PHP 7 ChangeLog
PHP 7 ChangeLog
Version 7.1.19
CLI Server:
Fixed bug #76333 (PHP built-in server does not find files if root path contains special characters).
OpenSSL:
Fixed bug #76296 (openssl_pkey_get_public does not respect open_basedir).
Fixed bug #76174 (openssl extension fails to build with LibreSSL 2.7).
SPL:
Fixed bug #76367 (NoRewindIterator segfault 11).
Standard:
Fixed bug #76335 ("link(): Bad file descriptor" with non-ASCII path).
Fixed bug #76383 (array_map on $GLOBALS returns IS_INDIRECT).
Version 7.2.7
Core:
Fixed bug #76337 (segfault when opcache enabled + extension use zend_register_class_alias).
CLI Server:
Fixed bug #76333 (PHP built-in server does not find files if root path contains special characters).
OpenSSL:
Fixed bug #76296 (openssl_pkey_get_public does not respect open_basedir).
Fixed bug #76174 (openssl extension fails to build with LibreSSL 2.7).
SPL:
Fixed bug #76367 (NoRewindIterator segfault 11).
Standard:
Fixed bug #76410 (SIGV in zend_mm_alloc_small).
Fixed bug #76335 ("link(): Bad file descriptor" with non-ASCII path).
Version 7.1.18
FPM:
Fixed bug #76075 --with-fpm-acl wrongly tries to find libacl on FreeBSD.
intl:
Fixed bug #74385 (Locale::parseLocale() broken with some arguments).
Opcache:
Reflection:
Fixed arginfo for array_replace(_recursive) and array_merge(_recursive).
Version 7.2.6
EXIF:
Fixed bug #76164 (exif_read_data zend_mm_heap corrupted).
FPM:
Fixed bug #76075 --with-fpm-acl wrongly tries to find libacl on FreeBSD.
intl:
Fixed bug #74385 (Locale::parseLocale() broken with some arguments).
Opcache:
Reflection:
Fixed arginfo of array_replace(_recursive) and array_merge(_recursive).
Session:
Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start with "#").
Version 7.2.5
Core:
Fixed bug #75722 (Convert valgrind detection to configure option).
Date:
Fixed bug #76131 (mismatch arginfo for date_create).
Exif:
Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)
FPM:
Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list too long).
Fixed incorrect write to getenv result in FPM reload.
GD:
Fixed bug #52070 (imagedashedline() - dashed line sometimes is not visible).
iconv:
Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)
intl:
Fixed bug #76153 (Intl compilation fails with icu4c 61.1).
ldap:
Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)
mbstring:
Fixed bug #75944 (Wrong cp1251 detection).
Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1).
ODBC:
Fixed bug #76088 (ODBC functions are not available by default on Windows).
Opcache:
Fixed bug #76094 (Access violation when using opcache).
Phar:
Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)
phpdbg:
Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite).
SPL:
Fixed bug #76131 (mismatch arginfo for splarray constructor).
standard:
Fixed bug #74139 (mail.add_x_header default inconsistent with docs).
Fixed bug #75996 (incorrect url in header for mt_rand).
Version 7.1.17
Date:
Fixed bug #76131 (mismatch arginfo for date_create).
Exif:
Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)
FPM:
Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list too long).
Fixed incorrect write to getenv result in FPM reload.
GD:
Fixed bug #52070 (imagedashedline() - dashed line sometimes is not visible).
iconv:
Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)
intl:
Fixed bug #76153 (Intl compilation fails with icu4c 61.1).
ldap:
Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)
mbstring:
Fixed bug #75944 (Wrong cp1251 detection).
Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1).
Phar:
Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)
phpdbg:
Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite).
SPL:
Fixed bug #76131 (mismatch arginfo for splarray constructor).
standard:
Fixed bug #75996 (incorrect url in header for mt_rand).
Version 7.0.30
Exif:
Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)
iconv:
Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)
LDAP:
Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)
Phar:
Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)
Version 7.2.4
Core:
Fixed bug #76025 (Segfault while throwing exception in error_handler).
Fixed bug #76044 ('date: illegal option -- -' in ./configure on FreeBSD).
FPM:
Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)
FTP:
Fixed ftp_pasv arginfo.
GD:
iconv:
Fixed bug #75867 (Freeing uninitialized pointer).
Mbstring:
Fixed bug #62545 (wrong unicode mapping in some charsets).
Opcache:
Fixed bug #75969 (Assertion failure in live range DCE due to block pass misoptimization).
