PHP 8.5.7 RC2 has been released, introducing essential stability and security patches that enhance server reliability and backend routing functionality. The update addresses multiple issues, including critical tracing JIT crashes in Opcache, memory corruption bugs in the DOM extension, and two URI parsing vulnerabilities linked to CVE identifiers. Administrators are advised to thoroughly review these fixes against their workloads before the final release, particularly due to the new OpenSSL 4.0 compatibility and standard library adjustments. Additionally, the update includes improvements to the CLI getopt function and a fix for integer overflow in the date extension, emphasizing the importance of testing before deploying to production environments
PHP 8.5.7 RC2 released
PHP 8.5.7 RC2 delivers critical stability and security patches that directly impact server reliability and backend routing logic. The update resolves multiple tracing JIT crashes in Opcache that typically cause worker process drops during high traffic or interrupt conditions. It also closes two URI parsing vulnerabilities tied to CVE identifiers alongside a DOM extension use after free bug that could leak or corrupt heap memory. Administrators should verify these fixes against their actual workloads before the final release, especially given the new OpenSSL 4.0 compatibility and standard library corrections.
