PHP 7 ChangeLog

2018 年 7 月 2 日3450

PHP 7 ChangeLog

Version 7.1.19

CLI Server:

Fixed bug #76333 (PHP built-in server does not find files if root path contains special characters).

OpenSSL:

Fixed bug #76296 (openssl_pkey_get_public does not respect open_basedir).

Fixed bug #76174 (openssl extension fails to build with LibreSSL 2.7).

SPL:

Fixed bug #76367 (NoRewindIterator segfault 11).

Standard:

Fixed bug #76335 ("link(): Bad file descriptor" with non-ASCII path).

Fixed bug #76383 (array_map on $GLOBALS returns IS_INDIRECT).

Version 7.2.7

Core:

Fixed bug #76337 (segfault when opcache enabled + extension use zend_register_class_alias).

CLI Server:

Fixed bug #76333 (PHP built-in server does not find files if root path contains special characters).

OpenSSL:

Fixed bug #76296 (openssl_pkey_get_public does not respect open_basedir).

Fixed bug #76174 (openssl extension fails to build with LibreSSL 2.7).

SPL:

Fixed bug #76367 (NoRewindIterator segfault 11).

Standard:

Fixed bug #76410 (SIGV in zend_mm_alloc_small).

Fixed bug #76335 ("link(): Bad file descriptor" with non-ASCII path).

Version 7.1.18

FPM:

Fixed bug #76075 --with-fpm-acl wrongly tries to find libacl on FreeBSD.

intl:

Fixed bug #74385 (Locale::parseLocale() broken with some arguments).

Opcache:

Reflection:

Fixed arginfo for array_replace(_recursive) and array_merge(_recursive).

Version 7.2.6

EXIF:

Fixed bug #76164 (exif_read_data zend_mm_heap corrupted).

FPM:

Fixed bug #76075 --with-fpm-acl wrongly tries to find libacl on FreeBSD.

intl:

Fixed bug #74385 (Locale::parseLocale() broken with some arguments).

Opcache:

Reflection:

Fixed arginfo of array_replace(_recursive) and array_merge(_recursive).

Session:

Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start with "#").

Version 7.2.5

Core:

Fixed bug #75722 (Convert valgrind detection to configure option).

Date:

Fixed bug #76131 (mismatch arginfo for date_create).

Exif:

Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)

FPM:

Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list too long).

Fixed incorrect write to getenv result in FPM reload.

GD:

Fixed bug #52070 (imagedashedline() - dashed line sometimes is not visible).

iconv:

Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)

intl:

Fixed bug #76153 (Intl compilation fails with icu4c 61.1).

ldap:

Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)

mbstring:

Fixed bug #75944 (Wrong cp1251 detection).

Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1).

ODBC:

Fixed bug #76088 (ODBC functions are not available by default on Windows).

Opcache:

Fixed bug #76094 (Access violation when using opcache).

Phar:

Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)

phpdbg:

Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite).

SPL:

Fixed bug #76131 (mismatch arginfo for splarray constructor).

standard:

Fixed bug #74139 (mail.add_x_header default inconsistent with docs).

Fixed bug #75996 (incorrect url in header for mt_rand).

Version 7.1.17

Date:

Fixed bug #76131 (mismatch arginfo for date_create).

Exif:

Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)

FPM:

Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list too long).

Fixed incorrect write to getenv result in FPM reload.

GD:

Fixed bug #52070 (imagedashedline() - dashed line sometimes is not visible).

iconv:

Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)

intl:

Fixed bug #76153 (Intl compilation fails with icu4c 61.1).

ldap:

Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)

mbstring:

Fixed bug #75944 (Wrong cp1251 detection).

Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1).

Phar:

Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)

phpdbg:

Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite).

SPL:

Fixed bug #76131 (mismatch arginfo for splarray constructor).

standard:

Fixed bug #75996 (incorrect url in header for mt_rand).

Version 7.0.30

Exif:

Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)

iconv:

Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)

LDAP:

Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)

Phar:

Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)

Version 7.2.4

Core:

Fixed bug #76025 (Segfault while throwing exception in error_handler).

Fixed bug #76044 ('date: illegal option -- -' in ./configure on FreeBSD).

FPM:

Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)

FTP:

Fixed ftp_pasv arginfo.

GD:

iconv:

Fixed bug #75867 (Freeing uninitialized pointer).

Mbstring:

Fixed bug #62545 (wrong unicode mapping in some charsets).

Opcache:

Fixed bug #75969 (Assertion failure in live range DCE due to block pass misoptimization).

OpenSSL:

Fixed openssl_* arginfos.

PCNTL:

Fixed bug #75873 (pcntl_wexitstatus returns incorrect on Big_Endian platform (s390x)).

Phar:

Fixed bug #76085 (Segmentation fault in buildFromIterator when directory name contains a \n).

Standard:

Version 7.1.16

Core:

Fixed bug #76025 (Segfault while throwing exception in error_handler).

Fixed bug #76044 ('date: illegal option -- -' in ./configure on FreeBSD).

FPM:

Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)

GD:

Fixed bug #73957 (signed integer conversion in imagescale()).

ODBC:

Fixed bug #76088 (ODBC functions are not available by default on Windows).

Opcache:

Fixed bug #76074 (opcache corrupts variable in for-loop).

Phar:

Fixed bug #76085 (Segmentation fault in buildFromIterator when directory name contains a \n).

Standard:

Fixed bug #74139 (mail.add_x_header default inconsistent with docs).

Fixed bug #76068 (parse_ini_string fails to parse "[foo]\nbar=1|>baz" with segfault).

Version 7.0.29

FPM:

Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)

Version 7.2.3

Core:

Fixed bug #75864 ("stream_isatty" returns wrong value on s390x).

Apache2Handler:

Fixed bug #75882 (a simple way for segfaults in threadsafe php just with configuration).

Date:

LDAP:

Fixed bug #49876 (Fix LDAP path lookup on 64-bit distros).

libxml2:

Fixed bug #75871 (use pkg-config where available).

PGSQL:

Fixed bug #75838 (Memory leak in pg_escape_bytea()).

Phar:

ODBC:

Fixed bug #73725 (Unable to retrieve value of varchar(max) type).

Opcache:

SPL:

Fixed bug #74519 (strange behavior of AppendIterator).

Standard:

Fixed bug #75916 (DNS_CAA record results contain garbage).

Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)

Version 7.1.15

Apache2Handler:

Fixed bug #75882 (a simple way for segfaults in threadsafe php just with configuration).

Date:

PGSQL:

Fixed #75838 (Memory leak in pg_escape_bytea()).

ODBC:

Fixed bug #73725 (Unable to retrieve value of varchar(max) type).

LDAP:

Fixed bug #49876 (Fix LDAP path lookup on 64-bit distros).

libxml2:

Fixed bug #75871 (use pkg-config where available).

Phar:

Fixed bug #65414 (deal with leading slash when adding files correctly).

SPL:

Fixed bug #74519 (strange behavior of AppendIterator).

Standard:

Fixed bug #75916 (DNS_CAA record results contain garbage).

Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)

Version 7.0.28

Standard:

Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)

Version 7.2.2

Core:

FCGI:

Fixed bug #75794 (getenv() crashes on Windows 7.2.1 when second parameter is false).

IMAP:

Fixed bug #75774 (imap_append HeapCorruction).

Opcache:

PDO:

Fixed bug #75616 (PDO extension doesn't allow to be built shared on Darwin).

PDO MySQL:

Fixed bug #75615 (PDO Mysql module can't be built as module).

PGSQL:

Fixed bug #75671 (pg_version() crashes when called on a connection to cockroach).

Readline:

Fixed bug #75775 (readline_read_history segfaults with empty file).

SAPI:

Fixed bug #75735 ( Segmentation fault in sapi_register_post_entry).

SOAP:

Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is used).

Fixed bug #75502 (Segmentation fault in zend_string_release).

SPL:

Standard:

Fixed bug #75781 (substr_count incorrect result).

Fixed bug #75653 (array_values don't work on empty array).

Zip:

Display headers (buildtime) and library (runtime) versions in phpinfo (with libzip >= 1.3.1).