OpenSSL:
Fixed openssl_* arginfos.
PCNTL:
Fixed bug #75873 (pcntl_wexitstatus returns incorrect on Big_Endian platform (s390x)).
Phar:
Fixed bug #76085 (Segmentation fault in buildFromIterator when directory name contains a \n).
Standard:
Version 7.1.16
Core:
Fixed bug #76025 (Segfault while throwing exception in error_handler).
Fixed bug #76044 ('date: illegal option -- -' in ./configure on FreeBSD).
FPM:
Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)
GD:
Fixed bug #73957 (signed integer conversion in imagescale()).
ODBC:
Fixed bug #76088 (ODBC functions are not available by default on Windows).
Opcache:
Fixed bug #76074 (opcache corrupts variable in for-loop).
Phar:
Fixed bug #76085 (Segmentation fault in buildFromIterator when directory name contains a \n).
Standard:
Fixed bug #74139 (mail.add_x_header default inconsistent with docs).
Fixed bug #76068 (parse_ini_string fails to parse "[foo]\nbar=1|>baz" with segfault).
Version 7.0.29
FPM:
Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)
Version 7.2.3
Core:
Fixed bug #75864 ("stream_isatty" returns wrong value on s390x).
Apache2Handler:
Fixed bug #75882 (a simple way for segfaults in threadsafe php just with configuration).
Date:
LDAP:
Fixed bug #49876 (Fix LDAP path lookup on 64-bit distros).
libxml2:
Fixed bug #75871 (use pkg-config where available).
PGSQL:
Fixed bug #75838 (Memory leak in pg_escape_bytea()).
Phar:
ODBC:
Fixed bug #73725 (Unable to retrieve value of varchar(max) type).
Opcache:
SPL:
Fixed bug #74519 (strange behavior of AppendIterator).
Standard:
Fixed bug #75916 (DNS_CAA record results contain garbage).
Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)
Version 7.1.15
Apache2Handler:
Fixed bug #75882 (a simple way for segfaults in threadsafe php just with configuration).
Date:
PGSQL:
Fixed #75838 (Memory leak in pg_escape_bytea()).
ODBC:
Fixed bug #73725 (Unable to retrieve value of varchar(max) type).
LDAP:
Fixed bug #49876 (Fix LDAP path lookup on 64-bit distros).
libxml2:
Fixed bug #75871 (use pkg-config where available).
Phar:
Fixed bug #65414 (deal with leading slash when adding files correctly).
SPL:
Fixed bug #74519 (strange behavior of AppendIterator).
Standard:
Fixed bug #75916 (DNS_CAA record results contain garbage).
Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)
Version 7.0.28
Standard:
Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)
Version 7.2.2
Core:
FCGI:
Fixed bug #75794 (getenv() crashes on Windows 7.2.1 when second parameter is false).
IMAP:
Fixed bug #75774 (imap_append HeapCorruction).
Opcache:
PDO:
Fixed bug #75616 (PDO extension doesn't allow to be built shared on Darwin).
PDO MySQL:
Fixed bug #75615 (PDO Mysql module can't be built as module).
PGSQL:
Fixed bug #75671 (pg_version() crashes when called on a connection to cockroach).
Readline:
Fixed bug #75775 (readline_read_history segfaults with empty file).
SAPI:
Fixed bug #75735 ( Segmentation fault in sapi_register_post_entry).
SOAP:
Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is used).
Fixed bug #75502 (Segmentation fault in zend_string_release).
SPL:
Standard:
Fixed bug #75781 (substr_count incorrect result).
Fixed bug #75653 (array_values don't work on empty array).
Zip:
Display headers (buildtime) and library (runtime) versions in phpinfo (with libzip >= 1.3.1).
Version 7.1.14
Core:
FCGI:
Fixed bug #75794 (getenv() crashes on Windows 7.2.1 when second parameter is false).
IMAP:
Fixed bug #75774 (imap_append HeapCorruction).
Opcache:
Fixed bug #75720 (File cache not populated after SHM runs full).
Fixed bug #75579 (Interned strings buffer overflow may cause crash).
PGSQL:
Fixed bug #75671 (pg_version() crashes when called on a connection to cockroach).
Readline:
Fixed bug #75775 (readline_read_history segfaults with empty file).
SAPI:
Fixed bug #75735 ( Segmentation fault in sapi_register_post_entry).
SOAP:
Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is used).
Fixed bug #75502 (Segmentation fault in zend_string_release).
