinfo() (thecaliskan)
- Add support for
CURLINFO_QUEUE_TIME_T in curl_getinfo() (thecaliskan)
- Add support for
CURLOPT_SSL_SIGNATURE_ALGORITHMS. (Ayesh Karunaratne)
- The
curl_close() function has been deprecated. (DanielEScherzer)
- The
curl_share_close() function has been deprecated. (DanielEScherzer)
- Fix cloning of
CURLOPT_POSTFIELDS when using the clone operator instead of the curl_copy_handle() function to clone a CurlHandle. (timwolla) [cite: 334, 335]
-
Date
- Fix undefined behaviour problems regarding integer overflow in extreme edge cases. (nielsdos, cmb, ilutov)
- The
DATE_RFC7231 and DateTimeInterface::RFC7231 constants have been deprecated. (jorgsowa)
- Fixed
date_sunrise() and date_sunset() with partial-hour UTC offset. (ilutov)
- Fixed GH-17159: "P" format for
::createFromFormat swallows string literals. (nielsdos)
- The
__wakeup() magic method of DateTimeInterface, DateTime, DateTimeImmutable, DateTimeZone, DateInterval, and DatePeriod has been deprecated in favour of the __unserialize() magic method. (Girgias) [cite: 338, 339]
-
DOM
- Added
Dom\Element::$outerHTML. (nielsdos)
- Added
Dom\Element::insertAdjacentHTML(). (nielsdos)
- Added
$children property to ParentNode implementations. (nielsdos)
- Make cloning DOM node lists, maps, and collections fail. (nielsdos)
- Added
Dom\Element::getElementsByClassName(). (nielsdos)
- Fixed bug GH-18877 (
\Dom\HTMLDocument querySelectorAll selecting only the first when using ~ and :has). (nielsdos, lexborisov)
- Fix
getNamedItemNS() incorrect namespace check. (nielsdos) [cite: 341, 342]
-
Enchant
- Added
enchant_dict_remove_from_session(). (nielsdos)
- Added
enchant_dict_remove(). (nielsdos)
- Fix missing empty string checks. (nielsdos)
-
EXIF
- Add
OffsetTime* Exif tags. (acc987)
- Added support to retrieve Exif from HEIF file. (Benstone Zhang)
- Fix OSS-Fuzz #442954659 (zero-size box in HEIF file causes infinite loop). (nielsdos)
- Fix OSS-Fuzz #442954659 (Crash in
exif_scan_HEIF_header). (nielsdos)
- Various hardening fixes to HEIF parsing. (nielsdos)
-
FileInfo
- The
finfo_close() function has been deprecated. (timwolla)
- The
$context parameter of the finfo_buffer() function has been deprecated as it is ignored. (Girgias)
- Upgrade to file 5.46. (nielsdos)
- Change return type of
finfo_close() to true. (timwolla)
-
Filter
- Added support for configuring the URI parser for
FILTER_VALIDATE_URL as described in the URL parsing API plugability RFC. (kocsismate) [cite: 347, 348]
- Fixed bug GH-16993 (
filter_var_array with FILTER_VALIDATE_INT|FILTER_NULL_ON_FAILURE should emit warning for invalid filter usage). (alexandre-daubois)
-
FPM
- Fixed bug GH-19817 (Decode
SCRIPT_FILENAME issue in php 8.5). (Jakub Zelenka)
- Fixed bug GH-19989 (PHP 8.5 FPM access log lines also go to STDERR). (Jakub Zelenka)
- Fixed GH-17645 (FPM with httpd ProxyPass does not decode script path). (Jakub Zelenka)
- Make FPM access log limit configurable using
log_limit. (Jakub Zelenka)
- Fixed failed debug assertion when
php_admin_value setting fails. (ilutov)
- Fixed GH-8157 (
post_max_size evaluates .user.ini too late in php-fpm). (Jakub Zelenka)
-
GD
- Fixed bug #68629 (Transparent artifacts when using imagerotate). (pierre, cmb) [cite: 353, 354]
- Fixed bug #64823 (ZTS GD fails to find system TrueType font). (cmb)
- Fix incorrect comparison with result of
php_stream_can_cast(). (Girgias) [cite: 354, 355]
- The
imagedestroy() function has been deprecated. (DanielEScherzer)
-
Iconv
- Extends the
ICONV_CONST preprocessor for illumos/solaris. (jMichaelA)
-
Intl
- Bumped ICU requirement to ICU >= 57.1. (cmb)
IntlDateFormatter::setTimeZone()/datefmt_set_timezone() throws an exception with uninitialised classes or clone failure. (David Carlier)- Added
DECIMAL_COMPACT_SHORT/DECIMAL_COMPACT_LONG for NumberFormatter class. (BogdanUngureanu)
- Added
Locale::isRightToLeft to check if a locale is written right to left. (David Carlier)
- Added null bytes presence in locale inputs for
Locale class. (David Carlier)
- Added
grapheme_levenshtein() function. (Yuya Hamada)
- Added
Locale::addLikelySubtags/Locale::minimizeSubtags to handle adding/removing likely subtags to a locale. (David Carlier)
- Added
IntlListFormatter class to format a list of items with a locale, operands types and units. (BogdanUngureanu)
- Added
grapheme_strpos(), grapheme_stripos(), grapheme_strrpos(), grapheme_strripos(), grapheme_substr(), grapheme_strstr(), grapheme_stristr() and grapheme_levenshtein() functions add $locale parameter (Yuya Hamada).
