PHP 5.4.15 / 5.5.0 Beta 3 - Changelog

What's new in PHP 5.5.0 Beta 1:

March 22nd, 2013

Core:
· Added Zend Opcache extension and enable building it by default. More details here: https://wiki.php.net/rfc/optimizerplus. (Dmitry)
· Added array_column function which returns a column in a multidimensional array. https://wiki.php.net/rfc/array_column. (Ben Ramsey)
· Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail). (Laruence)
· Added support for changing the process's title in CLI/CLI-Server SAPIs. The implementation is more robust that the proctitle PECL module. More details here: https://wiki.php.net/rfc/cli_process_title. (Keyur)
· Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']). (Anatol)
· Added support for non-scalar Iterator keys in foreach (https://wiki.php.net/rfc/foreach-non-scalar-keys). (Nikita Popov)

mysqlnd:
· Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc for stmt->param_bind). (Andrey)

DateTime:
· Fixed bug #53437 (Crash when using unserialized DatePeriod instance). (Gustavo, Derick, Anatol)
· Fixed bug #62852 (Unserialize Invalid Date causes crash). (Anatol)

SPL:
· Implement FR #48358 (Add SplDoublyLinkedList::add() to insert an element at a given offset). (Mark Baker, David Soria Parra)

Zip:
· Bug #64452 (Zip crash intermittently). (Anatol)

What's new in PHP 5.5.0 Alpha 4:

January 24th, 2013

Core:
· Fixed bug #63980 (object members get trimmed by zero bytes). (Laruence)
· Implemented RFC for Class Name Resolution As Scalar Via "class" Keyword. (Ralph Schindler, Nikita Popov, Lars)

· DateTime
· Added DateTimeImmutable a variant of DateTime that only returns the modified state instead of changing itself. (Derick)

FPM:
· Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam)

pgsql:
· Bug #46408: Locale number format settings can cause pg_query_params to break with numerics. (asmecher, Lars)

dba:
· Bug #62489: dba_insert not working as expected. (marc-bennewitz at arcor dot de, Lars)

Reflection:
· Fixed bug #64007 (There is an ability to create instance of Generator by hand). (Laruence)

What's new in PHP 5.4.10:

December 20th, 2012

Core:
· Fixed bug #63635 (Segfault in gc_collect_cycles)(Dmitry)
· Fixed bug #63512 (parse_ini_file() with INI_SCANNER_RAW removes quotes from value)(Pierrick)
· Fixed bug #63468 (wrong called method as callback with inheritance)(Laruence)
· Fixed bug #63451 (config.guess file does not have AIX 7 defined, shared objects are not created)(kemcline at au1 dot ibm dot com)
· Fixed bug #61557 (Crasher in tt-rss backend.php)(i dot am dot jack dot mail at gmail dot com)
· Fixed bug #61272 (ob_start callback gets passed empty string)(Mike, casper at langemeijer dot eu)

Date:
· Fixed bug #63666 (Poor date() performance)(Paul Talborg).
· Fixed bug #63435 (Datetime::format('u') sometimes wrong by 1 microsecond)(Remi)

Imap:
· Fixed bug #63126 (DISABLE_AUTHENTICATOR ignores array)(Remi)

Json:
· Fixed bug #63588 (use php_next_utf8_char and remove duplicate implementation)(Remi)

MySQLi:
· Fixed bug #63361 (missing header)(Remi)

MySQLnd:
· Fixed bug #63398 (Segfault when polling closed link)(Laruence)

Fileinfo:
· Fixed bug #63590 (Different results in TS and NTS under Windows)(Anatoliy)

FPM:
· Fixed bug #63581 Possible null dereference and buffer overflow (Remi)

Pdo_sqlite:
· Fixed Bug #63149 getColumnMeta should return the table name when system SQLite used(Remi)

Apache2 Handler SAPI:
· Enabled Apache 2.4 configure option for Windows (Pierre, Anatoliy)

Reflection:
· Fixed Bug #63614 (Fatal error on Reflection)(Laruence)

SOAP:
· Fixed bug #63271 (SOAP wsdl cache is not enabled after initial requests)(John Jawed, Dmitry)

Sockets:
· Fixed bug #49341 (Add SO_REUSEPORT support for socket_set_option())(Igor Wiedler, Lars)

What's new in PHP 5.4.9:

November 23rd, 2012

· These releases fix over 15 bugs. All users of PHP are encouraged to upgrade to PHP 5.4.9, or at least 5.3.19.

