PHP Changelog

New in version 5.4.43

July 12th, 2015
  • Core:
  • Fixed bug #69768 (escapeshell*() doesn't cater to !).
  • Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776.
  • Mysqlnd:
  • Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM) (CVE-2015-3152).
  • Phar:
  • Fixed bug #69958 (Segfault in Phar::convertToData on invalid file).
  • Fixed bug #69923 (Buffer overflow and stack smashing error in phar_fix_filepath).

New in version 5.4.42 (June 12th, 2015)

  • Core:
  • Imroved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow).
  • Fixed bug #69646 (OS command injection vulnerability in escapeshellarg).
  • Fixed bug #69719 (Incorrect handling of paths with NULs).
  • Litespeed SAPI:
  • Fixed bug #68812 (Unchecked return value).
  • Mail:
  • Fixed bug #68776 (mail() does not have mail header injection prevention for additional headers).
  • Postgres:
  • Fixed bug #69667 (segfault in php_pgsql_meta_data).
  • Sqlite3:
  • Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416)

New in version 5.4.41 (May 15th, 2015)

  • Core:
  • Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability).
  • Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
  • Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+).
  • Fixed bug #69522 (heap buffer overflow in unpack()).
  • FTP:
  • Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow).
  • PCNTL:
  • Fixed bug #68598 (pcntl_exec() should not allow null char).
  • PCRE:
  • Upgraded pcrelib to 8.37.
  • Phar:
  • Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null).

New in version 5.4.40 (April 17th, 2015)

  • Apache2handler:
  • Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler).
  • Core:
  • Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString).
  • Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability).
  • Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions).
  • cURL:
  • Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER).
  • Ereg:
  • Fixed bug #68740 (NULL Pointer Dereference).
  • Fileinfo:
  • Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault).
  • GD:
  • Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (CVE-2014-9709)
  • Phar:
  • Fixed bug #68901 (use after free). (CVE-2015-2301)
  • Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (CVE-2015-2783)
  • Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode).
  • Postgres:
  • Fixed bug #68741 (Null pointer deference) (CVE-2015-1352).
  • SOAP:
  • Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize() with SoapFault).
  • Sqlite3:
  • Fixed bug #66550 (SQLite prepared statement use-after-free).

New in version 5.4.39 (March 20th, 2015)

  • Core:
  • Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (CVE-2015-0231)
  • Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
  • Fixed bug #69207 (move_uploaded_file allows nulls in path).
  • Ereg:
  • Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (CVE-2015-2305)
  • SOAP:
  • Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()).
  • ZIP:
  • Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary). (CVE-2015-2331)

New in version 5.4.38 (February 19th, 2015)

  • Core:
  • Removed support for multi-line headers, as they are deprecated by RFC 7230.
  • Added NULL byte protection to exec, system and passthru.
  • Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow).
  • Fixed bug #67827 (broken detection of system crypt sha256/sha512 support).
  • Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273)
  • Enchant:
  • Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()).
  • SOAP:
  • Fixed bug #67427 (SoapServer cannot handle large messages).

New in version 5.4.36 (January 16th, 2015)

  • Core:
  • Upgraded crypt_blowfish to version 1.3.
  • Fixed bug #68545 (NULL pointer dereference in unserialize.c).
  • Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
  • Mcrypt:
  • Fixed possible read after end of buffer and use after free.

New in version 5.4.23 (December 14th, 2013)

  • Core:
  • Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string).
  • Fixed bug #65947 (basename is no more working after fgetcsv in certain situation).
  • JSON:
  • Fixed whitespace part of #64874 ("json_decode handles whitespace and case-sensitivity incorrectly").
  • MySQLi:
  • Fixed bug #66043 (Segfault calling bind_param() on mysqli).
  • mysqlnd:
  • Fixed bug #66124 (mysqli under mysqlnd loses precision when bind_param with 'i').
  • Fixed bug #66141 (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES after failed query).
  • OpenSSL:
  • Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser).
  • PDO:
  • Fixed bug #65946 (sql_parser permanently converts values bound to strings).