- Fixed bug GH-11952 (Fix locale strings canonicalization for
IntlDateFormatter and NumberFormatter). (alexandre-daubois)
- Fixed bug GH-18566 ([intl] Weird numeric sort in Collator). (nielsdos) [cite: 362, 363]
- Fix return value on failure for resourcebundle count handler. (Girgias)
- Fixed bug GH-19307 (PGO builds of shared ext-intl are broken). (cmb)
- Intl's internal error mechanism has been modernized so that it indicates more accurately which call site caused what error. Moreover, some ext/date exceptions have been wrapped inside a
IntlException now. (Girgias)
- The
intl.error_level INI setting has been deprecated. (Girgias)
-
LDAP
- Allow
ldap_get_option to retrieve global option by allowing NULL for connection instance ($ldap). (Remi)
-
MBstring
- Updated Unicode data tables to Unicode 17.0. (Yuya Hamada)
-
MySQLi
- Fixed bugs GH-17900 and GH-8084 (calling
mysqli::__construct twice). (nielsdos)
- The
mysqli_execute() alias function has been deprecated. (timwolla)
-
MySQLnd
- Added
mysqlnd.collect_memory_statistics to ini quick reference. (hauk92)
-
ODBC
- Removed driver-specific build flags and support. (Calvin Buckley)
- Remove
ODBCVER and assume ODBC 3.5. (Calvin Buckley)
-
Opcache
- Make OPcache non-optional (Arnaud, timwolla)
- Added
opcache.file_cache_read_only. (Samuel Melrose)
- Updated default value of
opcache.jit_hot_loop. (Arnaud)
- Log a warning when opcache lock file permissions could not be changed. (Taavi Eomäe)
- Fixed bug GH-20012 (heap buffer overflow in jit). (Arnaud)
- Partially fixed bug GH-17733 (Avoid calling wrong function when reusing file caches across differing environments). (ilutov) [cite: 373, 374]
- Disallow changing
opcache.memory_consumption when SHM is already set up. (timwolla)
- Fixed bug GH-15074 (Compiling opcache statically into ZTS PHP fails). (Arnaud)
- Fixed bug GH-17422 (OPcache bypasses the user-defined error handler for deprecations). (Arnaud, timwolla)
- Fixed bug GH-19301 (opcache build failure). (Remi)
- Fixed bug GH-20081 (access to uninitialized vars in
preload_load()). (Arnaud)
- Fixed bug GH-20121 (JIT broken in ZTS builds on MacOS 15). (Arnaud, Shivam Mathur)
- Fixed bug GH-19875 (JIT 1205 segfault on large file compiled in subprocess). (Arnaud)
- Fixed segfault in function JIT due to NAN to bool warning. (Girgias)
- Fixed bug GH-19984 (Double-free of
EG(errors)/persistent_script->warnings on persist of already persisted file). (ilutov, Arnaud)
- Fixed bug GH-19889 (race condition in
zend_runtime_jit(), zend_jit_hot_func()). (Arnaud) [cite: 381, 382]
- Fixed bug GH-19669 (assertion failure in
zend_jit_trace_type_to_info_ex). (Arnaud)
- Fixed bug GH-19831 (function JIT may not deref property value). (Arnaud)
- Fixed bug GH-19486 (Incorrect opline after deoptimization). (Arnaud)
- Fixed bug GH-19601 (Wrong JIT stack setup on aarch64/clang). (Arnaud)
- Fixed bug GH-19388 (Broken
opcache.huge_code_pages). (Arnaud)
- Fixed bug GH-19657 (Build fails on non-glibc/musl/freebsd/macos/win platforms). (Arnaud)
- Fixed ZTS OPcache build on Cygwin. (cmb) [cite: 384, 385]
- Fixed bug GH-19493 (JIT variable not stored before YIELD). (Arnaud)
-
OpenSSL
- Added
openssl.libctx INI that allows to select the OpenSSL library context type and convert various parts of the extension to use the custom libctx. (Jakub Zelenka) [cite: 386, 387]
- Add