Version 7.1.14

Core:

FCGI:

Fixed bug #75794 (getenv() crashes on Windows 7.2.1 when second parameter is false).

IMAP:

Fixed bug #75774 (imap_append HeapCorruction).

Opcache:

Fixed bug #75720 (File cache not populated after SHM runs full).

Fixed bug #75579 (Interned strings buffer overflow may cause crash).

PGSQL:

Fixed bug #75671 (pg_version() crashes when called on a connection to cockroach).

Readline:

Fixed bug #75775 (readline_read_history segfaults with empty file).

SAPI:

Fixed bug #75735 ( Segmentation fault in sapi_register_post_entry).

SOAP:

Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is used).

Fixed bug #75502 (Segmentation fault in zend_string_release).

SPL:

Standard:

Fixed bug #75781 (substr_count incorrect result).

Version 7.2.1

Core:

CLI server:

Fixed bug #73830 (Directory does not exist).

FPM:

Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).

GD:

Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)

Opcache:

PCRE:

Fixed bug #74183 (preg_last_error not returning error code after error).

Phar:

Fixed bug #74782 (Reflected XSS in .phar 404 page). (CVE-2018-5712)

Standard:

Zip:

Fixed bug #75540 (Segfault with libzip 1.3.1).

Version 7.1.13

Core:

CLI Server:

Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router script).

Fixed bug #73830 (Directory does not exist).

FPM:

Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).

GD:

Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)

Opcache:

PCRE:

Fixed bug #74183 (preg_last_error not returning error code after error).

Phar:

Fixed bug #74782 (Reflected XSS in .phar 404 page). (CVE-2018-5712)

Standard:

Zip:

Fixed bug #75540 (Segfault with libzip 1.3.1).

Version 7.0.27

CLI Server:

Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router script).

Core:

Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).

Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26).

FPM:

Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).

GD:

Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)

Opcache:

Fixed bug #75579 (Interned strings buffer overflow may cause crash).

PCRE:

Fixed bug #74183 (preg_last_error not returning error code after error).

Phar:

Fixed bug #74782 (Reflected XSS in .phar 404 page). (CVE-2018-5712)

Standard:

Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault).

Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).

Zip:

Fixed bug #75540 (Segfault with libzip 1.3.1).

Version 7.2.0

BCMath:

Fixed bug #46564 (bcmod truncates fractionals).

CLI:

Fixed bug #74849 (Process is started as interactive shell in PhpStorm).

Fixed bug #74979 (Interactive shell opening instead of script execution with -f flag).

CLI server:

Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router script).

Core:

cURL:

Fixed bug #75093 (OpenSSL support not detected).

Better fix for #74125 (use pkg-config instead of curl-config).

Date:

Dba:

Fixed bug #72885 (flatfile: dba_fetch() fails to read replaced entry).

DOM:

Implemented FR #74837 (Implement Countable for DomNodeList and DOMNamedNodeMap).

EXIF:

Fileinfo:

Upgrade bundled libmagic to 5.31.

FPM:

Configuration to limit fpm slow log trace callers.

Fixed bug #75212 (php_value acts like php_admin_value).

FTP:

Implement MLSD for structured listing of directories.

Added ftp_append() function.

GD:

GMP:

Fixed bug #70896 (gmp_fact() silently ignores non-integer input).

Hash:

IMAP:

Fixed bug #72324 (imap_mailboxmsginfo() return wrong size).

Intl:

Fixed bug #63790 (test using Spoofchecker which may be unavailable).

Fixed bug #75378 ([REGRESSION] IntlDateFormatter::parse() does not change $position argument).

JSON:

LDAP:

Mbstring:

Mcrypt:

The deprecated mcrypt extension has been moved to PECL.

Opcache:

OpenSSL:

PCRE:

phar:

Fixed bug #74196 (phar does not correctly handle names containing dots).

PDO:

Add "Sent SQL" to debug dump for emulated prepares.

Add parameter types for national character set strings.

PDO_DBlib:

PDO_OCI:

Fixed bug #74537 (Align --with-pdo-oci configure option with --with-oci8 syntax).

PDO_Sqlite:

Switch to sqlite3_prepare_v2() and sqlite3_close_v2() functions (rasmus)

PHPDBG:

Added extended_value to opcode dump output.

Session:

Sodium:

New cryptographic extension

Added missing bindings for libsodium > 1.0.13.

SPL:

Fixed bug #71412 (Incorrect arginfo for ArrayIterator::__construct).

Added spl_object_id().

SQLite3:

Implement writing to blobs.

Update to Sqlite 3.20.1.

Standard:

Streams:

Default ssl/single_dh_use and ssl/honor_cipher_order to true.

XML:

Moved utf8_encode() and utf8_decode() to the Standard extension.

XMLRPC:

Use Zend MM for allocation in bundled libxmlrpc (Joe)

ZIP:

zlib:

Expose inflate_get_status() and inflate_get_read_len() functions.

Version 7.1.12

Core:

Fixed bug #75420 (Crash when modifing property name in __isset for BP_VAR_IS).

Fixed bug #75368 (mmap/munmap trashing on unlucky allocations).

CLI:

Fixed bug #75287 (Builtin webserver crash after chdir in a shutdown function).

Enchant:

Fixed bug #53070 (enchant_broker_get_path crashes if no path is set).

Fixed bug #75365 (Enchant still reports version 1.1.0).

Exif:

Fixed bug #75301 (Exif extension has built in revision version).

GD:

Fixed bug #65148 (imagerotate may alter image dimensions).

Fixed bug #75437 (Wrong reflection on imagewebp).

intl:

Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead of destination).

interbase:

Fixed bug #75453 (Incorrect reflection for ibase_[p]connect).

Mysqli:

Fixed bug #75434 (Wrong reflection for mysqli_fetch_all function).

OCI8:

Fixed valgrind issue.

OpenSSL:

Fixed bug #75363 (openssl_x509_parse leaks memory).

Fixed bug #75307 (Wrong reflection for openssl_open function).

Opcache:

Fixed bug #75373 (Warning Internal error: wrong size calculation).

PGSQL:

Fixed bug #75419 (Default link incorrectly cleared/linked by pg_close()).

SOAP:

Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders).

Zlib:

Fixed bug #75299 (Wrong reflection on inflate_init and inflate_add).

Version 7.0.26

Core:

Fixed bug #75420 (Crash when modifing property name in __isset for BP_VAR_IS).

Fixed bug #75368 (mmap/munmap trashing on unlucky allocations).

CLI:

Fixed bug #75287 (Builtin webserver crash after chdir in a shutdown function).

Enchant:

Fixed bug #53070 (enchant_broker_get_path crashes if no path is set).

Fixed bug #75365 (Enchant still reports version 1.1.0).

Exif:

Fixed bug #75301 (Exif extension has built in revision version).

GD:

Fixed bug #65148 (imagerotate may alter image dimensions).

Fixed bug #75437 (Wrong reflection on imagewebp).

intl:

Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead of destination).

interbase:

Fixed bug #75453 (Incorrect reflection for ibase_[p]connect).

Mysqli:

Fixed bug #75434 (Wrong reflection for mysqli_fetch_all function).

OCI8:

Fixed valgrind issue.

Opcache:

Fixed bug #75373 (Warning Internal error: wrong size calculation).

OpenSSL:

Fixed bug #75363 (openssl_x509_parse leaks memory).

Fixed bug #75307 (Wrong reflection for openssl_open function).

PGSQL:

Fixed bug #75419 (Default link incorrectly cleared/linked by pg_close()).

SOAP:

Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders).

Zlib:

Fixed bug #75299 (Wrong reflection on inflate_init and inflate_add).

Version 7.1.11

Core:

Date:

Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)

Apache2Handler:

Fixed bug #75311 (error: 'zend_hash_key' has no member named 'arKey' in apache2handler).

Hash:

Fixed bug #75303 (sha3 hangs on bigendian).

Intl:

Fixed bug #75318 (The parameter of UConverter::getAliases() is not optional).

litespeed:

Fixed bug #75248 (Binary directory doesn't get created when building only litespeed SAPI).

