The release candidate for PHP 8.4.13 has been officially announced, representing a significant update aimed at addressing numerous bugs and security vulnerabilities within the PHP ecosystem. This release fixes over 20 issues spanning various components, including core functionalities, CLI, date handling, DOM, FPM, and more. Noteworthy improvements include the resolution of memory leaks, potential use-after-free errors, integer overflow problems, and enhancements to error messaging and handling mechanics.
Core Fixes:
- Resolved a "Constant already defined" warning triggered by repeated file inclusion with `__halt_compiler()`.
- Fixed signed integer overflow issues during the scanning of string literals exceeding 2GB.
- Adjusted garbage collection to accurately treat `ZEND_WEAKREF_TAG_MAP` references as WeakMap references.
- Addressed issues with stale array iterator pointers and compatibility with bash 5.3.0.
CLI Improvements:
- Enhanced error messaging for IPv6 address listening errors.
Date Handling Enhancements:
- Corrected functionality for `date_sunrise()` and `date_sunset()` to work with partial-hour UTC offsets.
DBA, DOM, and FPM Fixes:
- Resolved a bug in DBA stream resource management.
- Mitigated a libxml2 tree dictionary issue.
- Prevented debug assertion failures in PHP administrator value settings.
Internationalization and Opcache Updates:
- Fixed locale string canonicalization for `IntlDateFormatter` and `NumberFormatter`.
- Resolved JIT variable storage issues before yielding in Opcache.
OpenSSL and PGSQL Improvements:
- Corrected success error messages related to TLS stream accept failures.
- Fixed potential use-after-free issues with persistent PGSQL connections.
Phar Updates:
- Resolved multiple memory leaks in Phar, particularly concerning OpenSSL signature verification and temporary file handling.
- Fixed metadata leaks and use-after-free issues during Phar decompression.
Standard and Stream Fixes:
- Addressed use-after-free errors in `array_splice()` and avoided integer overflow issues with `LimitIterator`.
- Removed incorrect calls to `zval_ptr_dtor()` in user_wrapper_metadata().
OSS-Fuzz Updates:
- Fixed a bug reported by OSS-Fuzz, enhancing overall stability and security.
Developers interested in the latest updates can download PHP 8.4.13 RC1 from the official GitHub page. This release is crucial for improving the performance and security of PHP applications, making it an important update for developers and administrators alike.
As the PHP community continues to evolve, the ongoing improvements and bug fixes in releases like 8.4.13 RC1 are pivotal in ensuring robust performance and security standards in web applications built on this popular server-side scripting language. Future updates may also focus on additional features and addressing remaining issues, further solidifying PHP's position in the development ecosystem
Key Highlights of PHP 8.4.13 RC1
Core Fixes:
- Resolved a "Constant already defined" warning triggered by repeated file inclusion with `__halt_compiler()`.
- Fixed signed integer overflow issues during the scanning of string literals exceeding 2GB.
- Adjusted garbage collection to accurately treat `ZEND_WEAKREF_TAG_MAP` references as WeakMap references.
- Addressed issues with stale array iterator pointers and compatibility with bash 5.3.0.
CLI Improvements:
- Enhanced error messaging for IPv6 address listening errors.
Date Handling Enhancements:
- Corrected functionality for `date_sunrise()` and `date_sunset()` to work with partial-hour UTC offsets.
DBA, DOM, and FPM Fixes:
- Resolved a bug in DBA stream resource management.
- Mitigated a libxml2 tree dictionary issue.
- Prevented debug assertion failures in PHP administrator value settings.
Internationalization and Opcache Updates:
- Fixed locale string canonicalization for `IntlDateFormatter` and `NumberFormatter`.
- Resolved JIT variable storage issues before yielding in Opcache.
OpenSSL and PGSQL Improvements:
- Corrected success error messages related to TLS stream accept failures.
- Fixed potential use-after-free issues with persistent PGSQL connections.
Phar Updates:
- Resolved multiple memory leaks in Phar, particularly concerning OpenSSL signature verification and temporary file handling.
- Fixed metadata leaks and use-after-free issues during Phar decompression.
Standard and Stream Fixes:
- Addressed use-after-free errors in `array_splice()` and avoided integer overflow issues with `LimitIterator`.
- Removed incorrect calls to `zval_ptr_dtor()` in user_wrapper_metadata().
OSS-Fuzz Updates:
- Fixed a bug reported by OSS-Fuzz, enhancing overall stability and security.
Developers interested in the latest updates can download PHP 8.4.13 RC1 from the official GitHub page. This release is crucial for improving the performance and security of PHP applications, making it an important update for developers and administrators alike.
As the PHP community continues to evolve, the ongoing improvements and bug fixes in releases like 8.4.13 RC1 are pivotal in ensuring robust performance and security standards in web applications built on this popular server-side scripting language. Future updates may also focus on additional features and addressing remaining issues, further solidifying PHP's position in the development ecosystem
PHP 8.4.13 RC1 released
The release candidate for PHP 8.4.13 has been announced, which addresses numerous bugs and security vulnerabilities across various components of the PHP ecosystem. The update fixes over 20 issues, including core, CLI, date, DBA, DOM, FPM, Intl, Opcache, OpenSSL, PGSQL, Phar, and Streams-related problems. Key fixes include resolving memory leaks, potential use-after-free errors, and integer overflow issues, as well as improving error messages and handling for various scenarios.