SPL:
Standard:
Fixed bug #75781 (substr_count incorrect result).
Version 7.2.1
Core:
CLI server:
Fixed bug #73830 (Directory does not exist).
FPM:
Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).
GD:
Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)
Opcache:
PCRE:
Fixed bug #74183 (preg_last_error not returning error code after error).
Phar:
Fixed bug #74782 (Reflected XSS in .phar 404 page). (CVE-2018-5712)
Standard:
Zip:
Fixed bug #75540 (Segfault with libzip 1.3.1).
Version 7.1.13
Core:
CLI Server:
Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router script).
Fixed bug #73830 (Directory does not exist).
FPM:
Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).
GD:
Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)
Opcache:
PCRE:
Fixed bug #74183 (preg_last_error not returning error code after error).
Phar:
Fixed bug #74782 (Reflected XSS in .phar 404 page). (CVE-2018-5712)
Standard:
Zip:
Fixed bug #75540 (Segfault with libzip 1.3.1).
Version 7.0.27
CLI Server:
Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router script).
Core:
Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26).
FPM:
Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).
GD:
Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)
Opcache:
Fixed bug #75579 (Interned strings buffer overflow may cause crash).
PCRE:
Fixed bug #74183 (preg_last_error not returning error code after error).
Phar:
Fixed bug #74782 (Reflected XSS in .phar 404 page). (CVE-2018-5712)
Standard:
Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault).
Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
Zip:
Fixed bug #75540 (Segfault with libzip 1.3.1).
Version 7.2.0
BCMath:
Fixed bug #46564 (bcmod truncates fractionals).
CLI:
Fixed bug #74849 (Process is started as interactive shell in PhpStorm).
Fixed bug #74979 (Interactive shell opening instead of script execution with -f flag).
CLI server:
Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router script).
Core:
cURL:
Fixed bug #75093 (OpenSSL support not detected).
Better fix for #74125 (use pkg-config instead of curl-config).
Date:
Dba:
Fixed bug #72885 (flatfile: dba_fetch() fails to read replaced entry).
DOM:
Implemented FR #74837 (Implement Countable for DomNodeList and DOMNamedNodeMap).
EXIF:
Fileinfo:
Upgrade bundled libmagic to 5.31.
FPM:
Configuration to limit fpm slow log trace callers.
Fixed bug #75212 (php_value acts like php_admin_value).
FTP:
Implement MLSD for structured listing of directories.
Added ftp_append() function.
GD:
GMP:
Fixed bug #70896 (gmp_fact() silently ignores non-integer input).
Hash:
IMAP:
Fixed bug #72324 (imap_mailboxmsginfo() return wrong size).
Intl:
Fixed bug #63790 (test using Spoofchecker which may be unavailable).
Fixed bug #75378 ([REGRESSION] IntlDateFormatter::parse() does not change $position argument).
JSON:
LDAP:
Mbstring:
Mcrypt:
The deprecated mcrypt extension has been moved to PECL.
Opcache:
OpenSSL:
PCRE:
phar:
Fixed bug #74196 (phar does not correctly handle names containing dots).
PDO:
Add "Sent SQL" to debug dump for emulated prepares.
Add parameter types for national character set strings.
PDO_DBlib:
PDO_OCI:
Fixed bug #74537 (Align --with-pdo-oci configure option with --with-oci8 syntax).
PDO_Sqlite:
Switch to sqlite3_prepare_v2() and sqlite3_close_v2() functions (rasmus)
PHPDBG:
Added extended_value to opcode dump output.
Session:
Sodium:
New cryptographic extension
Added missing bindings for libsodium > 1.0.13.
SPL:
Fixed bug #71412 (Incorrect arginfo for ArrayIterator::__construct).
Added spl_object_id().
SQLite3:
Implement writing to blobs.
Update to Sqlite 3.20.1.
Standard:
Streams:
Default ssl/single_dh_use and ssl/honor_cipher_order to true.
XML:
Moved utf8_encode() and utf8_decode() to the Standard extension.
XMLRPC:
Use Zend MM for allocation in bundled libxmlrpc (Joe)
ZIP:
zlib:
Expose inflate_get_status() and inflate_get_read_len() functions.
Version 7.1.12
Core:
Fixed bug #75420 (Crash when modifing property name in __isset for BP_VAR_IS).
Fixed bug #75368 (mmap/munmap trashing on unlucky allocations).
CLI:
Fixed bug #75287 (Builtin webserver crash after chdir in a shutdown function).