New in version 5.4.22 (November 15th, 2013)

  • Core:
  • Fixed bug #65911 (scope resolution operator - strange behavior with $this).
  • CLI server:
  • Fixed bug #65818 (Segfault with built-in webserver and chunked transfer encoding).
  • Exif:
  • Fixed crash on unknown encoding.
  • FTP:
  • Fixed bug #65667 (ftp_nb_continue produces segfault).
  • ODBC:
  • Fixed bug #65950 (Field name truncation if the field name is bigger than 32 characters).
  • Sockets:
  • Fixed bug #65808 (the socket_connect() won't work with IPv6 address).
  • Standard:
  • Fixed bug #64760 (var_export() does not use full precision for floating-point numbers).
  • XMLReader:
  • Fixed bug #51936 (Crash with clone XMLReader).
  • Fixed bug #64230 (XMLReader does not suppress errors).

New in version 5.4.21 (October 30th, 2013)

  • Core:
  • Fixed bug #65322 (compile time errors won't trigger auto loading).
  • CLI server:
  • Fixed bug #65633 (built-in server treat some http headers as case-sensitive).
  • Datetime:
  • Fixed bug #64157 (DateTime::createFromFormat() reports confusing error message).
  • DBA extension:
  • Fixed bug #65708 (dba functions cast $key param to string in-place, bypassing copy on write).
  • Filter:
  • Add RFC 6598 IPs to reserved addresses.
  • Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names).
  • IMAP:
  • Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling imap).
  • Standard:
  • Fixed bug #61548 (content-type must appear at the end of headers for 201 Location to work in http).
  • Build system:
  • Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing gzencode())).

New in version 5.4.20 (September 20th, 2013)

  • Core:
  • Fixed bug #60598 (cli/apache sapi segfault on objects manipulation).
  • Fixed bug #65579 (Using traits with get_class_methods causes segfault).
  • Fixed bug #65490 (Duplicate calls to get lineno & filename for DTRACE_FUNCTION_*).
  • Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding spaces).
  • Fixed bug #65481 (shutdown segfault due to serialize).
  • Fixed bug #65470 (Segmentation fault in zend_error() with --enable-dtrace).
  • Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference fails).
  • Fixed bug #65304 (Use of max int in array_sum).
  • Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very limited case).
  • Fixed bug #65225 (PHP_BINARY incorrectly set).
  • Improved fix for bug #63186 (compile failure on netbsd).
  • Fixed bug #62692 (PHP fails to build with DTrace).
  • Fixed bug #61759 (class_alias() should accept classes with leading backslashes).
  • Fixed bug #61345 (CGI mode - make install don't work).
  • Cherry-picked some DTrace build commits (allowing builds on Linux, bug #62691 and bug #63706) from PHP 5.5 branch.
  • Fixed bug #61268 (--enable-dtrace leads make to clobber Zend/zend_dtrace.d)
  • cURL:
  • Fixed bug #65458 (curl memory leak).
  • Datetime:
  • Fixed bug #65554 (createFromFormat broken when weekday name is followed by some delimiters)
  • Fixed bug #65564 (stack-buffer-overflow in DateTimeZone stuff caught by AddressSanitizer)
  • Openssl:
  • Fixed bug #64802 (openssl_x509_parse fails to parse subject properly in some cases).
  • Session:
  • Fixed bug #62129 (rfc1867 crashes php even though turned off).
  • Fixed bug #50308 (session id not appended properly for empty anchor tags).
  • Fixed possible buffer overflow under Windows. Note: Not a security fix.
  • Changed session.auto_start to PHP_INI_PERDIR.
  • SOAP:
  • Fixed bug #65018 (SoapHeader problems with SoapServer).
  • SPL:
  • Fixed bug #65328 (Segfault when getting SplStack object Value).
  • PDO:
  • Fixed bug #64953 (Postgres prepared statement positional parameter casting).
  • Phar:
  • Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for some specific contents).
  • Pgsql:
  • Fixed bug #65336 (pg_escape_literal/identifier() silently returns false).
  • Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update() /pg_delete()/pg_insert()).
  • Zlib:
  • Fixed bug #65391 (Unable to send vary header user-agent when ob_start('ob_gzhandler') is called).

New in version 5.4.19 (August 23rd, 2013)

  • Core:
  • Fixed bug #64503 (Compilation fails with error: conflicting types for 'zendparse').
  • Openssl:
  • Fixed UMR in fix for CVE-2013-4248.