What's new in PHP 5.4.8:

October 19th, 2012

· Fixed bug #63111 (is_callable() lies for abstract static method)
· Fixed bug #61442 (exception threw in __autoload can not be catched

What's new in PHP 5.4.5:

July 20th, 2012

Core:
· Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
· Fixed bug #62432 (ReflectionMethod random corrupt memory on high concurrent)
· Fixed bug #62373 (serialize() generates wrong reference to the object).
· Fixed bug #62357 (compile failure: (S) Arguments missing for built-in function __memcmp)
· Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution)
· Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon)
· Fixed potential overflow in _php_stream_scandir (CVE-2012-2688)

EXIF:
· Fixed information leak in ext exi

FPM:
· Fixed bug #62205 (php-fpm segfaults (null passed to strstr)
· Fixed bug #62160 (Add process.priority to set nice(2) priorities)
· Fixed bug #62153 (when using unix sockets, multiples FPM instances)
· Fixed bug #62033 (php-fpm exits with status 0 on some failures to start)
· Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm)
· Fixed bug #61835 (php-fpm is not allowed to run as root)
· Fixed bug #61295 (php-fpm should not fail with commented 'user'
· Fixed bug #61218 (FPM drops connection while receiving some binary values in FastCGI requests)
· Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat) for non-root start)
· Fixed bug #61026 (FPM pools can listen on the same address). (fat) can be launched without errors)

Iconv:
· Fixed bug #55042 (Erealloc in iconv.c unsafe)

Intl:
· Fixed bug #62083 (grapheme_extract() memory leaks)
· Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called twice)
· Fixed bug #62070 (Collator::getSortKey() returns garbage)
· Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks pattern)
· Fixed bug #60785 (memory leak in IntlDateFormatter constructor)
· ResourceBundle constructor now accepts NULL for the first two arguments

JSON:
· Fixed bug #61359 (json_encode() calls too many reallocs)

libxml:
· Fixed bug #62266 (Custom extension segfaults during xmlParseFile with FPM SAPI)

Phar:
· Fixed bug #62227 (Invalid phar stream path causes crash)

Readline:
· Fixed bug #62186 (readline fails to compile - void function should not return a value)

Reflection:
· Fixed bug #62384 (Attempting to invoke a Closure more than once causes segfault)
· Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks with constant)

Sockets:
· Fixed bug #62025 (__ss_family was changed on AIX 5.3)

SPL:
· Fixed bug #62433 (Inconsistent behavior of RecursiveDirectoryIterator to dot files)
· Fixed bug #62262 (RecursiveArrayIterator does not implement Countable)

XML Writer:
· Fixed bug #62064 (memory leak in the XML Writer module)

Zip:
· Upgraded libzip to 0.10.

What's new in PHP 5.4.4:

June 15th, 2012

· The release fixes multiple security issues: A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension

· PHP 5.4.4 and PHP 5.3.14 fixes over 30 bugs. Please note that the use of php://fd streams is now restricted to the CLI SAPI

What's new in PHP 5.4.0:

March 2nd, 2012

· Some of the key new features include: traits, a shortened array syntax, a built-in webserver for testing purposes and more. PHP 5.4.0 significantly improves performance, memory footprint and fixes over 100 bugs.

What's new in PHP 5.3.10:

February 3rd, 2012

· Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830.