Fixed bug #75251 (Missing program prefix and suffix).

mcrypt:

Fixed bug #72535 (arcfour encryption stream filter crashes php).

MySQLi:

Fixed bug #75018 (Data corruption when reading fields of bit type).

OCI8:

Fixed incorrect reference counting.

Opcache:

Fixed bug #75255 (Request hangs and not finish).

PCRE:

Fixed bug #75207 (applied upstream patch for CVE-2016-1283).

PDO_mysql:

Fixed bug #75177 (Type 'bit' is fetched as unexpected string).

SPL:

Fixed bug #73629 (SplDoublyLinkedList::setIteratorMode masks intern flags).

Version 7.0.25

Core:

Apache2Handler:

Fixed bug #75311 (error: 'zend_hash_key' has no member named 'arKey' in apache2handler).

Date:

Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)

Intl:

Fixed bug #75318 (The parameter of UConverter::getAliases() is not optional).

mcrypt:

Fixed bug #72535 (arcfour encryption stream filter crashes php).

OCI8:

Fixed incorrect reference counting.

PCRE:

Fixed bug #75207 (applied upstream patch for CVE-2016-1283).

litespeed:

Fixed bug #75248 (Binary directory doesn't get created when building only litespeed SAPI).

Fixed bug #75251 (Missing program prefix and suffix).

SPL:

Fixed bug #73629 (SplDoublyLinkedList::setIteratorMode masks intern flags).

Version 7.1.10

Core:

Fixed bug #75042 (run-tests.php issues with EXTENSION block).

BCMath:

CLI server:

Fixed bug #70470 (Built-in server truncates headers spanning over TCP packets).

CURL:

Fixed bug #75093 (OpenSSL support not detected).

GD:

Fixed bug #75124 (gdImageGrayScale() may produce colors).

Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?).

Gettext:

Fixed bug #73730 (textdomain(null) throws in strict mode).

Intl:

Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent class).

Fixed bug #75193 (segfault in collator_convert_object_to_string).

PDO_OCI:

Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).

SPL:

Fixed bug #75155 (AppendIterator::append() is broken when appending another AppendIterator).

Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop).

Standard:

Fixed bug #75152 (signed integer overflow in parse_iv).

Fixed bug #75097 (gethostname fails if your host name is 64 chars long).

Version 7.0.24

Core:

Fixed bug #75042 (run-tests.php issues with EXTENSION block).

BCMath:

CLI server:

Fixed bug #70470 (Built-in server truncates headers spanning over TCP packets).

CURL:

Fixed bug #75093 (OpenSSL support not detected).

GD:

Fixed bug #75124 (gdImageGrayScale() may produce colors).

Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?).

Gettext:

Fixed bug #73730 (textdomain(null) throws in strict mode).

Intl:

Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent class).

PDO_OCI:

Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).

SPL:

Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop).

Standard:

Fixed bug #75097 (gethostname fails if your host name is 64 chars long).

Version 7.1.9

Core:

cURL:

Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).

Date:

Fixed bug#75002 (Null Pointer Dereference in timelib_time_clone).

Intl:

Fixed bug #74993 (Wrong reflection on some locale_* functions).

Mbstring:

MySQLi:

Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with an abstract class).

OCI8:

Expose oci_unregister_taf_callback() (Tianfang Yang)

Opcache:

Fixed bug #74980 (Narrowing occurred during type inference).

phar:

Fixed bug #74991 (include_path has a 4096 char limit in some cases).

Reflection:

Fixed bug #74949 (null pointer dereference in _function_string).

Session:

Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start with "#").

Fixed bug #74833 (SID constant created with wrong module number).

SimpleXML:

Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces).

SPL:

Standard:

WDDX:

Fixed bug #73793 (WDDX uses wrong decimal seperator).

XMLRPC:

Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared properties).

Version 7.0.23

Core:

cURL:

Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).

Date:

Fixed bug #75002 (Null Pointer Dereference in timelib_time_clone).

Intl:

Fixed bug #74993 (Wrong reflection on some locale_* functions).

Mbstring:

MySQLi:

Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with an abstract class).

OCI8:

Expose oci_unregister_taf_callback() (Tianfang Yang)

phar:

Fixed bug #74991 (include_path has a 4096 char limit in some cases).

Reflection:

Fixed bug #74949 (null pointer dereference in _function_string).

Session:

Fixed bug #74833 (SID constant created with wrong module number).

SimpleXML:

Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces).

SPL:

Standard:

WDDX:

Fixed bug #73793 (WDDX uses wrong decimal seperator).

XMLRPC:

Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared properties).

Version 7.1.8

Core:

Date:

Fixed bug #74852 (property_exists returns true on unknown DateInterval property).

OCI8:

Fixed bug #74625 (Integer overflow in oci_bind_array_by_name).

Opcache:

Fixed bug #74623 (Infinite loop in type inference when using HTMLPurifier).

OpenSSL:

Fixed bug #74798 (pkcs7_en/decrypt does not work if \x0a is used in content).

Added OPENSSL_DONT_ZERO_PAD_KEY constant to prevent key padding and fix bug #71917 (openssl_open() returns junk on envelope < 16 bytes) and bug #72362 (OpenSSL Blowfish encryption is incorrect for short keys).

PDO:

Fixed bug #69356 (PDOStatement::debugDumpParams() truncates query).

SPL:

Fixed bug #73471 (PHP freezes with AppendIterator).

SQLite3:

Fixed bug #74883 (SQLite3::__construct() produces "out of memory" exception with invalid flags).

Wddx:

Fixed bug #73173 (huge memleak when wddx_unserialize).

Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV). (CVE-2017-11143)

zlib:

Fixed bug #73944 (dictionary option of inflate_init() does not work).

Version 7.0.22

Core:

Date:

Fixed bug #74852 (property_exists returns true on unknown DateInterval property).

OCI8:

Fixed bug #74625 (Integer overflow in oci_bind_array_by_name).

Opcache:

Fixed bug #74840 (Opcache overwrites argument of GENERATOR_RETURN within finally).

PDO:

Fixed bug #69356 (PDOStatement::debugDumpParams() truncates query).

SPL:

Fixed bug #73471 (PHP freezes with AppendIterator).

SQLite3:

Fixed bug #74883 (SQLite3::__construct() produces "out of memory" exception with invalid flags).

Wddx:

Fixed bug #73173 (huge memleak when wddx_unserialize).

Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV). (CVE-2017-11143)

zlib:

Fixed bug #73944 (dictionary option of inflate_init() does not work).

Version 7.1.7

Core:

Date:

Fixed bug #74639 (implement clone for DatePeriod and DateInterval).

DOM:

Fixed bug #69373 (References to deleted XPath query results).

GD:

Fixed bug #74435 (Buffer over-read into uninitialized memory). (CVE-2017-7890)

Intl:

Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (CVE-2017-11362)

Fixed bug #74705 (Wrong reflection on Collator::getSortKey and collator_get_sort_key).

Mbstring:

Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)

OCI8:

Add TAF callback (PR #2459).

Opcache:

Fixed bug #74663 (Segfault with opcache.memory_protect and validate_timestamp).

Revert opcache.enable_cli to default disabled.

OpenSSL:

Fixed bug #74720 (pkcs7_en/decrypt does not work if \x1a is used in content).

Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (CVE-2017-11144)

PDO_OCI:

Support Instant Client 12.2 in --with-pdo-oci configure option.

Reflection:

Fixed bug #74673 (Segfault when cast Reflection object to string with undefined constant).

SPL:

Fixed bug #74478 (null coalescing operator failing with SplFixedArray).

FTP:

Fixed bug #74598 (ftp:// wrapper ignores context arg).

PHAR:

Fixed bug #74386 (Phar::__construct reflection incorrect).

SOAP:

Fixed bug #74679 (Incorrect conversion array with WSDL_CACHE_MEMORY).

Streams:

Fixed bug #74556 (stream_socket_get_name() returns '\0').

Version 7.0.21

Core:

DOM:

Fixed bug #69373 (References to deleted XPath query results).