Enchant:
Fixed bug #53070 (enchant_broker_get_path crashes if no path is set).
Fixed bug #75365 (Enchant still reports version 1.1.0).
Exif:
Fixed bug #75301 (Exif extension has built in revision version).
GD:
Fixed bug #65148 (imagerotate may alter image dimensions).
Fixed bug #75437 (Wrong reflection on imagewebp).
intl:
Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead of destination).
interbase:
Fixed bug #75453 (Incorrect reflection for ibase_[p]connect).
Mysqli:
Fixed bug #75434 (Wrong reflection for mysqli_fetch_all function).
OCI8:
Fixed valgrind issue.
OpenSSL:
Fixed bug #75363 (openssl_x509_parse leaks memory).
Fixed bug #75307 (Wrong reflection for openssl_open function).
Opcache:
Fixed bug #75373 (Warning Internal error: wrong size calculation).
PGSQL:
Fixed bug #75419 (Default link incorrectly cleared/linked by pg_close()).
SOAP:
Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders).
Zlib:
Fixed bug #75299 (Wrong reflection on inflate_init and inflate_add).
Version 7.0.26
Core:
Fixed bug #75420 (Crash when modifing property name in __isset for BP_VAR_IS).
Fixed bug #75368 (mmap/munmap trashing on unlucky allocations).
CLI:
Fixed bug #75287 (Builtin webserver crash after chdir in a shutdown function).
Enchant:
Fixed bug #53070 (enchant_broker_get_path crashes if no path is set).
Fixed bug #75365 (Enchant still reports version 1.1.0).
Exif:
Fixed bug #75301 (Exif extension has built in revision version).
GD:
Fixed bug #65148 (imagerotate may alter image dimensions).
Fixed bug #75437 (Wrong reflection on imagewebp).
intl:
Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead of destination).
interbase:
Fixed bug #75453 (Incorrect reflection for ibase_[p]connect).
Mysqli:
Fixed bug #75434 (Wrong reflection for mysqli_fetch_all function).
OCI8:
Fixed valgrind issue.
Opcache:
Fixed bug #75373 (Warning Internal error: wrong size calculation).
OpenSSL:
Fixed bug #75363 (openssl_x509_parse leaks memory).
Fixed bug #75307 (Wrong reflection for openssl_open function).
PGSQL:
Fixed bug #75419 (Default link incorrectly cleared/linked by pg_close()).
SOAP:
Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders).
Zlib:
Fixed bug #75299 (Wrong reflection on inflate_init and inflate_add).
Version 7.1.11
Core:
Date:
Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)
Apache2Handler:
Fixed bug #75311 (error: 'zend_hash_key' has no member named 'arKey' in apache2handler).
Hash:
Fixed bug #75303 (sha3 hangs on bigendian).
Intl:
Fixed bug #75318 (The parameter of UConverter::getAliases() is not optional).
litespeed:
Fixed bug #75248 (Binary directory doesn't get created when building only litespeed SAPI).
Fixed bug #75251 (Missing program prefix and suffix).
mcrypt:
Fixed bug #72535 (arcfour encryption stream filter crashes php).
MySQLi:
Fixed bug #75018 (Data corruption when reading fields of bit type).
OCI8:
Fixed incorrect reference counting.
Opcache:
Fixed bug #75255 (Request hangs and not finish).
PCRE:
Fixed bug #75207 (applied upstream patch for CVE-2016-1283).
PDO_mysql:
Fixed bug #75177 (Type 'bit' is fetched as unexpected string).
SPL:
Fixed bug #73629 (SplDoublyLinkedList::setIteratorMode masks intern flags).
Version 7.0.25
Core:
Apache2Handler:
Fixed bug #75311 (error: 'zend_hash_key' has no member named 'arKey' in apache2handler).
Date:
Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)
Intl:
Fixed bug #75318 (The parameter of UConverter::getAliases() is not optional).
mcrypt:
Fixed bug #72535 (arcfour encryption stream filter crashes php).
OCI8:
Fixed incorrect reference counting.
PCRE:
Fixed bug #75207 (applied upstream patch for CVE-2016-1283).
litespeed:
Fixed bug #75248 (Binary directory doesn't get created when building only litespeed SAPI).
Fixed bug #75251 (Missing program prefix and suffix).
SPL:
Fixed bug #73629 (SplDoublyLinkedList::setIteratorMode masks intern flags).
Version 7.1.10
Core:
Fixed bug #75042 (run-tests.php issues with EXTENSION block).