$digest_algo parameter to openssl_public_encrypt() and openssl_private_decrypt() functions. (Jakub Zelenka)
- Implement #81724 (
openssl_cms_encrypt only allows specific ciphers). (Jakub Zelenka)
- Implement #80495 (Enable to set padding in
openssl_(sign|verify)). (Jakub Zelenka)
- Implement #47728 (
openssl_pkcs7_sign ignores new openssl flags). (Jakub Zelenka)
- Fixed bug GH-19994 (
openssl_get_cipher_methods inconsistent with fetching). (Jakub Zelenka)
- Fixed build when
--with-openssl-legacy-provider set. (Jakub Zelenka)
- Fixed bug GH-19369 (8.5 | Regression in
openssl_sign() - support for alias algorithms appears to be broken). (Jakub Zelenka)
- The
$key_length parameter for openssl_pkey_derive() has been deprecated. (Girgias)
-
Output
- Fixed calculation of aligned buffer size. (cmb)
-
PCNTL
- Extend
pcntl_waitid with rusage parameter. (vrza)
-
PCRE
- Remove
PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK from pcre compile options. (mvorisek)
-
PDO
- Fixed bug GH-20095 (Incorrect class name in deprecation message for PDO mixins). (timwolla)
- Driver specific methods and constants in the PDO class are now deprecated. (Arnaud) [cite: 388, 389]
- The "uri:" DSN scheme has been deprecated due to security concerns with DSNs coming from remote URIs. (timwolla) [cite: 389, 390]
-
PDO_ODBC
- Fetch larger block sizes and better handle
SQL_NO_TOTAL when calling SQLGetData. (Calvin Buckley, Saki Takamachi)
-
PDO_PGSQL
- Added Iterable support for
PDO::pgsqlCopyFromArray. (KentarouTakeda)
- Implement GH-15387
Pdo\Pgsql::setAttribute(PDO::ATTR_PREFETCH, 0) or Pdo\Pgsql::prepare(…, [ PDO::ATTR_PREFETCH => 0 ]) make fetch() lazy instead of storing the whole result set in memory (Guillaume Outters)
-
PDO_SQLITE
- Add
PDO\Sqlite::ATTR_TRANSACTION_MODE connection attribute. (Samuel Štancl)
- Implement GH-17321: Add
setAuthorizer to Pdo\Sqlite. (nielsdos)
PDO::sqliteCreateCollation now throws a TypeError if the callback has a wrong return type. (David Carlier)- Added
Pdo_Sqlite::ATTR_BUSY_STATEMENT constant to check if a statement is currently executing. (David Carlier)
- Added
Pdo_Sqlite::ATTR_EXPLAIN_STATEMENT constant to set a statement in either EXPLAIN_MODE_PREPARED, EXPLAIN_MODE_EXPLAIN, EXPLAIN_MODE_EXPLAIN_QUERY_PLAN modes. (David Carlier)
- Fix bug GH-13952 (sqlite
PDO::quote silently corrupts strings with null bytes) by throwing on null bytes. (divinity76)
-
PGSQL
- Added
pg_close_stmt to close a prepared statement while allowing its name to be reused. (David Carlier)
- Added Iterable support for
pgsql_copy_from. (David Carlier) [cite: 397, 398]
pg_connect checks if connection_string contains any null byte, pg_close_stmt check if the statement contains any null byte. (David Carlier)- Added
pg_service to get the connection current service identifier. (David Carlier)
- Fix segfaults when attempting to fetch row into a non-instantiable class name. (Girgias, nielsdos)
-
Phar
- Fix potential buffer length truncation due to usage of type
int instead of type size_t. (Girgias)
- Fixed memory leaks when verifying OpenSSL signature. (Girgias)
-
POSIX
- Added
POSIX_SC_OPEN_MAX constant to get the number of file descriptors a process can handle. (David Carlier) [cite: 402, 403]