What's new in PHP 5.4 RC5:

January 8th, 2012

Core:
· Fixed bug #60613 (Segmentation fault with $cls->{expr}() syntax). (Dmitry)
· Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax). (Laruence)
· Fixed bug #55871 (Interruption in substr_replace()). (Stas)
· Fixed bug #60627 (httpd.worker segfault on startup with php_value). (Laruence)

SAPI:
· Fixed bug #55500 (Corrupted $_FILES indices lead to security concern). (Stas)
· Fixed bug #54374 (Insufficient validating of upload name leading to
· corrupted $_FILES indices). (Stas, lekensteyn at gmail dot com)

CLI SAPI:
· Fixed bug #60591 (Memory leak when access a non-exists file). (Laruence)

Intl:
· Fixed build on Fedora 15 / Ubuntu 11. (Hannes)

PHP-FPM SAPI:
· Fixed bug #60629 (memory corruption when web server closed the fcgi fd). (fat)
· Fixed bug #60659 (FPM does not clear auth_user on request accept). (bonbons at linux-vserver dot org)

Improved Session extension:
· Fixed bug #60640 (invalid return values). (Arpad)
· Implement

What's new in PHP 5.4 RC4:

December 28th, 2011

· Added max_input_vars directive to prevent attacks based on hash collisions
· Fixed a segfault in the traits code

What's new in PHP 5.3.3:

July 23rd, 2010

Security Enhancements and Fixes in PHP 5.3.3:

· Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).
· Fixed a possible resource destruction issues in shm_put_var().
· Fixed a possible information leak because of interruption of XOR operator.
· Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.
· Fixed a possible memory corruption in ArrayObject::uasort().
· Fixed a possible memory corruption in parse_str().
· Fixed a possible memory corruption in pack().
· Fixed a possible memory corruption in substr_replace().
· Fixed a possible memory corruption in addcslashes().
· Fixed a possible stack exhaustion inside fnmatch().
· Fixed a possible dechunking filter buffer overflow.
· Fixed a possible arbitrary memory access inside sqlite extension.
· Fixed string format validation inside phar extension.
· Fixed handling of session variable serialization on certain prefix characters.
· Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
· Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
· Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.
· Fixed possible buffer overflows when handling error packets in mysqlnd.

Key enhancements in PHP 5.3.3 include:

· Upgraded bundled sqlite to version 3.6.23.1.
· Upgraded bundled PCRE to version 8.02.
· Added FastCGI Process Manager (FPM) SAPI.
· Added stream filter support to mcrypt extension.
· Added full_special_chars filter to ext/filter.
· Fixed a possible crash because of recursive GC invocation.
· Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
· Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
· Fixed bug #52060 (Memory leak when passing a closure to method_exists()).
· Fixed bug #52001 (Memory allocation problems after using variable variables).
· Fixed bug #51723 (Content-length header is limited to 32bit integer with Apache2 on Windows).
· Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3).

What's new in PHP 5.3.2:

March 5th, 2010

Security Enhancements and Fixes in PHP 5.3.2:

· Improved LCG entropy. (Rasmus, Samy Kamkar)
· Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
· Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)

Key Bug Fixes in PHP 5.3.2 include:

· Added support for SHA-256 and SHA-512 to php's crypt.
· Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check.
· Fixed bug #51059 (crypt crashes when invalid salt are given).
· Fixed bug #50940 Custom content-length set incorrectly in Apache sapis.
· Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long).
· Fixed bug #50723 (Bug in garbage collector causes crash).
· Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16).
· Fixed bug #50632 (filter_input() does not return default value if the variable does not exist).
· Fixed bug #50540 (Crash while running ldap_next_reference test cases).
· Fixed bug #49851 (http wrapper breaks on 1024 char long headers).