BCMath:
CLI server:
Fixed bug #70470 (Built-in server truncates headers spanning over TCP packets).
CURL:
Fixed bug #75093 (OpenSSL support not detected).
GD:
Fixed bug #75124 (gdImageGrayScale() may produce colors).
Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?).
Gettext:
Fixed bug #73730 (textdomain(null) throws in strict mode).
Intl:
Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent class).
Fixed bug #75193 (segfault in collator_convert_object_to_string).
PDO_OCI:
Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).
SPL:
Fixed bug #75155 (AppendIterator::append() is broken when appending another AppendIterator).
Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop).
Standard:
Fixed bug #75152 (signed integer overflow in parse_iv).
Fixed bug #75097 (gethostname fails if your host name is 64 chars long).
Version 7.0.24
Core:
Fixed bug #75042 (run-tests.php issues with EXTENSION block).
BCMath:
CLI server:
Fixed bug #70470 (Built-in server truncates headers spanning over TCP packets).
CURL:
Fixed bug #75093 (OpenSSL support not detected).
GD:
Fixed bug #75124 (gdImageGrayScale() may produce colors).
Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?).
Gettext:
Fixed bug #73730 (textdomain(null) throws in strict mode).
Intl:
Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent class).
PDO_OCI:
Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).
SPL:
Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop).
Standard:
Fixed bug #75097 (gethostname fails if your host name is 64 chars long).
Version 7.1.9
Core:
cURL:
Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).
Date:
Fixed bug#75002 (Null Pointer Dereference in timelib_time_clone).
Intl:
Fixed bug #74993 (Wrong reflection on some locale_* functions).
Mbstring:
MySQLi:
Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with an abstract class).
OCI8:
Expose oci_unregister_taf_callback() (Tianfang Yang)
Opcache:
Fixed bug #74980 (Narrowing occurred during type inference).
phar:
Fixed bug #74991 (include_path has a 4096 char limit in some cases).
Reflection:
Fixed bug #74949 (null pointer dereference in _function_string).
Session:
Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start with "#").
Fixed bug #74833 (SID constant created with wrong module number).
SimpleXML:
Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces).
SPL:
Standard:
WDDX:
Fixed bug #73793 (WDDX uses wrong decimal seperator).
XMLRPC:
Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared properties).
Version 7.0.23
Core:
cURL:
Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).
Date:
Fixed bug #75002 (Null Pointer Dereference in timelib_time_clone).
Intl:
Fixed bug #74993 (Wrong reflection on some locale_* functions).
Mbstring:
MySQLi:
Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with an abstract class).
OCI8:
Expose oci_unregister_taf_callback() (Tianfang Yang)
phar:
Fixed bug #74991 (include_path has a 4096 char limit in some cases).
Reflection:
Fixed bug #74949 (null pointer dereference in _function_string).
Session:
Fixed bug #74833 (SID constant created with wrong module number).
SimpleXML:
Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces).
SPL:
Standard:
WDDX:
Fixed bug #73793 (WDDX uses wrong decimal seperator).
XMLRPC:
Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared properties).
Version 7.1.8
Core:
Date:
Fixed bug #74852 (property_exists returns true on unknown DateInterval property).
OCI8:
Fixed bug #74625 (Integer overflow in oci_bind_array_by_name).
Opcache:
Fixed bug #74623 (Infinite loop in type inference when using HTMLPurifier).
OpenSSL:
Fixed bug #74798 (pkcs7_en/decrypt does not work if \x0a is used in content).
Added OPENSSL_DONT_ZERO_PAD_KEY constant to prevent key padding and fix bug #71917 (openssl_open() returns junk on envelope < 16 bytes) and bug #72362 (OpenSSL Blowfish encryption is incorrect for short keys).
PDO:
Fixed bug #69356 (PDOStatement::debugDumpParams() truncates query).
SPL:
Fixed bug #73471 (PHP freezes with AppendIterator).
SQLite3:
Fixed bug #74883 (SQLite3::__construct() produces "out of memory" exception with invalid flags).
Wddx:
Fixed bug #73173 (huge memleak when wddx_unserialize).
Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV). (CVE-2017-11143)
zlib:
Fixed bug #73944 (dictionary option of inflate_init() does not work).
Version 7.0.22
Core:
Date:
Fixed bug #74852 (property_exists returns true on unknown DateInterval property).
OCI8:
Fixed bug #74625 (Integer overflow in oci_bind_array_by_name).