posix_ttyname() sets last_error to EBADF on invalid file descriptors, posix_isatty() raises E_WARNING on invalid file descriptors, posix_fpathconf checks invalid file descriptors. (David Carlier) [cite: 403, 404]posix_kill and posix_setpgid throws a ValueError on invalid process_id. (David Carlier)posix_setpgid throws a ValueError on invalid process_group_id, posix_setrlimit throws a ValueError on invalid soft_limit and hard_limit arguments. (David Carlier)
-
Random
- Moves from
/dev/urandom usage to arc4random_buf on Haiku. (David Carlier)
-
Reflection
- Added
ReflectionConstant::getExtension() and ::getExtensionName(). (DanielEScherzer)
- Added
ReflectionProperty::getMangledName() method. (alexandre-daubois)
ReflectionConstant is no longer final. (sasezaki)- The
setAccessible() methods of various Reflection objects have been deprecated, as those no longer have an effect. (timwolla) [cite: 407, 408]
ReflectionClass::getConstant() for constants that do not exist has been deprecated. (DanielEScherzer)ReflectionProperty::getDefaultValue() for properties without default values has been deprecated. (DanielEScherzer)- Fixed bug GH-12856 (
ReflectionClass::getStaticPropertyValue() returns UNDEF zval for uninitialized typed properties). (nielsdos)
- Fixed bug GH-15766 (
ReflectionClass::__toString() should have better output for enums). (DanielEScherzer) [cite: 409, 410]
- Fix GH-19691 (
getModifierNames() not reporting asymmetric visibility). (DanielEScherzer)
- Fixed bug GH-17927 (Reflection: have some indication of property hooks in
_property_string()). (DanielEScherzer) [cite: 410, 411]
- Fixed bug GH-19187 (
ReflectionNamedType::getName() prints nullable type when retrieved from ReflectionProperty::getSettableType()). (ilutov)
- Fixed bug GH-20217 (
ReflectionClass::isIterable() incorrectly returns true for classes with property hooks). (alexandre-daubois)
-
SAPI
- Fixed bug GH-18582 and #81451:
http_response_code() does not override the status code generated by header(). (ilutov, Jakub Zelenka)
-
Session
session_start() throws a ValueError on option argument if not a hashmap or a TypeError if read_and_close value is not compatible with int. (David Carlier) [cite: 414, 415]- Added support for partitioned cookies. (nielsdos)
- Fix RC violation of session SID constant deprecation attribute. (ilutov)
- Fixed GH-19197: build broken with
ZEND_STRL usage with memcpy when implemented as macro. (David Carlier)
-
SimpleXML
- Fixed bug GH-12231 (SimpleXML xpath should warn when returning other return types than node lists). (nielsdos)
-
SNMP
snmpget, snmpset, snmp_get2, snmp_set2, snmp_get3, snmp_set3 and SNMP::__construct() throw an exception on invalid hostname, community timeout and retries arguments. (David Carlier)
-
SOAP
- Added support for configuring the URI parser for
SoapClient::__doRequest() as described in the URL parsing API plugability RFC. (kocsismate)
- Implement request #55503 (Extend
__getTypes to support enumerations). (nielsdos, datibbaw)
- Implement request #61105 (Support Soap 1.2 SoapFault Reason Text
lang attribute). (nielsdos) [cite: 420, 421]
- Fixed bug #49169 (
SoapServer calls wrong function, although "SOAP action" header is correct). (nielsdos)
- Fix namespace handling of WSDL and XML schema in SOAP, fixing at least GH-16320 and bug #68576. (nielsdos)
- Fixed bug #70951 (Segmentation fault on invalid WSDL cache). (nielsdos)
- Fixed bug GH-19773 (SIGSEGV due to uninitialized
soap_globals->lang_en). (nielsdos, KaseyJenkins)
- Fixed bug GH-19226 (Segfault when spawning new thread in soap extension). (Florian Engelhardt)
-
