PHP Changelog

New in version 5.6.3

December 17th, 2014
  • Core:
  • Implemented 64-bit format codes for pack() and unpack().
  • Fixed bug #51800 (proc_open on Windows hangs forever).
  • Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write).
  • Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)).
  • Fixed bug #67949 (DOMNodeList elements should be accessible through array notation) (Florian)
  • Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in php_getopt()).
  • Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined).
  • Fixed bug #68129 (parse_url() - incomplete support for empty usernames and passwords) (Tjerk)
  • Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
  • CURL:
  • Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus)
  • Fileinfo:
  • Fixed bug #66242 (libmagic: don't assume char is signed).
  • Fixed bug #68224 (buffer-overflow in libmagic/readcdf.c caught by AddressSanitizer).
  • Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers).
  • FPM:
  • Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass).
  • Implemented FR #55508 (listen and listen.allowed_clients should take IPv6 addresses).
  • GD:
  • Fixed bug #65171 (imagescale() fails without height param).
  • GMP:
  • Implemented gmp_random_range() and gmp_random_bits().
  • Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
  • Mysqli:
  • Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande)
  • ODBC:
  • Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by a VARCHAR column) (Keyur Govande)
  • OpenSSL:
  • Fixed bug #68074 (Allow to use system cipher list instead of hardcoded value).
  • PDO_pgsql:
  • Fixed bug #68199 (PDO::pgsqlGetNotify doesn't support NOTIFY payloads) (Matteo, Alain Laporte)
  • Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)
  • Reflection:
  • Fixed bug #68103 (Duplicate entry in Reflection for class alias).
  • SPL:
  • Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk)

New in version 5.6.1 (October 3rd, 2014)

  • Core:
  • Implemented FR #38409 (parse_ini_file() loses the type of booleans).
  • Fixed bug #65463 (SIGSEGV during zend_shutdown()).
  • Fixed bug #66036 (Crash on SIGTERM in apache process).
  • Fixed bug #67878 (program_prefix not honoured in man pages).
  • Fixed bug #67938 (Segfault when extending interface method with variadic).
  • Fixed bug #67985 (Incorrect last used array index copied to new array after unset).
  • Fixed bug #68088 (New Posthandler Potential Illegal efree() vulnerability).
  • DOM:
  • Made DOMNode::textContent writeable.
  • Fileinfo:
  • Fixed bug #67731 (finfo::file() returns invalid mime type for binary files).
  • GD:
  • Made fontFetch's path parser thread-safe.
  • GMP:
  • Fixed bug #67917 (Using GMP objects with overloaded operators can cause memory exhaustion).
  • Fixed bug #50175 (gmp_init() results 0 on given base and number starting with 0x or 0b).
  • Implemented gmp_import() and gmp_export().
  • MySQLi:
  • Fixed bug #67839 (mysqli does not handle 4-byte floats correctly).
  • OpenSSL:
  • Fixed bug #67850 (extension won't build if openssl compiled without SSLv3).
  • phpdbg:
  • Fixed issue krakjoe/phpdbg#111 (compile error without ZEND_SIGNALS).
  • SOAP:
  • Fixed bug #67955 (SoapClient prepends 0-byte to cookie names).
  • Session:
  • Fixed bug #67972 (SessionHandler Invalid memory read create_sid()).
  • Sysvsem:
  • Implemented FR #67990 (Add optional nowait argument to sem_acquire).

New in version 5.5.16 (August 27th, 2014)

  • COM:
  • Fixed missing type checks in com_event_sink.
  • Core:
  • Fixed bug #67693 (incorrect push to the empty array).
  • Fileinfo:
  • Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538).
  • Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)).
  • FPM:
  • Fixed bug #67635 (php links to systemd libraries without using pkg-config).
  • GD:
  • Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497).
  • Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120).
  • Milter:
  • Fixed bug #67715 (php-milter does not build and crashes randomly).
  • Network:
  • Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597).
  • OpenSSL:
  • Fixed missing type checks in OpenSSL options.
  • readline:
  • Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt).
  • Fixed bug #67496 (Save command history when exiting interactive shell with control-c).
  • Sessions:
  • Fixed missing type checks in php_session_create_id.
  • ODBC:
  • Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte char fields).

New in version 5.6.0 Alpha 2 (February 17th, 2014)

  • Peer certificates are now verified by default when connecting to SSL/TLS servers
  • An exponentiation operator has been added: **
  • Output encoding handling has been simplified by using default_charset as the default character encoding

New in version 5.6.0 Alpha 1 (January 25th, 2014)

  • constant scalar expressions,
  • variadic functions,
  • argument unpacking,
  • support for large(>2GiB) file uploads,
  • SSL/TLS improvements,
  • a new command line debugger called phpdbg.