Opcache:
Fixed bug #74840 (Opcache overwrites argument of GENERATOR_RETURN within finally).
PDO:
Fixed bug #69356 (PDOStatement::debugDumpParams() truncates query).
SPL:
Fixed bug #73471 (PHP freezes with AppendIterator).
SQLite3:
Fixed bug #74883 (SQLite3::__construct() produces "out of memory" exception with invalid flags).
Wddx:
Fixed bug #73173 (huge memleak when wddx_unserialize).
Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV). (CVE-2017-11143)
zlib:
Fixed bug #73944 (dictionary option of inflate_init() does not work).
Version 7.1.7
Core:
Date:
Fixed bug #74639 (implement clone for DatePeriod and DateInterval).
DOM:
Fixed bug #69373 (References to deleted XPath query results).
GD:
Fixed bug #74435 (Buffer over-read into uninitialized memory). (CVE-2017-7890)
Intl:
Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (CVE-2017-11362)
Fixed bug #74705 (Wrong reflection on Collator::getSortKey and collator_get_sort_key).
Mbstring:
Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)
OCI8:
Add TAF callback (PR #2459).
Opcache:
Fixed bug #74663 (Segfault with opcache.memory_protect and validate_timestamp).
Revert opcache.enable_cli to default disabled.
OpenSSL:
Fixed bug #74720 (pkcs7_en/decrypt does not work if \x1a is used in content).
Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (CVE-2017-11144)
PDO_OCI:
Support Instant Client 12.2 in --with-pdo-oci configure option.
Reflection:
Fixed bug #74673 (Segfault when cast Reflection object to string with undefined constant).
SPL:
Fixed bug #74478 (null coalescing operator failing with SplFixedArray).
FTP:
Fixed bug #74598 (ftp:// wrapper ignores context arg).
PHAR:
Fixed bug #74386 (Phar::__construct reflection incorrect).
SOAP:
Fixed bug #74679 (Incorrect conversion array with WSDL_CACHE_MEMORY).
Streams:
Fixed bug #74556 (stream_socket_get_name() returns '\0').
Version 7.0.21
Core:
DOM:
Fixed bug #69373 (References to deleted XPath query results).
GD:
Fixed bug #74435 (Buffer over-read into uninitialized memory). (CVE-2017-7890)
Intl:
Mbstring:
Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)
OCI8:
Add TAF callback (PR #2459).
Opcache:
Fixed bug #74663 (Segfault with opcache.memory_protect and validate_timestamp).
OpenSSL:
Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (CVE-2017-11144)
PCRE:
Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
PDO_OCI:
Support Instant Client 12.2 in --with-pdo-oci configure option.
Reflection:
Fixed bug #74673 (Segfault when cast Reflection object to string with undefined constant).
SPL:
Fixed bug #74478 (null coalescing operator failing with SplFixedArray).
Standard:
Fixed bug #74708 (Invalid Reflection signatures for random_bytes and random_int).
Fixed bug #73648 (Heap buffer overflow in substr).
FTP:
Fixed bug #74598 (ftp:// wrapper ignores context arg).
PHAR:
Fixed bug #74386 (Phar::__construct reflection incorrect).
SOAP:
Fixed bug #74679 (Incorrect conversion array with WSDL_CACHE_MEMORY).
Streams:
Fixed bug #74556 (stream_socket_get_name() returns '\0').
Version 7.1.6
Core:
intl:
Fixed bug #74468 (wrong reflection on Collator::sortWithSortKeys).
MySQLi:
Fixed bug #74547 (mysqli::change_user() doesn't accept null as $database argument w/strict_types).
Opcache:
Fixed bug #74596 (SIGSEGV with opcache.revalidate_path enabled).
phar:
Fixed bug #51918 (Phar::webPhar() does not handle requests sent through PUT and DELETE method).
Readline:
Fixed bug #74490 (readline() moves the cursor to the beginning of the line).
Standard:
Fixed bug #74510 (win32/sendmail.c anchors CC header but not BCC).
xmlreader:
Fixed bug #74457 (Wrong reflection on XMLReader::expand).
Version 7.0.20
Core:
Fixed bug #74600 (crash (SIGSEGV) in _zend_hash_add_or_update_i).
Fixed bug #74546 (SIGILL in ZEND_FETCH_CLASS_CONSTANT_SPEC_CONST_CONST).
intl:
Fixed bug #74468 (wrong reflection on Collator::sortWithSortKeys).