Sockets
- Added
IPPROTO_ICMP/IPPROTO_ICMPV6 to create raw socket for ICMP usage. (David Carlier)
- Added
TCP_FUNCTION_BLK to change the TCP stack algorithm on FreeBSD. (David Carlier)
- Added
IP_BINDANY for a socket to bind to any address. (David Carlier)
- Added
SO_BUSY_POOL to reduce packets poll latency. (David Carlier) [cite: 427, 428]
- Added
UDP_SEGMENT support to optimise multiple large datagrams over UDP if the kernel and hardware supports it. (David Carlier)
- Added
SHUT_RD, SHUT_WR and SHUT_RDWR constants for socket_shutdown(). (David Carlier)
- Added
TCP_FUNCTION_ALIAS, TCP_REUSPORT_LB_NUMA, TCP_REUSPORT_LB_NUMA_NODOM, TCP_REUSPORT_LB_CURDOM, TCP_BBR_ALGORITHM constants.
socket_set_option() catches possible overflow with SO_RCVTIMEO/SO_SNDTIMEO with timeout setting on windows. (David Carlier)socket_create_listen() throws an exception on invalid port value. (David Carlier) [cite: 430, 431]socket_bind() throws an exception on invalid port value. (David Carlier)socket_sendto() throws an exception on invalid port value. (David Carlier) [cite: 431, 432]socket_addrinfo_lookup throws an exception on invalid hints value types. (David Carlier)socket_addrinfo_lookup throws an exception if any of the hints value overflows. (David Carlier)socket_addrinfo_lookup throws an exception if one or more hints entries has an index as numeric. (David Carlier)socket_set_option with the options MCAST_LEAVE_GROUP/MCAST_LEAVE_SOURCE_GROUP will throw an exception if its value is not a valid array/object. (David Carlier)socket_getsockname/socket_create/socket_bind handled AF_PACKET family socket. (David Carlier)socket_set_option for multicast context throws a ValueError when the socket family is not of AF_INET/AF_INET6 family. (David Carlier) [cite: 436, 437]
-
Sodium
- Fix overall theoretical overflows on
zend_string buffer allocations. (David Carlier/nielsdos)
-
SPL
- Fixed bug GH-20101 (
SplHeap/SplPriorityQueue serialization exposes INDIRECTs). (nielsdos) [cite: 437, 438]
- Improve
__unserialize() hardening for SplHeap/SplPriorityQueue. (nielsdos)
- Deprecate
ArrayObject and ArrayIterator with objects. (Girgias)
- Unregistering all autoloaders by passing the
spl_autoload_call() function as a callback argument to spl_autoload_unregister() has been deprecated. (Girgias)
- The
SplObjectStorage::contains(), SplObjectStorage::attach(), and SplObjectStorage::detach() methods have been deprecated in favour of SplObjectStorage::offsetExists(), SplObjectStorage::offsetSet(), and SplObjectStorage::offsetUnset() respectively. (Girgias)
-
Sqlite
- Added
Sqlite3Stmt::busy to check if a statement is still being executed. (David Carlier)
- Added
Sqlite3Stmt::explain to produce an explain query plan from the statement. (David Carlier)
- Added
Sqlite3Result::fetchAll to return all results at once from a query. (David Carlier)
-
Standard
- Add HEIF/HEIC support to
getimagesize. (Benstone Zhang) [cite: 444, 445]
- Added support for partitioned cookies. (nielsdos)
- Implement #71517 (Implement SVG support for
getimagesize() and friends). (nielsdos)
- Implement GH-19188: Add support for new INI
mail.cr_lf_mode. (alexandre-daubois)
- Optimized PHP
html_entity_decode function. (Artem Ukrainskiy)
- Minor optimization to
array_chunk(). (nielsdos)
- Optimized
pack(). (nielsdos, divinity76)
- Fixed
crypt() tests on musl when using --with-external-libcrypt (Michael Orlitzky).