What's new in PHP 5.3.2 RC1:

December 23rd, 2009

· Upgraded bundled sqlite to version 3.6.21. (Ilia)
· Upgraded bundled PCRE to version 8.00. (Scott)
· Changed gmp_strval() to use full range from 2 to 62, and -2 to -36. FR #50283 (David Soria Parra)
· Changed "post_max_size" php.ini directive to allow unlimited post size by setting it to 0. (Rasmus)
· Added INTERNALDATE support to imap_append. (nick at mailtrust dot com)
· Added support for SHA-256 and SHA-512 to php's crypt. (Pierre)
· Added realpath_cache_size() and realpath_cache_get() functions. (Stas)
· Added FILTER_FLAG_STRIP_BACKTICK option to the filter extension. (Ilia)
· Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check. (Stas)
· Added LIBXML_PARSEHUGE constant to override the maximum text size of a single text node when using libxml2.7.3+. (Kalle)
· Added ReflectionMethod::setAccessible() for invoking non-public methods through the Reflection API. (Sebastian)
· Added Collator::getSortKey for intl extension. (Stas)
· Added support for CURLOPT_POSTREDIR. FR #49571. (Sriram Natarajan)
· Added support for CURLOPT_CERTINFO. FR #49253. (Linus Nielsen Feltzing )
· Added client-side server name indication support in openssl. (Arnaud)
· Improved fix for bug #50006 (Segfault caused by uksort()). (Stas)
· Fixed mysqlnd hang when queries exactly 16777214 bytes long are sent. (Andrey)
· Fixed incorrect decoding of 5-byte BIT sequences in mysqlnd. (Andrey)
· Fixed error_log() to be binary safe when using message_type 3. (Jani)
· Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan)
· Fixed memory leak in extension loading when an error occurs on Windows. (Pierre)
· Fixed bug #50540 (Crash while running ldap_next_reference test cases). (Sriram)
· Fixed bug #50508 (compile failure: Conflicting HEADER type declarations). (Jani)
· Fixed bug #50496 (Use of is valid only in a c99 compilation environment. (Sriram)
· Fixed bug #50464 (declare encoding doesn't work within an included file). (Felipe)
· Fixed bug #50458 (PDO::FETCH_FUNC fails with Closures). (Felipe, Pierrick)
· Fixed bug #50445 (PDO-ODBC stored procedure call from Solaris 64-bit causes seg fault). (davbrown4 at yahoo dot com, Felipe)
· Fixed bug #50394 (Reference argument converted to value in __call). (Stas)
· Fixed bug #50351 (performance regression handling objects, ten times slower in 5.3 than in 5.2). (Dmitry)
· Fixed bug #50392 (date_create_from_format() enforces 6 digits for 'u' format character). (Ilia)
· Fixed bug #50345 (nanosleep not detected properly on some solaris versions). (Jani)
· Fixed bug #50340 (php.ini parser does not allow spaces in ini keys). (Jani)
· Fixed bug #50334 (crypt ignores sha512 prefix). (Pierre)
· Fixed bug #50323 (Allow use of ; in values via ;; in PDO DSN). (Ilia, Pierrick)
· Fixed bug #50285 (xmlrpc does not preserve keys in encoded indexed arrays). (Felipe)
· Fixed bug #50282 (xmlrpc_encode_request() changes object into array in calling function). (Felipe)
· Fixed bug #50267 (get_browser(null) does not use HTTP_USER_AGENT). (Jani)
· Fixed bug #50266 (conflicting types for llabs). (Jani)
· Fixed bug #50261 (Crash When Calling Parent Constructor with call_user_func()). (Dmitry)
· Fixed bug #50255 (isset() and empty() silently casts array to object). (Felipe)
· Fixed bug #50240 (pdo_mysql.default_socket in php.ini shouldn't used if it is empty). (foutrelis at gmail dot com, Ilia)
· Fixed bug #50231 (Socket path passed using --with-mysql-sock is ignored when mysqlnd is enabled). (Jani)
· Fixed bug #50219 (soap call Segmentation fault on a redirected url). (Pierrick)
· Fixed bug #50212 (crash by ldap_get_option() with LDAP_OPT_NETWORK_TIMEOUT). (Ilia, shigeru_kitazaki at cybozu dot co dot jp)
· Fixed bug #50209 (Compiling with libedit cannot find readline.h). (tcallawa at redhat dot com)
· Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia)
· Fixed bug #50196 (stream_copy_to_stream() produces warning when source is not file). (Stas)
· Fixed bug #50195 (pg_copy_to() fails when table name contains schema. (Ilia)
· Fixed bug #50185 (ldap_get_entries() return false instead of an empty array when there is no error). (Jani)
· Fixed bug #50174 (Incorrectly matched docComment). (Felipe)
· Fixed bug #50168 (FastCGI fails with wrong error on HEAD request to non-existant file). (Dmitry)
· Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe)
· Fixed bug #50159 (wrong working directory in symlinked files). (Dmitry)
· Fixed bug #50158 (FILTER_VALIDATE_EMAIL fails with valid addresses containing = or ?). (Pierrick)
· Fixed bug #50152 (ReflectionClass::hasProperty behaves like isset() not property_exists). (Felipe)
· Fixed bug #50146 (property_exists: Closure object cannot have properties). (Felipe)
· Fixed bug #50145 (crash while running bug35634.phpt). (Felipe)
· Fixed bug #50140 (With default compilation option, php symbols are unresolved for nsapi). (Uwe Schindler)
· Fixed bug #50087 (NSAPI performance improvements). (Uwe Schindler)
· Fixed bug #50073 (parse_url() incorrect when ? in fragment). (Ilia)
· Fixed bug #50023 (pdo_mysql doesn't use PHP_MYSQL_UNIX_SOCK_ADDR). (Ilia)
· Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe)
· Fixed bug #49990 (SNMP3 warning message about security level printed twice). (Jani)
· Fixed bug #49985 (pdo_pgsql prepare() re-use previous aborted transaction). (ben dot pineau at gmail dot com, Ilia, Matteo)
· Fixed bug #49938 (Phar::isBuffering() returns inverted value). (Greg)
· Fixed bug #49936 (crash with ftp stream in php_stream_context_get_option()). (Pierrick)
· Fixed bug #49921 (Curl post upload functions changed). (Ilia)
· Fixed bug #49866 (Making reference on string offsets crashes PHP). (Dmitry)
· Fixed bug #49855 (import_request_variables() always returns NULL). (Ilia, sjoerd at php dot net)
· Fixed bug #49851, #50451 (http wrapper breaks on 1024 char long headers). (Ilia)
· Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning). (Ilia, wmeler at wp-sa dot pl)
· Fixed bug #49719 (ReflectionClass::hasProperty returns true for a private property in base class). (Felipe)
· Fixed bug #49677 (ini parser crashes with apache2 and using ${something} ini variables). (Jani)
· Fixed bug #49660 (libxml 2.7.3+ limits text nodes to 10MB). (Felipe)
· Fixed bug #49647 (DOMUserData does not exist). (Rob)
· Fixed bug #49521 (PDO fetchObject sets values before calling constructor). (Pierrick)
· Fixed bug #49472 (Constants defined in Interfaces can be overridden). (Felipe)
· Fixed bug #49244 (Floating point NaN cause garbage characters). (Sjoerd)
· Fixed bug #49224 (Compile error due to old DNS functions on AIX systems). (Scott)
· Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe)
· Fixed bug #47848 (importNode doesn't preserve attribute namespaces). (Rob)
· Fixed bug #46478 (htmlentities() uses obsolete mapping table for character entity references). (Moriyoshi)
· Fixed bug #45599 (strip_tags() truncates rest of string with invalid attribute). (Ilia, hradtke)
· Fixed bug #45120 (PDOStatement->execute() returns true then false for same statement). (Pierrick)
· Fixed bug #34852 (Failure in odbc_exec() using oracle-supplied odbc driver). (tim dot tassonis at trivadis dot com)

What's new in PHP 5.2.8:

December 9th, 2008

· The PHP development team would like to announce the immediate availability of PHP 5.2.8. This release addresses a regression introduced by 5.2.7 inregard to the magic_quotes functionality, that was broken by an incorrect fix to the filter extension. All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively you can apply a work-around for the bug by changing "filter.default_flags=0" in php.ini.