MySQLi:
Fixed bug #74547 (mysqli::change_user() doesn't accept null as $database argument w/strict_types).
Opcache:
Fixed bug #74596 (SIGSEGV with opcache.revalidate_path enabled).
phar:
Fixed bug #51918 (Phar::webPhar() does not handle requests sent through PUT and DELETE method).
Standard:
Fixed bug #74510 (win32/sendmail.c anchors CC header but not BCC).
xmlreader:
Fixed bug #74457 (Wrong reflection on XMLReader::expand).
Version 7.1.5
Core:
Date:
Fixed bug #74404 (Wrong reflection on DateTimeZone::getTransitions).
Fixed bug #74080 (add constant for RFC7231 format datetime).
DOM:
Fixed bug #74416 (Wrong reflection on DOMNode::cloneNode).
Fileinfo:
Fixed bug #74379 (syntax error compile error in libmagic/apprentice.c).
GD:
Fixed bug #74343 (compile fails on solaris 11 with system gd2 library).
MySQLnd:
Fixed bug #74376 (Invalid free of persistent results on error/connection loss).
Intl:
Opcache:
OpenSSL:
phar:
Fixed bug #74383 (phar method parameters reflection correction).
Readline:
Fixed bug #74489 (readline() immediately returns false in interactive console mode).
Standard:
Fixed bug #72071 (setcookie allows max-age to be negative).
Fixed bug #74361 (Compaction in array_rand() violates COW).
Streams:
Fixed bug #74429 (Remote socket URI with unique persistence identifier broken).
Version 7.0.19
Core:
Date:
Fixed bug #74404 (Wrong reflection on DateTimeZone::getTransitions).
Fixed bug #74080 (add constant for RFC7231 format datetime).
DOM:
Fixed bug #74416 (Wrong reflection on DOMNode::cloneNode).
Fileinfo:
Fixed bug #74379 (syntax error compile error in libmagic/apprentice.c).
GD:
Fixed bug #74343 (compile fails on solaris 11 with system gd2 library).
intl:
Fixed bug #74433 (wrong reflection for Normalizer methods).
Fixed bug #74439 (wrong reflection for Locale methods).
MySQLi:
Fixed bug #74432 (mysqli_connect adding ":3306" to $host if $port parameter not given).
MySQLnd:
Added support for MySQL 8.0 types.
Fixed bug #74376 (Invalid free of persistent results on error/connection loss).
OpenSSL:
phar:
Fixed bug #74383 (phar method parameters reflection correction).
Standard:
Fixed bug #74409 (Reflection information for ini_get_all() is incomplete).
Fixed bug #72071 (setcookie allows max-age to be negative).
Streams:
Fixed bug #74429 (Remote socket URI with unique persistence identifier broken).
SQLite3:
Fixed bug #74413 (incorrect reflection for SQLite3::enableExceptions).
Version 7.1.4
Core:
Apache:
Reverted patch for bug #61471, fixes bug #74318.
Date:
Fixed bug #72096 (Swatch time value incorrect for dates before 1970).
DOM:
Fixed bug #74004 (LIBXML_NOWARNING flag ingnored on loadHTML*).
iconv:
Fixed bug #74230 (iconv fails to fail on surrogates).
Opcache:
Fixed bug #74250 (OPcache compilation performance regression in PHP 5.6/7 with huge classes).
OpenSSL:
Fixed bug #72333 (fwrite() on non-blocking SSL sockets doesn't work).
PDO MySQL:
Fixed bug #71003 (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO interface).
SPL:
Fixed bug #74058 (ArrayObject can not notice changes).
SQLite:
Fixed bug #74217 (Allow creation of deterministic sqlite functions).
Streams:
Fixed bug #74216 (Correctly fail on invalid IP address ports).
zlib:
Fixed bug #74240 (deflate_add can allocate too much memory).
Version 7.0.18
Core:
Apache:
Reverted patch for bug #61471, fixes bug #74318.
Date:
Fixed bug #72096 (Swatch time value incorrect for dates before 1970).
DOM:
Fixed bug #74004 (LIBXML_NOWARNING flag ingnored on loadHTML*).
iconv:
Fixed bug #74230 (iconv fails to fail on surrogates).
OpenSSL:
Fixed bug #72333 (fwrite() on non-blocking SSL sockets doesn't work).
PDO MySQL:
Fixed bug #71003 (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO interface).
Streams:
Fixed bug #74216 (Correctly fail on invalid IP address ports).