GD:

Fixed bug #74435 (Buffer over-read into uninitialized memory). (CVE-2017-7890)

Intl:

Mbstring:

Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)

OCI8:

Add TAF callback (PR #2459).

Opcache:

Fixed bug #74663 (Segfault with opcache.memory_protect and validate_timestamp).

OpenSSL:

Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (CVE-2017-11144)

PCRE:

Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).

PDO_OCI:

Support Instant Client 12.2 in --with-pdo-oci configure option.

Reflection:

Fixed bug #74673 (Segfault when cast Reflection object to string with undefined constant).

SPL:

Fixed bug #74478 (null coalescing operator failing with SplFixedArray).

Standard:

Fixed bug #74708 (Invalid Reflection signatures for random_bytes and random_int).

Fixed bug #73648 (Heap buffer overflow in substr).

FTP:

Fixed bug #74598 (ftp:// wrapper ignores context arg).

PHAR:

Fixed bug #74386 (Phar::__construct reflection incorrect).

SOAP:

Fixed bug #74679 (Incorrect conversion array with WSDL_CACHE_MEMORY).

Streams:

Fixed bug #74556 (stream_socket_get_name() returns '\0').

Version 7.1.6

Core:

intl:

Fixed bug #74468 (wrong reflection on Collator::sortWithSortKeys).

MySQLi:

Fixed bug #74547 (mysqli::change_user() doesn't accept null as $database argument w/strict_types).

Opcache:

Fixed bug #74596 (SIGSEGV with opcache.revalidate_path enabled).

phar:

Fixed bug #51918 (Phar::webPhar() does not handle requests sent through PUT and DELETE method).

Readline:

Fixed bug #74490 (readline() moves the cursor to the beginning of the line).

Standard:

Fixed bug #74510 (win32/sendmail.c anchors CC header but not BCC).

xmlreader:

Fixed bug #74457 (Wrong reflection on XMLReader::expand).

Version 7.0.20

Core:

Fixed bug #74600 (crash (SIGSEGV) in _zend_hash_add_or_update_i).

Fixed bug #74546 (SIGILL in ZEND_FETCH_CLASS_CONSTANT_SPEC_CONST_CONST).

intl:

Fixed bug #74468 (wrong reflection on Collator::sortWithSortKeys).

MySQLi:

Fixed bug #74547 (mysqli::change_user() doesn't accept null as $database argument w/strict_types).

Opcache:

Fixed bug #74596 (SIGSEGV with opcache.revalidate_path enabled).

phar:

Fixed bug #51918 (Phar::webPhar() does not handle requests sent through PUT and DELETE method).

Standard:

Fixed bug #74510 (win32/sendmail.c anchors CC header but not BCC).

xmlreader:

Fixed bug #74457 (Wrong reflection on XMLReader::expand).

Version 7.1.5

Core:

Date:

Fixed bug #74404 (Wrong reflection on DateTimeZone::getTransitions).

Fixed bug #74080 (add constant for RFC7231 format datetime).

DOM:

Fixed bug #74416 (Wrong reflection on DOMNode::cloneNode).

Fileinfo:

Fixed bug #74379 (syntax error compile error in libmagic/apprentice.c).

GD:

Fixed bug #74343 (compile fails on solaris 11 with system gd2 library).

MySQLnd:

Fixed bug #74376 (Invalid free of persistent results on error/connection loss).

Intl:

Opcache:

OpenSSL:

phar:

Fixed bug #74383 (phar method parameters reflection correction).

Readline:

Fixed bug #74489 (readline() immediately returns false in interactive console mode).

Standard:

Fixed bug #72071 (setcookie allows max-age to be negative).

Fixed bug #74361 (Compaction in array_rand() violates COW).

Streams:

Fixed bug #74429 (Remote socket URI with unique persistence identifier broken).

Version 7.0.19

Core:

Date:

Fixed bug #74404 (Wrong reflection on DateTimeZone::getTransitions).

Fixed bug #74080 (add constant for RFC7231 format datetime).

DOM:

Fixed bug #74416 (Wrong reflection on DOMNode::cloneNode).

Fileinfo:

Fixed bug #74379 (syntax error compile error in libmagic/apprentice.c).

GD:

Fixed bug #74343 (compile fails on solaris 11 with system gd2 library).

intl:

Fixed bug #74433 (wrong reflection for Normalizer methods).

Fixed bug #74439 (wrong reflection for Locale methods).

MySQLi:

Fixed bug #74432 (mysqli_connect adding ":3306" to $host if $port parameter not given).

MySQLnd:

Added support for MySQL 8.0 types.

Fixed bug #74376 (Invalid free of persistent results on error/connection loss).

OpenSSL:

phar:

Fixed bug #74383 (phar method parameters reflection correction).

Standard:

Fixed bug #74409 (Reflection information for ini_get_all() is incomplete).

Fixed bug #72071 (setcookie allows max-age to be negative).

Streams:

Fixed bug #74429 (Remote socket URI with unique persistence identifier broken).

SQLite3:

Fixed bug #74413 (incorrect reflection for SQLite3::enableExceptions).

Version 7.1.4

Core:

Apache:

Reverted patch for bug #61471, fixes bug #74318.

Date:

Fixed bug #72096 (Swatch time value incorrect for dates before 1970).

DOM:

Fixed bug #74004 (LIBXML_NOWARNING flag ingnored on loadHTML*).

iconv:

Fixed bug #74230 (iconv fails to fail on surrogates).

Opcache:

Fixed bug #74250 (OPcache compilation performance regression in PHP 5.6/7 with huge classes).

OpenSSL:

Fixed bug #72333 (fwrite() on non-blocking SSL sockets doesn't work).

PDO MySQL:

Fixed bug #71003 (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO interface).

SPL:

Fixed bug #74058 (ArrayObject can not notice changes).

SQLite:

Fixed bug #74217 (Allow creation of deterministic sqlite functions).

Streams:

Fixed bug #74216 (Correctly fail on invalid IP address ports).

zlib:

Fixed bug #74240 (deflate_add can allocate too much memory).

Version 7.0.18

Core:

Apache:

Reverted patch for bug #61471, fixes bug #74318.

Date:

Fixed bug #72096 (Swatch time value incorrect for dates before 1970).

DOM:

Fixed bug #74004 (LIBXML_NOWARNING flag ingnored on loadHTML*).

iconv:

Fixed bug #74230 (iconv fails to fail on surrogates).

OpenSSL:

Fixed bug #72333 (fwrite() on non-blocking SSL sockets doesn't work).

PDO MySQL:

Fixed bug #71003 (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO interface).

Streams:

Fixed bug #74216 (Correctly fail on invalid IP address ports).

Zlib:

Fixed bug #74240 (deflate_add can allocate too much memory).

Version 7.1.3

Core:

Apache:

Fixed bug #61471 (Incomplete POST does not timeout but is passed to PHP).

Date:

Fixed bug #73837 ("new DateTime()" sometimes returns 1 second ago value).

FPM:

Fixed bug #69860 (php-fpm process accounting is broken with keepalive).

Hash:

Fixed bug #73127 (gost-crypto hash incorrect if input data contains long 0xFF sequence).

GD:

Fixed bug #74031 (ReflectionFunction for imagepng is missing last two parameters).

Mysqlnd:

Fixed bug #74021 (fetch_array broken data. Data more then MEDIUMBLOB).

Opcache:

Fixed bug #74019 (Segfault with list).

OpenSSL:

Fixed bug #74022 (PHP Fast CGI crashes when reading from a pfx file).

Fixed bug #74099 (Memory leak with openssl_encrypt()).

Standard:

Streams:

Fixed bug #73496 (Invalid memory access in zend_inline_hash_func).

Fixed bug #74090 (stream_get_contents maxlength>-1 returns empty string).

Version 7.0.17

Core:

Apache:

Fixed bug #61471 (Incomplete POST does not timeout but is passed to PHP).

Date:

FPM:

Fixed bug #69860 (php-fpm process accounting is broken with keepalive).

Hash:

Fixed bug #73127 (gost-crypto hash incorrect if input data contains long 0xFF sequence).