New in version 5.5.8 (January 10th, 2014)

  • Core:
  • Disallowed JMP into a finally block.
  • Added validation of class names in the autoload process.
  • Fixed invalid C code in zend_strtod.c.
  • Fixed bug #66041 (list() fails to unpack yielded ArrayAccess object).
  • Fixed bug #65764 (generators/throw_rethrow FAIL with ZEND_COMPILE_EXTENDED_INFO).
  • Fixed bug #61645 (fopen and O_NONBLOCK).
  • Fixed bug #66218 (zend_register_functions breaks reflection).
  • Date:
  • Fixed bug #66060 (Heap buffer over-read in DateInterval).
  • Fixed bug #65768 (DateTimeImmutable::diff does not work).
  • DOM:
  • Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML() Produces invalid Markup).
  • Exif:
  • Fixed bug #65873 (Integer overflow in exif_read_data()).
  • Filter:
  • Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer).
  • GD:
  • Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)).
  • PDO_odbc:
  • Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries).
  • MySQLi:
  • Fixed bug #65486 (mysqli_poll() is broken on win x64).
  • OPCache:
  • Fixed revalidate_path=1 behavior to avoid caching of symlinks values.
  • Fixed Issue #140: "opcache.enable_file_override" doesn't respect "opcache.revalidate_freq".
  • SNMP:
  • Fixed SNMP_ERR_TOOBIG handling for bulk walk operations.
  • SOAP:
  • Fixed bug #66112 (Use after free condition in SOAP extension).
  • Sockets:
  • Fixed bug #65923 (ext/socket assumes AI_V4MAPPED is defined).
  • XSL:
  • Fixed bug #49634 (Segfault throwing an exception in a XSL registered function).
  • ZIP:
  • Fixed bug #66321 (ZipArchive::open() ze_obj->filename_len not real).

New in version 5.5.7 (December 12th, 2013)

  • CLI server:
  • Added some MIME types to the CLI web server (Chris Jones)
  • Implemented FR #65917 (getallheaders() is not supported by the built-in web server) also implements apache_response_headers() (Andrea Faulds)
  • Core:
  • Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence)
  • OPCache:
  • Fixed bug #66176 (Invalid constant substitution). (Dmitry)
  • Fixed bug #65915 (Inconsistent results with require return value). (Dmitry)
  • Fixed bug #65559 (Opcache: cache not cleared if changes occur while running). (Dmitry)
  • OpenSSL:
  • Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser).
  • readline:
  • Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi)

New in version 5.5.7 RC1 (November 29th, 2013)

  • CLI server:
  • Added some MIME types to the CLI web server (Chris Jones)
  • Implemented FR #65917 (getallheaders() is not supported by the built-in web server) also implements apache_response_headers() (Andrea Faulds)
  • Core:
  • Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence)
  • OPCache:
  • Fixed bug #66176 (Invalid constant substitution). (Dmitry)
  • Fixed bug #65915 (Inconsistent results with require return value). (Dmitry)
  • Fixed bug #65559 (Opcache: cache not cleared if changes occur while running). (Dmitry)
  • readline:
  • Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi)

New in version 5.5.6 (November 14th, 2013)

  • Core:
  • Improved performance of array_merge() and func_get_args() by eliminating useless copying.
  • Fixed bug #65947 (basename is no more working after fgetcsv in certain situation).
  • Fixed bug #65939 (Space before ";" breaks php.ini parsing).
  • Fixed bug #65911 (scope resolution operator - strange behavior with $this).
  • Fixed bug #65936 (dangling context pointer causes crash).
  • FPM:
  • Changed default listen() backlog to 65535.
  • MySQLi:
  • Fixed bug #66043 (Segfault calling bind_param() on mysqli).
  • OPCache:
  • Increased limit for opcache.max_accelerated_files to 1,000,000.
  • Fixed issue #115 (path issue when using phar).
  • Fixed issue #149 (Phar mount points not working with OPcache enabled).
  • ODBC:
  • Fixed bug #65950 (Field name truncation if the field name is bigger than 32 characters).
  • PDO:
  • Fixed bug #66033 (Segmentation Fault when constructor of PDO statement throws an exception).
  • Fixed bug #65946 (sql_parser permanently converts values bound to strings).
  • Standard:
  • Fixed bug #64760 (var_export() does not use full precision for floating-point numbers).