New in version 5.3.26 (June 7th, 2013)

  • Core:
  • Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, CVE-2013-2110).
  • Calendar:
  • Fixed bug #64895 (Integer overflow in SndToJewish).
  • FPM:
  • Fixed some possible memory or resource leaks and possible null dereference detected by code coverity scan.
  • Log a warning when a syscall fails.
  • MySQLi:
  • Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB pointer has closed).
  • Phar:
  • Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or with non std tmp dir).
  • Streams:
  • Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() on Windows x64).
  • Zend Engine:
  • Fixed bug #64821 (Custom Exception crash when internal properties overridden).

New in version 5.3.19 (November 23rd, 2012)

  • These releases fix over 15 bugs. All users of PHP are encouraged to upgrade to PHP 5.4.9, or at least 5.3.19.

New in version 5.3.18 (October 19th, 2012)

  • Fixed bug #63111 (is_callable() lies for abstract static method)
  • Fixed bug #61442 (exception threw in __autoload can not be catched

New in version 5.3.17 (October 5th, 2012)

  • Fixed bug #62955 (Only one directive is loaded from "Per Directory Values" Windows registry).
  • Fixed bug #62460 (php binaries installed as binary.dSYM).

New in version 5.3.14 (June 15th, 2012)

  • The release fixes multiple security issues: A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension
  • PHP 5.4.4 and PHP 5.3.14 fixes over 30 bugs. Please note that the use of php://fd streams is now restricted to the CLI SAPI

New in version 5.2.14 (July 23rd, 2010)

  • Security Enhancements and Fixes in PHP 5.2.14:
  • Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.
  • Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
  • Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
  • Fixed a possible memory corruption in substr_replace().
  • Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
  • Fixed a possible stack exaustion inside fnmatch().
  • Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
  • Fixed handling of session variable serialization on certain prefix characters.
  • Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.
  • Key enhancements in PHP 5.2.14 include:
  • Upgraded bundled PCRE to version 8.02.
  • Updated timezone database to version 2010.5.
  • Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
  • Fixed bug #52237 (Crash when passing the reference of the property of a non-object).
  • Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
  • Fixed bug #51822 (Segfault with strange __destruct() for static class variables).
  • Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues).
  • Fixed bug #49267 (Linking fails for iconv on MacOS: "Undefined symbols: _libiconv").

New in version 5.2.13 (March 4th, 2010)

  • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
  • Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. (Ilia)
  • Improved LCG entropy. (Rasmus, Samy Kamkar)

New in version 5.2.10 (July 7th, 2009)