GD:

Fixed bug #74031 (ReflectionFunction for imagepng is missing last two parameters).

Mysqlnd:

Fixed bug #74021 (fetch_array broken data. Data more then MEDIUMBLOB).

Opcache:

Fixed bug #74152 (if statement says true to a null variable).

Fixed bug #74019 (Segfault with list).

OpenSSL:

Fixed bug #74022 (PHP Fast CGI crashes when reading from a pfx file).

Standard:

Streams:

Fixed bug #73496 (Invalid memory access in zend_inline_hash_func).

Fixed bug #74090 (stream_get_contents maxlength>-1 returns empty string).

Version 7.1.2

Core:

DOM:

Fixed bug #54382 (getAttributeNodeNS doesn't get xmlns* attributes).

DTrace:

Fixed bug #73965 (DTrace reported as enabled when disabled).

FCGI:

Fixed bug #73904 (php-cgi fails to load -c specified php.ini file).

Fixed bug #72898 (PHP_FCGI_CHILDREN is not included in phpinfo()).

FPM:

Fixed bug #69865 (php-fpm does not close stderr when using syslog).

GD:

Fixed bug #73968 (Premature failing of XBM reading).

GMP:

Fixed bug #69993 (test for gmp.h needs to test machine includes).

Hash:

Added hash_hkdf() function.

Fixed bug #73961 (environmental build dependency in hash sha3 source).

Intl:

Fix bug #73956 (Link use CC instead of CXX).

LDAP:

Fixed bug #73933 (error/segfault with ldap_mod_replace and opcache).

MySQLi:

Fixed bug #73949 (leak in mysqli_fetch_object).

Mysqlnd:

Fixed bug #69899 (segfault on close() after free_result() with mysqlnd).

Opcache:

Fixed bug #73983 (crash on finish work with phar in cli + opcache).

OpenSSL:

PDO_Firebird:

Implemented FR #72583 (All data are fetched as strings).

PDO_PgSQL:

Fixed bug #73959 (lastInsertId fails to throw an exception for wrong sequence name).

Phar:

Fixed bug #70417 (PharData::compress() doesn't close temp file).

posix:

Fixed bug #71219 (configure script incorrectly checks for ttyname_r).

Session:

Fixed bug #69582 (session not readable by root in CLI).

SPL:

Fixed bug #73896 (spl_autoload() crashes when calls magic _call()).

Standard:

ZIP:

Fixed bug #70103 (ZipArchive::addGlob ignores remove_all_path option).

Version 7.0.16

Core:

DOM:

Fixed bug #54382 (getAttributeNodeNS doesn't get xmlns* attributes).

DTrace:

Fixed bug #73965 (DTrace reported as enabled when disabled).

FPM:

Fixed bug #67583 (double fastcgi_end_request on max_children limit).

Fixed bug #69865 (php-fpm does not close stderr when using syslog).

GD:

Fixed bug #73968 (Premature failing of XBM reading).

GMP:

Fixed bug #69993 (test for gmp.h needs to test machine includes).

Intl:

Fixed bug #73956 (Link use CC instead of CXX).

LDAP:

Fixed bug #73933 (error/segfault with ldap_mod_replace and opcache).

MySQLi:

Fixed bug #73949 (leak in mysqli_fetch_object).

Mysqlnd:

Fixed bug #69899 (segfault on close() after free_result() with mysqlnd).

Opcache:

Fixed bug #73983 (crash on finish work with phar in cli + opcache).

OpenSSL:

Fixed bug #71519 (add serial hex to return value array).

PDO_Firebird:

Implemented FR #72583 (All data are fetched as strings).

PDO_PgSQL:

Fixed bug #73959 (lastInsertId fails to throw an exception for wrong sequence name).

Phar:

Fixed bug #70417 (PharData::compress() doesn't close temp file).

posix:

Fixed bug #71219 (configure script incorrectly checks for ttyname_r).

Session:

Fixed bug #69582 (session not readable by root in CLI).

SPL:

Fixed bug #73896 (spl_autoload() crashes when calls magic _call()).

Standard:

ZIP:

Fixed bug #70103 (ZipArchive::addGlob ignores remove_all_path option).

Version 7.0.15

Core:

COM:

Fixed bug #73679 (DOTNET read access violation using invalid codepage).

DOM:

Fixed bug #67474 (getElementsByTagNameNS filter on default ns).

EXIF:

Fixed bug #73737 (FPE when parsing a tag format). (CVE-2016-10158)

GD:

Fixed bug #73869 (Signed Integer Overflow gd_io.c). (CVE-2016-10168)

Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (CVE-2016-10167)

GMP:

Fixed bug #70513 (GMP Deserialization Type Confusion Vulnerability).

Mysqli:

Fixed bug #73462 (Persistent connections don't set $connect_errno).

Mysqlnd:

Fixed issue with decoding BIT columns when having more than one rows in the result set. 7.0+ problem.

Fixed bug #73800 (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE).

PCRE:

Fixed bug #73612 (preg_*() may leak memory).

PDO_Firebird:

Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning statement).

Phar:

Phpdbg:

Reflection:

Fixed bug #46103 (ReflectionObject memory leak).

Streams:

Fixed bug #73586 (php_user_filter::$stream is not set to the stream the filter is working on).

SQLite3:

Reverted fix for #73530 (Unsetting result set may reset other result set).

Standard:

Zlib:

Fixed bug #73373 (deflate_add does not verify that output was not truncated).

Version 7.1.1

Core

CLI

Fixed bug #72555 (CLI output(japanese) on Windows).

COM

Fixed bug #73679 (DOTNET read access violation using invalid codepage).

DOM

Fixed bug #67474 (getElementsByTagNameNS filter on default ns).

EXIF

Fixed bug #73737 (FPE when parsing a tag format). (CVE-2016-10158)

GD

Fixed bug #73869 (Signed Integer Overflow gd_io.c). (CVE-2016-10168)

Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (CVE-2016-10167)

mbstring

Fixed bug #73646 (mb_ereg_search_init null pointer dereference).

MySQLi

Fixed bug #73462 (Persistent connections don't set $connect_errno).

mysqlnd

Optimized handling of BIT fields - less memory copies and lower memory usage.

Fixed bug #73800 (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE).

opcache

PDO Firebird

Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning statement).

Phar:

phpdbg

Fixed bug #73794 (Crash (out of memory) when using run and # command separator).

Fixed bug #73704 (phpdbg shows the wrong line in files with shebang).

SQLite3

Reverted fix for Fixed bug #73530 (Unsetting result set may reset other result set).

Standard

zlib

Fixed bug #73373 (deflate_add does not verify that output was not truncated).

Version 7.0.14

Core:

Calendar:

(Fix integer overflows).

Date:

Fixed bug #69587 (DateInterval properties and isset).

DTrace:

Disabled PHP call tracing by default (it makes significant overhead). This may be enabled again using envirionment variable USE_ZEND_DTRACE=1.

JSON:

Fixed bug #73526 (php_json_encode depth issue).

Mysqlnd:

Fixed bug #64526 (Add missing mysqlnd.* parameters to php.ini-*).

ODBC:

Fixed bug #73448 (odbc_errormsg returns trash, always 513 bytes).

Opcache:

Fixed bug #69090 (check cached files permissions).

Fixed bug #73546 (Logging for opcache has an empty file name).

PCRE:

Fixed bug #73483 (Segmentation fault on pcre_replace_callback).

Fixed bug #73392 (A use-after-free in zend allocator management).

PDO_Firebird:

Fixed bug #73087, #61183, #71494 (Memory corruption in bindParam).

Phar:

Fixed bug #73580 (Phar::isValidPharFilename illegal memory access).

Postgres:

Fixed bug #73498 (Incorrect SQL generated for pg_copy_to()).

Soap:

Fixed bug #73538 (SoapClient::__setSoapHeaders doesn't overwrite SOAP headers).

Fixed bug #73452 (Segfault (Regression for #69152)).

SPL:

Fixed bug #73423 (Reproducible crash with GDB backtrace).

SQLite3:

Fixed bug #73530 (Unsetting result set may reset other result set).