- Fixed bug GH-18062 (
is_callable(func(...), callable_name: $name) for first class callables returns wrong name). (timwolla)
- Added
array_first() and array_last(). (nielsdos)
- Fixed bug GH-18823 (
setlocale's 2nd and 3rd argument ignores strict_types). (nielsdos)
- Fixed exit code handling of sendmail cmd and added warnings. (Jesse Hathaway)
- Fixed bug GH-18897 (
printf: empty precision is interpreted as precision 6, not as precision 0). (nielsdos)
- Fixed bug GH-20257 (
mail() heap overflow with an empty message in lf mode). (David Carlier)
- Fixed bug GH-20201 (AVIF images misdetected as HEIF after introducing HEIF support in
getimagesize()). (nielsdos)
- Fixed bug GH-19926 (reset internal pointer earlier while splicing array while COW violation flag is still set). (alexandre-daubois)
- Fixed bug GH-19801 (leaks in
var_dump() and debug_zval_dump()). (alexandre-daubois)
- Fixed GH-14402 (
SplPriorityQueue, SplMinHeap, and SplMaxHeap lost their data on serialize()). (alexandre-daubois)
- Fixed GH-19610 (Deprecation warnings in functions taking as argument). (Girgias)
- Fixed bug GH-19577 (Avoid integer overflow when using a small offset and
PHP_INT_MAX with LimitIterator). (alexandre-daubois)
- Fixed bug GH-19153 (
- Fixed bug GH-19070 (
setlocale($type, NULL) should not be deprecated). (nielsdos)
- Fixed bug GH-16649 (UAF during
array_splice). (alexandre-daubois)
- Passing strings which are not one byte long to
ord() is now deprecated. (Girgias) [cite: 459, 460]
- Passing integers outside the interval [0, 255] to
chr() is now deprecated. (Girgias)
- The
socket_set_timeout() alias function has been deprecated. (timwolla)
- Passing
null to readdir(), rewinddir(), and closedir() to use the last opened directory has been deprecated. (Girgias) [cite: 461, 462]
-
Streams
- Fixed bug GH-16889 (
stream_select() timeout useless for pipes on Windows). (cmb)
- Fixed bug GH-19798:
XP_SOCKET XP_SSL (Socket stream modules): Incorrect condition for Win32/Win64. (Jakub Zelenka)
- Fixed bug GH-14506 (Closing a userspace stream inside a userspace handler causes heap corruption). (nielsdos)
- Avoid double conversion to string in
php_userstreamop_readdir(). (nielsdos)
-
Tests
- Allow to shuffle tests even in non-parallel mode. (dhuang00)
-
Tidy
tidy::__construct/parseFile/parseString methods throw an exception if the configuration argument is invalid. (David Carlier)- Fixed GH-19021 (improved
tidyOptGetCategory detection). (arjendekorte, David Carlier, Peter Kokot) [cite: 466, 467]
-
Tokenizer
- Fixed bug GH-19507 (Corrupted result after recursive tokenization during
token_get_all()). (kubawerlos, nielsdos, Arnaud)
-
Windows
- Fixed bug GH-10992 (Improper long path support for relative paths). (cmb, nielsdos)
- Fixed bug GH-16843 (Windows
phpize builds ignore source subfolders). (cmb) [cite: 468, 469]
- Fix GH-19722 (
_get_osfhandle asserts in debug mode when given a socket). (dktapps)
-
XML
- The
xml_parser_free() function has been deprecated. (DanielEScherzer) [cite: 469, 470]
-
XMLWriter
- Improved performance and reduce memory consumption. (nielsdos)
-
XSL
- Implement request #30622 (make
$namespace parameter functional). (nielsdos)
-
Zlib
gzfile, gzopen and readgzfile, their "use_include_path" argument is now a boolean. (David Carlier)- Fixed bug GH-16883 (
gzopen() does not use the default stream context when opening HTTP URLs). (nielsdos)
- Implemented GH-17668 (zlib streams should support locking). (nielsdos)
-
Zip
- Fixed missing
zend_release_fcall_info_cache on the following methods ZipArchive::registerProgressCallback() and ZipArchive::registerCancelCallback() on failure. (David Carlier) [cite: 473, 474]
Check out more at