  • Security Fixes:
  • Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)
  • Updated timezone database to version 2009.9 (2009i) (Derick)
  • Added "ignore_errors" option to http fopen wrapper. (David Zulke, Sara)
  • Added new CURL options CURLOPT_REDIR_PROTOCOLS, CURLOPT_PROTOCOLS, and CURLPROTO_* for redirect fixes in CURL 7.19.4. (Yoram Bar Haim, Stas)
  • Added support for Sun CC (FR #46595 and FR #46513). (David Soria Parra)
  • Changed default value of array_unique()'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi)
  • Fixed memory corruptions while reading properties of zip files. (Ilia)
  • Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)
  • Fixed segfault on invalid session.save_path. (Hannes)
  • Fixed leaks in imap when a mail_criteria is used. (Pierre)
  • Fixed missing erealloc() in fix for bug #40091 in spl_autoload_register. (Greg)
  • Fixed bug #48562 (Reference recursion causes segfault when used in wddx_serialize_vars()). (Felipe)
  • Fixed bug #48557 (Numeric string keys in Apache Hashmaps are not cast to integers). (David Zuelke)
  • Fixed bug #48518 (curl crashes when writing into invalid file handle). (Tony)
  • Fixed bug #48514 (cURL extension uses same resource name for simple and multi APIs). (Felipe)
  • Fixed bug #48469 (ldap_get_entries() leaks memory on empty search results). (Patrick)
  • Fixed bug #48456 (CPPFLAGS not restored properly in phpize.m4). (Jani, spisek at kerio dot com)
  • Fixed bug #48448 (Compile failure under IRIX 6.5.30 building cast.c). (Kalle)
  • Fixed bug #48441 (ldap_search() sizelimit, timelimit and deref options persist). (Patrick)
  • Fixed bug #48434 (Improve memory_get_usage() accuracy). (Arnaud)
  • Fixed bug #48416 (Force a cache limit in ereg() to stop excessive memory usage). (Scott)
  • Fixed bug #48409 (Crash when exception is thrown while passing function arguments). (Arnaud)
  • Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)
  • Fixed bug #48359 (Script hangs on snmprealwalk if OID is not increasing). (Ilia, simonov at gmail dot com)
  • Fixed bug #48336 (ReflectionProperty::getDeclaringClass() does not work with redeclared property). (patch by Markus dot Lidel at shadowconnect dot com)
  • Fixed bug #48326 (constant MSG_DONTWAIT not defined). (Arnaud)
  • Fixed bug #48313 (fgetcsv() does not return null for empty rows). (Ilia)
  • Fixed bug #48309 (stream_copy_to_stream() and fpasstru() do not update stream position of plain files). (Arnaud)
  • Fixed bug #48307 (stream_copy_to_stream() copies 0 bytes when $source is a socket). (Arnaud)
  • Fixed bug #48273 (snmp*_real_walk() returns SNMP errors as values). (Ilia, lytboris at gmail dot com)
  • Fixed bug #48256 (Crash due to double-linking of history.o). (tstarling at wikimedia dot org)
  • Fixed bug #48248 (SIGSEGV when access to private property via &__get). (Felipe)
  • Fixed bug #48247 (Crash on errors during startup). (Stas)
  • Fixed bug #48240 (DBA Segmentation fault dba_nextkey). (Felipe)
  • Fixed bug #48224 (Incorrect shuffle in array_rand). (Etienne)
  • Fixed bug #48221 (memory leak when passing invalid xslt parameter). (Felipe)
  • Fixed bug #48207 (CURLOPT_(FILE|WRITEHEADER options do not error out when working with a non-writable stream). (Ilia)
  • Fixed bug #48206 (Iterating over an invalid data structure with RecursiveIteratorIterator leads to a segfault). (Scott)
  • Fixed bug #48204 (xmlwriter_open_uri() does not emit warnings on invalid paths). (Ilia)
  • Fixed bug #48203 (Crash when CURLOPT_STDERR is set to regular file). (Jani)
  • Fixed bug #48202 (Out of Memory error message when passing invalid file path) (Pierre)
  • Fixed bug #48156 (Added support for lcov v1.7). (Ilia)
  • Fixed bug #48132 (configure check for curl ssl support fails with --disable-rpath). (Jani)
  • Fixed bug #48131 (Don't try to bind ipv4 addresses to ipv6 ips via bindto). (Ilia)
  • Fixed bug #48070 (PDO_OCI: Segfault when using persistent connection). (Pierre, Matteo, jarismar dot php at gmail dot com)
  • Fixed bug #48058 (Year formatter goes wrong with out-of-int range). (Derick)
  • Fixed bug #48038 (odbc_execute changes variables used to form params array). (Felipe)
  • Fixed bug #47997 (stream_copy_to_stream returns 1 on empty streams). (Arnaud)
  • Fixed bug #47991 (SSL streams fail if error stack contains items). (Mikko)
  • Fixed bug #47981 (error handler not called regardless). (Hannes)
  • Fixed bug #47969 (ezmlm_hash() returns different values depend on OS). (Ilia)
  • Fixed bug #47946 (ImageConvolution overwrites background). (Ilia)
  • Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt)
  • Fixed bug #47937 (system() calls sapi_flush() regardless of output buffering). (Ilia)