Standard:

Fixed bug #73297 (HTTP stream wrapper should ignore HTTP 100 Continue).

Fixed bug #73645 (version_compare illegal write access).

Wddx:

Fixed bug #73631 (Invalid read when wddx decodes empty boolean element). (CVE-2016-9935)

XML:

Fixed bug #72135 (malformed XML causes fault).

Version 7.1.0

Core:

Apache2handler:

Enable per-module logging in Apache 2.4+.

BCmath:

Fix bug #73190 (memcpy negative parameter _bc_new_num_ex).

Bz2:

Fixed bug #72837 (integer overflow in bzdecompress caused heap corruption).

Fixed bug #72613 (Inadequate error handling in bzread()).

Calendar:

CLI Server:

Fixed bug #73360 (Unable to work in root with unicode chars).

Fixed bug #71276 (Built-in webserver does not send Date header).

COM:

Curl:

Date:

Dba:

Fixed bug #70825 (Cannot fetch multiple values with group in ini file).

Data modification functions (e.g.: dba_insert()) now throw an instance of Error instead of triggering a catchable fatal error if the key is does not contain exactly two elements.

DOM:

DTrace:

Disabled PHP call tracing by default (it makes significant overhead). This may be enabled again using envirionment variable USE_ZEND_DTRACE=1.

EXIF:

Filter:

FPM:

Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).

FTP:

Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with require_ssl_reuse).

Implemented FR #55651 (Option to ignore the returned FTP PASV address).

GD:

Hash:

Added SHA3 fixed mode algorithms (224, 256, 384, and 512 bit).

Added SHA512/256 and SHA512/224 algorithms.

iconv:

Fixed bug #72320 (iconv_substr returns false for empty strings).

IMAP:

Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads to crash).

An email address longer than 16385 bytes will throw an instance of Error instead of resulting in a fatal error.

Interbase:

Fixed bug #73512 (Fails to find firebird headers as don't use fb_config output).

Intl:

JSON:

LDAP:

Providing an unknown modification type to ldap_batch_modify() will now throw an instance of Error instead of resulting in a fatal error.

Mbstring:

Mcrypt:

Mysqli:

Attempting to read an invalid or write to a readonly property will throw an instance of Error instead of resulting in a fatal error.

Mysqlnd:

OCI8:

ODBC:

Fixed bug #73448 (odbc_errormsg returns trash, always 513 bytes).

Opcache:

OpenSSL:

Pcntl:

PCRE:

PDO:

PDO_DBlib:

PDO_Firebird:

Fixed bug #73087, #61183, #71494 (Memory corruption in bindParam).

Fixed bug #60052 (Integer returned as a 64bit integer on X86_64).

PDO_pgsql:

Phar:

Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile).

Fixed bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile).

phpdbg:

Added generator command for inspection of currently alive generators.

Postgres:

Readline:

Fixed bug #72538 (readline_redisplay crashes php).

Reflection:

Session:

SimpleXML:

SNMP:

Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory allocation).

Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()).

Soap:

SPL:

SQLite3:

Standard:

Streams:

sysvshm:

Fixed bug #72858 (shm_attach null dereference).

Tidy:

Implemented support for libtidy 5.0.0 and above.

Creating a tidyNode manually will now throw an instance of Error instead of resulting in a fatal error.

Wddx:

XML:

XMLRPC:

Zip:

Version 7.0.13

Core:

GD:

IMAP:

Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads to crash).

OCI8:

Fixed bug #71148 (Bind reference overwritten on PHP 7).

phpdbg:

Session:

Fixed bug #73273 (session_unset() empties values from all variables in which is $_session stored).

SOAP:

SQLite3:

Fixed bug #73333 (2147483647 is fetched as string).

Standard:

Wddx:

Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet Deserialization with PDORow). (CVE-2016-9934)

Version 7.0.12

Core:

BCmath:

Fixed bug #73190 (memcpy negative parameter _bc_new_num_ex).

COM:

Fixed bug #73126 (Cannot pass parameter 1 by reference).

Date:

Fixed bug #73091 (Unserializing DateInterval object may lead to __toString invocation).

DOM:

Fixed bug #73150 (missing NULL check in dom_document_save_html).

Filter:

Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE).

Fixed bug #73054 (default option ignored when object passed to int filter).

GD:

Intl:

Fixed bug #73218 (add mitigation for ICU int overflow).

Mbstring:

Mysqlnd:

Fixed bug #72489 (PHP Crashes When Modifying Array Containing MySQLi Result Data).

Opcache:

Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp() function).

OpenSSL:

PCRE:

Fixed bug #73121 (Bundled PCRE doesn't compile because JIT isn't supported on s390).

Fixed bug #73174 (heap overflow in php_pcre_replace_impl).

PDO_DBlib:

phpdbg:

Fixed bug #72996 (phpdbg_prompt.c undefined reference to DL_LOAD).

Fixed next command not stopping when leaving function.

Session:

Fixed bug #68015 (Session does not report invalid uid for files save handler).

Fixed bug #73100 (session_destroy null dereference in ps_files_path_create).

SimpleXML:

Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()).

SOAP:

Fixed bug #71711 (Soap Server Member variables reference bug).

Fixed bug #71996 (Using references in arrays doesn't work like expected).

SPL:

Fixed bug #73257, Fixed bug #73258 (SplObjectStorage unserialize allows use of non-object as key).

SQLite3:

Updated bundled SQLite3 to 3.14.2.

Zip:

Fixed bug #70752 (Depacking with wrong password leaves 0 length files).

Version 7.0.11

Core:

COM:

Fixed bug #72922 (COM called from PHP does not return out parameters).

Dba:

Fixed bug #70825 (Cannot fetch multiple values with group in ini file).

FTP:

Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with require_ssl_reuse).

GD:

iconv:

Fixed bug #72320 (iconv_substr returns false for empty strings).

IMAP:

Fixed bug #72852 (imap_mail null dereference).

Intl:

Fixed bug #65732 (grapheme_*() is not Unicode compliant on CR LF sequence).

Fixed bug #73007 (add locale length check). (CVE-2016-7416)

Mysqlnd:

Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields). (CVE-2016-7412)

OCI8:

Fixed invalid handle error with Implicit Result Sets.

Fixed bug #72524 (Binding null values triggers ORA-24816 error).

Opcache:

Fixed bug #72949 (Typo in opcache error message).

PDO:

PDO_DBlib:

Implemented stringify 'uniqueidentifier' fields.

PDO_pgsql:

Implemented FR #72633 (Postgres PDO lastInsertId() should work without specifying a sequence).

Fixed bug #72759 (Regression in pgo_pgsql).

Phar:

Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile). (CVE-2016-7414)

Fixed bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile).

Reflection:

Fixed bug #72846 (getConstant for a array constant with constant values returns NULL/NFC/UKNOWN).

Session:

Fixed bug #72724 (PHP7: session-uploadprogress kills httpd).

Fixed bug #72940 (SID always return "name=ID", even if session cookie exist).

SimpleXML:

Fixed bug #72971 (SimpleXML isset/unset do not respect namespace).

Fixed bug #72957 (Null coalescing operator doesn't behave as expected with SimpleXMLElement).

SPL:

Fixed bug #73029 (Missing type check when unserializing SplArray). (CVE-2016-7417)

Standard:

Streams:

SQLite3:

Downgraded bundled SQLite to 3.8.10.2, see #73068

Sysvshm:

Fixed bug #72858 (shm_attach null dereference).

Wddx:

Fixed bug #72860 (wddx_deserialize use-after-free). (CVE-2016-7413)

Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). (CVE-2016-7418)

XML:

Fixed bug #72085 (SEGV on unknown address zif_xml_parse).

Fixed bug #72714 (_xml_startElementHandler() segmentation fault).

ZIP:

Fixed bug #68302 (impossible to compile php with zip support).

Version 7.0.10

Core:

Bz2:

Fixed bug #72837 (integer overflow in bzdecompress caused heap corruption).

Calendar:

Fixed bug #67976 (cal_days_month() fails for final month of the French calendar).

Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in zif_cal_from_jd).

COM:

Fixed bug #72569 (DOTNET/COM array parameters broke in PHP7).

CURL:

DOM:

Fixed bug #66502 (DOM document dangling reference).

EXIF:

Fixed bug #72735 (Samsung picture thumb not read (zero size)).

Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (CVE-2016-7128)

Filter:

Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range).

FPM:

Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).

GD:

Intl:

Fixed bug #72639 (Segfault when instantiating class that extends IntlCalendar and adds a property).

Partially fixed Fixed bug #72506 (idn_to_ascii for UTS #46 incorrect for long domain names).

mbstring:

Mcrypt:

Fixed bug #72782 (Heap Overflow due to integer overflows).

Opcache:

Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).

PCRE:

Fixed bug #72688 (preg_match missing group names in matches).

PDO_pgsql:

Fixed bug #70313 (PDO statement fails to throw exception).

Reflection:

Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).

SimpleXML:

Fixed bug #72588 (Using global var doesn't work while accessing SimpleXML element).

SNMP:

Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory allocation).

SPL:

SQLite3:

Standard:

Streams:

XMLRPC:

Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing array elements).

Wddx:

Zip:

Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd).

Version 7.0.9

Core:

bz2:

Fixed bug #72613 (Inadequate error handling in bzread()). (CVE-2016-5399)

CLI:

Fixed bug #72484 (SCRIPT_FILENAME shows wrong path if the user specify router.php).

COM:

Fixed bug #72498 (variant_date_from_timestamp null dereference).

Curl:

Fixed bug #72541 (size_t overflow lead to heap corruption).

Date:

Fixed bug #66836 (DateTime::createFromFormat 'U' with pre 1970 dates fails parsing).

Exif:

Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE). (CVE-2016-6291)

Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment). (CVE-2016-6292)

GD:

Intl:

Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (CVE-2016-6294)

Mbstring:

Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access).

Fixed bug #72399 (Use-After-Free in MBString (search_re)).

mcrypt:

Fixed bug #72551, bug #72552 (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic).

PDO_pgsql:

Fixed bug #72570 (Segmentation fault when binding parameters on a query without placeholders).

PCRE:

Fixed bug #72476 (Memleak in jit_stack).

Fixed bug #72463 (mail fails with invalid argument).

Readline:

Fixed bug #72538 (readline_redisplay crashes php).

Standard:

Fixed bug #72505 (readfile() mangles files larger than 2G).

Fixed bug #72306 (Heap overflow through proc_open and $env parameter).

Session:

Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow).

Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session Deserialization).

SNMP:

Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()). (CVE-2016-6295)

Streams:

Fixed bug #72439 (Stream socket with remote address leads to a segmentation fault).

XMLRPC:

Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c). (CVE-2016-6296)

Zip:

Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener). (CVE-2016-6297)

Version 7.0.8

Core:

Date:

Fixed bug #63740 (strtotime seems to use both sunday and monday as start of week).

FPM:

Fixed bug #72308 (fastcgi_finish_request and logging environment variables).

GD:

Intl:

Fixed bug #70484 (selectordinal doesn't work with named parameters).

mbstring:

Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (CVE-2016-5768)

mcrypt:

Fixed bug #72455 (Heap Overflow due to integer overflows). (CVE-2016-5769)

OpenSSL:

Fixed bug #72140 (segfault after calling ERR_free_strings()).

PCRE:

Fixed bug #72143 (preg_replace uses int instead of size_t).

PDO_pgsql:

Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound).

Fixed bug #72294 (Segmentation fault/invalid pointer in connection with pgsql_stmt_dtor).

Phar:

Fixed bug #72321 (invalid free in phar_extract_file()). (CVE-2016-4473)

Phpdbg:

Fixed bug #72284 (phpdbg fatal errors with coverage).

Postgres:

Fixed bug #72195 (pg_pconnect/pg_connect cause use-after-free).

Fixed bug #72197 (pg_lo_create arbitrary read).

Standard:

WDDX:

Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (CVE-2016-5772)

XML:

Fixed bug #72206 (xml_parser_create/xml_parser_free leaks mem).

XMLRPC:

Fixed bug #72155 (use-after-free caused by get_zval_xmlrpc_type).

Zip:

Fixed bug #72258 (ZipArchive converts filenames to unrecoverable form).

Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (CVE-2016-5773)

Version 7.0.7

Core:

Curl:

Fixed bug #68658 (Define CURLE_SSL_CACERT_BADFILE).

DBA:

Fixed bug #72157 (use-after-free caused by dba_open).

GD:

Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456)

Intl:

Fixed bug #64524 (Add intl.use_exceptions to php.ini-*).

Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (CVE-2016-5093)

JSON:

Fixed bug #72069 (Behavior \JsonSerializable different from json_encode).

Mbstring:

Fixed bug #72164 (Null Pointer Dereference - mb_ereg_replace).

OCI8:

Fixed bug #71600 (oci_fetch_all segfaults when selecting more than eight columns).

Opcache:

Fixed bug #72014 (Including a file with anonymous classes multiple times leads to fatal error).

OpenSSL:

Fixed bug #72165 (Null pointer dereference - openssl_csr_new).

PCNTL:

Fixed bug #72154 (pcntl_wait/pcntl_waitpid array internal structure overwrite).

POSIX:

Fixed bug #72133 (php_posix_group_to_array crashes if gr_passwd is NULL).

Postgres:

Reflection:

Fixed bug #72174 (ReflectionProperty#getValue() causes __isset call).

Session:

Fixed bug #71972 (Cyclic references causing session_start(): Failed to decode session object).

Sockets:

Added socket_export_stream() function for getting a stream compatible resource from a socket resource.

SPL:

Fixed bug #72051 (The reference in CallbackFilterIterator doesn't work as expected).

SQLite3:

Fixed bug #68849 (bindValue is not using the right data type).

Standard:

Fixed bug #72075 (Referencing socket resources breaks stream_select).

Fixed bug #72031 (array_column() against an array of objects discards all values matching null).

Version 7.0.6

Core:

BCmath:

Fixed bug #72093 (bcpowmod accepts negative scale and corrupts _one_ definition). (CVE-2016-4537, CVE-2016-4538)

Curl:

Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string).

Date:

Fixed bug #71889 (DateInterval::format Segmentation fault).

EXIF:

Fixed bug #72094 (Out of bounds heap read access in exif header processing). (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)

GD:

Fixed bug #71912 (libgd: signedness vulnerability). (CVE-2016-3074)

Intl:

ODBC:

Fixed bug #63171 (Script hangs after max_execution_time).

Opcache:

Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).

PDO:

Fixed bug #52098 (Own PDOStatement implementation ignore __call()).

Fixed bug #71447 (Quotes inside comments not properly handled).

PDO_DBlib:

Fixed bug #71943 (dblib_handle_quoter needs to allocate an extra byte).

Add DBLIB-specific attributes for controlling timeouts.

PDO_pgsql:

Fixed bug #62498 (pdo_pgsql inefficient when getColumnMeta() is used).

Postgres:

Fixed bug #71820 (pg_fetch_object binds parameters before call constructor).

Fixed bug #71998 (Function pg_insert does not insert when column type = inet).

SOAP:

Fixed bug #71986 (Nested foreach assign-by-reference creates broken variables).

SPL:

Standard:

XML:

Fixed bug #72099 (xml_parse_into_struct segmentation fault). (CVE-2016-4539)

Zip:

Fixed bug #71923 (integer overflow in ZipArchive::getFrom*). (CVE-2016-3078)

Version 7.0.5

Core:

CLI Server:

Fixed bug #69953 (Support MKCALENDAR request method).

Curl:

Fixed bug #71694 (Support constant CURLM_ADDED_ALREADY).

Date:

Fixed bug #71635 (DatePeriod::getEndDate segfault).

Fileinfo:

Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic file). (CVE-2015-8865)

libxml:

Fixed bug #71536 (Access Violation crashes php-cgi.exe).

mbstring:

Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in mbfl_strcut). (CVE-2016-4073)

ODBC:

Fixed bug #47803, #69526 (Executing prepared statements is succesfull only for the first two statements).

PCRE:

Fixed bug #71659 (segmentation fault in pcre running twig tests).

PDO_DBlib:

Fixed bug #54648 (PDO::MSSQL forces format of datetime fields).

Phar:

phpdbg:

Fixed crash when advancing (except step) inside an internal function.

Session:

Fixed bug #71683 (Null pointer dereference in zend_hash_str_find_bucket).

SNMP:

Fixed bug #71704 (php_snmp_error() Format String Vulnerability). (CVE-2016-4071)

SPL:

Fixed bug #71617 (private properties lost when unserializing ArrayObject).

Standard:

Fixed bug #71660 (array_column behaves incorrectly after foreach by reference).

Fixed bug #71798 (Integer Overflow in php_raw_url_encode). (CVE-2016-4070)

Zip:

Update bundled libzip to 1.1.2.

Version 7.0.4

Core:

CLI server:

Fixed bug #71559 (Built-in HTTP server, we can download file in web by bug).

CURL:

Fixed bug #71523 (Copied handle with new option CURLOPT_HTTPHEADER crashes while curl_multi_exec).

Fixed memory leak in curl_getinfo().

Date:

Fixed bug #71525 (Calls to date_modify will mutate timelib_rel_time, causing date_date_set issues).

Fileinfo:

Fixed bug #71434 (finfo throws notice for specific python file).

FPM:

Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi setup).

Fixed bug #71269 (php-fpm dumped core).

Opcache:

Fixed bug #71584 (Possible use-after-free of ZCG(cwd) in Zend Opcache).

PCRE:

Fixed bug #71537 (PCRE segfault from Opcache).

phpdbg:

Fixed inherited functions from unspecified files being included in phpdbg_get_executable().

SOAP:

Fixed bug #71610 (Type Confusion Vulnerability - SOAP / make_http_soap_request()). (CVE-2016-3185)

Standard:

Fixed bug #71603 (compact() maintains references in php7).

Fixed bug #70720 (strip_tags improper php code parsing).

XMLRPC:

Fixed bug #71501 (xmlrpc_encode_request ignores encoding option).

Zip:

Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo).

Version 7.0.3

Core:

Apache2handler:

Fix >2G Content-Length headers in apache2handler.

CURL:

Fixed bug #71227 (Can't compile php_curl statically).

Fixed bug #71225 (curl_setopt() fails to set CURLOPT_POSTFIELDS with reference to CURLFile).

GD:

Improved fix for bug #70976.

Interbase:

Fixed bug #71305 (Crash when optional resource is omitted).

LDAP:

Fixed bug #71249 (ldap_mod_replace/ldap_mod_add store value as string "Array").

mbstring:

Fixed bug #71397 (mb_send_mail segmentation fault).

OpenSSL:

Fixed bug #71475 (openssl_seal() uninitialized memory usage).

PCRE:

Upgraded bundled PCRE library to 8.38. (CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)

Phar:

SOAP:

Fixed bug #70979 (crash with bad soap request).

SPL:

Standard:

WDDX:

Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization).

Version 7.0.2

Core:

CURL:

Fixed bug #71144 (Sementation fault when using cURL with ZTS).

DBA:

Fixed key leak with invalid resource.

Filter:

Fixed bug #71063 (filter_input(INPUT_ENV, ..) does not work).

FTP:

Implemented FR #55651 (Option to ignore the returned FTP PASV address).

FPM:

Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (CVE-2016-5114)

GD:

Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds). (CVE-2016-1903)

Mbstring:

Fixed bug #71066 (mb_send_mail: Program terminated with signal SIGSEGV, Segmentation fault).

Opcache:

Fixed bug #71127 (Define in auto_prepend_file is overwrite).

PCRE:

Fixed bug #71178 (preg_replace with arrays creates [0] in replace array if not already set).

Readline:

Fixed bug #71094 (readline_completion_function corrupts static array on second TAB).

Session:

Fixed bug #71122 (Session GC may not remove obsolete session data).

SPL:

Fixed bug #71077 (ReflectionMethod for ArrayObject constructor returns wrong number of parameters).

Fixed bug #71153 (Performance Degradation in ArrayIterator with large arrays).

Standard:

Fixed bug #71270 (Heap BufferOver Flow in escapeshell functions). (CVE-2016-1904)

WDDX:

Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).

Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion Vulnerability).

XMLRPC:

Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker).

Version 7.0.1

Core:

CLI server:

Fixed bug #71005 (Segfault in php_cli_server_dispatch_router()).

Intl:

Fixed bug #71020 (Use after free in Collator::sortWithSortKeys). (CVE-2015-8616)

Mysqlnd:

Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).

Fixed bug #68344 (MySQLi does not provide way to disable peer certificate validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT connection flag.

OCI8:

Fixed LOB implementation size_t/zend_long mismatch reported by gcov.

Opcache:

PDO_Firebird:

Fixed bug #60052 (Integer returned as a 64bit integer on X64_86).

Phpdbg:

Fixed stderr being written to stdout.

Reflection:

Fixed bug #71018 (ReflectionProperty::setValue() behavior changed).

Fixed bug #70982 (setStaticPropertyValue behaviors inconsistently with 5.6).

Soap:

Fixed bug #70993 (Array key references break argument processing).

SPL:

Fixed bug #71028 (Undefined index with ArrayIterator).

SQLite3:

Fixed bug #71049 (SQLite3Stmt::execute() releases bound parameter instead of internal buffer).

Standard:

Fixed bug #70999 (php_random_bytes: called object is not a function).

Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number of parameters).

Streams/Socket:

Add IPV6_V6ONLY constant / make it usable in stream contexts.

Version 7.0.0

Core:

CLI server:

COM:

Fixed bug #69939 (Casting object to bool returns false).

Curl:

Date:

DBA:

Fixed bug #62490 (dba_delete returns true on missing item (inifile)).

Fixed bug #68711 (useless comparisons).

DOM:

EXIF:

Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).

Fileinfo:

Fixed bug #66242 (libmagic: don't assume char is signed).

Filter:

New FILTER_VALIDATE_DOMAIN and better RFC conformance for FILTER_VALIDATE_URL.

Fixed bug #67167 (Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE).

FPM:

FTP:

Fixed bug #69082 (FTPS support on Windows).

GD:

GMP:

Fixed bug #70284 (Use after free vulnerability in unserialize() with GMP).

hash:

Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).

IMAP:

Fixed bug #70158 (Building with static imap fails).

Fixed bug #69998 (curl multi leaking memory).

Intl:

JSON:

LDAP:

Fixed bug #47222 (Implement LDAP_OPT_DIAGNOSTIC_MESSAGE).

LiteSpeed:

Updated LiteSpeed SAPI code from V5.5 to V6.6.

libxml:

Fixed handling of big lines in error messages with libxml >= 2.9.0.

Mcrypt:

Mysqli:

Fixed bug #32490 (constructor of mysqli has wrong name).

Mysqlnd:

OCI8:

ODBC:

Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns. (CVE-2015-8879)

Opcache:

OpenSSL:

Pcntl:

PCRE:

PDO:

PDO_DBlib:

Fixed bug #69757 (Segmentation fault on nextRowset).

PDO_mysql:

Fixed bug #68424 (Add new PDO mysql connection attr to control multi statements option).

PDO_OCI:

Fixed bug #70308 (PDO::ATTR_PREFETCH is ignored).

PDO_pgsql:

Fixed bug #69752 (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u).

Removed PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT attribute in favor of ATTR_EMULATE_PREPARES).

Phar:

Phpdbg:

Reflection:

Session:

SOAP:

SPL:

SQLite3:

Standard:

Streams:

Tokenizer:

Fixed bug #69430 (token_get_all has new irrecoverable errors).

XMLReader:

Fixed bug #70309 (XmlReader read generates extra output).

XMLRPC:

Fixed bug #70526 (xmlrpc_set_type returns false on success).

XSL:

Zlib:

Added deflate_init(), deflate_add(), inflate_init(), inflate_add() functions allowing incremental/streaming compression/decompression.

Zip:

0 0