  • Fixed bug #47903 ("@" operator does not work with string offsets). (Felipe)
  • Fixed bug #47893 (CLI aborts on non blocking stdout). (Arnaud)
  • Fixed bug #47849 (Non-deep import loses the namespace). (Rob)
  • Fixed bug #47845 (PDO_Firebird omits first row from query). (Lars W)
  • Fixed bug #47836 (array operator [] inconsistency when the array has PHP_INT_MAX index value). (Matt)
  • Fixed bug #47831 (Compile warning for strnlen() in main/spprintf.c). (Ilia, rainer dot jung at kippdata dot de)
  • Fixed bug #47828 (openssl_x509_parse() segfaults when a UTF-8 conversion fails). (Scott, Kees Cook, Pierre)
  • Fixed bug #47818 (Segfault due to bound callback param). (Felipe)
  • Fixed bug #47801 (__call() accessed via parent:: operator is provided incorrect method name). (Felipe)
  • Fixed bug #47769 (Strange extends PDO). (Felipe)
  • Fixed bug #47745 (FILTER_VALIDATE_INT doesn't allow minimum integer). (Dmitry)
  • Fixed bug #47721 (Alignment issues in mbstring and sysvshm extension) (crrodriguez at opensuse dot org, Ilia)
  • Fixed bug #47704 (PHP crashes on some "bad" operations with string offsets). (Dmitry)
  • Fixed bug #47695 (build error when xmlrpc and iconv are compiled against different iconv versions). (Scott)
  • Fixed bug #47667 (ZipArchive::OVERWRITE seems to have no effect). (Mikko, Pierre)
  • Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott)
  • Fixed bug #47639 (pg_copy_from() WARNING: nonstandard use of \ in a string literal). (Ilia)
  • Fixed bug #47616 (curl keeps crashing). (Felipe)
  • Fixed bug #47598 (FILTER_VALIDATE_EMAIL is locale aware). (Ilia)
  • Fixed bug #47566 (pcntl_wexitstatus() returns signed status). (patch by james at jamesreno dot com)
  • Fixed bug #47564 (unpacking unsigned long 32bit bit endian returns wrong result). (Ilia)
  • Fixed bug #47487 (performance degraded when reading large chunks after fix of bug #44607). (Arnaud)
  • Fixed bug #47468 (enable cli|cgi-only extensions for embed sapi). (Jani)
  • Fixed bug #47435 (FILTER_FLAG_NO_PRIV_RANGE does not work with ipv6 addresses in the filter extension). (Ilia)
  • Fixed bug #47430 (Errors after writing to nodeValue parameter of an absent previousSibling). (Rob)
  • Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems). (Ilia)
  • Fixed bug #47254 (Wrong Reflection for extends class). (Felipe)
  • Fixed bug #47042 (cgi sapi is incorrectly removing SCRIPT_FILENAME). (Sriram Natarajan, David Soria Parra)
  • Fixed bug #46882 (Serialize / Unserialize misbehaviour under OS with different bit numbers). (Matt)
  • Fixed bug #46812 (get_class_vars() does not include visible private variable looking at subclass). (Arnaud)
  • Fixed bug #46386 (Digest authentication with SOAP module fails against MSSQL SOAP services). (Ilia, lordelph at gmail dot com)
  • Fixed bug #46109 (Memory leak when mysqli::init() is called multiple times). (Andrey)
  • Fixed bug #45997 (safe_mode bypass with exec/system/passthru (windows only)). (Pierre)
  • Fixed bug #45877 (Array key '2147483647' left as string). (Matt)
  • Fixed bug #45822 (Near infinite-loops while parsing huge relative offsets). (Derick, Mike Sullivan)
  • Fixed bug #45799 (imagepng() crashes on empty image). (Martin McNickle, Takeshi Abe)
  • Fixed bug #45622 (isset($arrayObject->p) misbehaves with ArrayObject:: ARRAY_AS_PROPS set). (robin_fernandes at uk dot ibm dot com, Arnaud)
  • Fixed bug #45614 (ArrayIterator::current(), ::key() can show 1st private prop of wrapped object). (robin_fernandes at uk dot ibm dot com, Arnaud)
  • Fixed bug #45540 (stream_context_create creates bad http request). (Arnaud)
  • Fixed bug #45202 (zlib.output_compression can not be set with ini_set()). (Jani)
  • Fixed bug #45191 (error_log ignores date.timezone php.ini val when setting logging timestamps). (Derick)
  • Fixed bug #45092 (header HTTP context option not being used when compiled using --with-curlwrappers). (Jani)
  • Fixed bug #44996 (xmlrpc_decode() ignores time zone on iso8601.datetime). (Ilia, kawai at apache dot org)
  • Fixed bug #44827 (define() is missing error checks for class constants). (Ilia)
  • Fixed bug #44214 (Crash using preg_replace_callback() and global variables). (Nuno, Scott)
  • Fixed bug #43073 (TrueType bounding box is wrong for angle0). (Martin McNickle)
  • Fixed bug #42663 (gzinflate() try to allocate all memory with truncated data). (Arnaud)
  • Fixed bug #42414 (some odbc_*() functions incompatible with Oracle ODBC driver). (jhml at gmx dot net)
  • Fixed bug #42362 (HTTP status codes 204 and 304 should not be gzipped). (Scott, Edward Z. Yang)
  • Fixed bug #42143 (The constant NAN is reported as 0 on Windows) (Kanwaljeet Singla, Venkat Raman Don)
  • Fixed bug #38805 (PDO truncates text from SQL Server text data type field). (Steph)