Zlib:
Fixed bug #74240 (deflate_add can allocate too much memory).
Version 7.1.3
Core:
Apache:
Fixed bug #61471 (Incomplete POST does not timeout but is passed to PHP).
Date:
Fixed bug #73837 ("new DateTime()" sometimes returns 1 second ago value).
FPM:
Fixed bug #69860 (php-fpm process accounting is broken with keepalive).
Hash:
Fixed bug #73127 (gost-crypto hash incorrect if input data contains long 0xFF sequence).
GD:
Fixed bug #74031 (ReflectionFunction for imagepng is missing last two parameters).
Mysqlnd:
Fixed bug #74021 (fetch_array broken data. Data more then MEDIUMBLOB).
Opcache:
Fixed bug #74019 (Segfault with list).
OpenSSL:
Fixed bug #74022 (PHP Fast CGI crashes when reading from a pfx file).
Fixed bug #74099 (Memory leak with openssl_encrypt()).
Standard:
Streams:
Fixed bug #73496 (Invalid memory access in zend_inline_hash_func).
Fixed bug #74090 (stream_get_contents maxlength>-1 returns empty string).
Version 7.0.17
Core:
Apache:
Fixed bug #61471 (Incomplete POST does not timeout but is passed to PHP).
Date:
FPM:
Fixed bug #69860 (php-fpm process accounting is broken with keepalive).
Hash:
Fixed bug #73127 (gost-crypto hash incorrect if input data contains long 0xFF sequence).
GD:
Fixed bug #74031 (ReflectionFunction for imagepng is missing last two parameters).
Mysqlnd:
Fixed bug #74021 (fetch_array broken data. Data more then MEDIUMBLOB).
Opcache:
Fixed bug #74152 (if statement says true to a null variable).
Fixed bug #74019 (Segfault with list).
OpenSSL:
Fixed bug #74022 (PHP Fast CGI crashes when reading from a pfx file).
Standard:
Streams:
Fixed bug #73496 (Invalid memory access in zend_inline_hash_func).
Fixed bug #74090 (stream_get_contents maxlength>-1 returns empty string).
Version 7.1.2
Core:
DOM:
Fixed bug #54382 (getAttributeNodeNS doesn't get xmlns* attributes).
DTrace:
Fixed bug #73965 (DTrace reported as enabled when disabled).
FCGI:
Fixed bug #73904 (php-cgi fails to load -c specified php.ini file).
Fixed bug #72898 (PHP_FCGI_CHILDREN is not included in phpinfo()).
FPM:
Fixed bug #69865 (php-fpm does not close stderr when using syslog).
GD:
Fixed bug #73968 (Premature failing of XBM reading).
GMP:
Fixed bug #69993 (test for gmp.h needs to test machine includes).
Hash:
Added hash_hkdf() function.
Fixed bug #73961 (environmental build dependency in hash sha3 source).
Intl:
Fix bug #73956 (Link use CC instead of CXX).
LDAP:
Fixed bug #73933 (error/segfault with ldap_mod_replace and opcache).
MySQLi:
Fixed bug #73949 (leak in mysqli_fetch_object).
Mysqlnd:
Fixed bug #69899 (segfault on close() after free_result() with mysqlnd).
Opcache:
Fixed bug #73983 (crash on finish work with phar in cli + opcache).
OpenSSL:
PDO_Firebird:
Implemented FR #72583 (All data are fetched as strings).
PDO_PgSQL:
Fixed bug #73959 (lastInsertId fails to throw an exception for wrong sequence name).
Phar:
Fixed bug #70417 (PharData::compress() doesn't close temp file).
posix:
Fixed bug #71219 (configure script incorrectly checks for ttyname_r).
Session:
Fixed bug #69582 (session not readable by root in CLI).
SPL:
Fixed bug #73896 (spl_autoload() crashes when calls magic _call()).
Standard:
ZIP:
Fixed bug #70103 (ZipArchive::addGlob ignores remove_all_path option).
Version 7.0.16
Core:
DOM:
Fixed bug #54382 (getAttributeNodeNS doesn't get xmlns* attributes).
DTrace:
Fixed bug #73965 (DTrace reported as enabled when disabled).
FPM:
Fixed bug #67583 (double fastcgi_end_request on max_children limit).
Fixed bug #69865 (php-fpm does not close stderr when using syslog).
GD:
Fixed bug #73968 (Premature failing of XBM reading).
GMP:
Fixed bug #69993 (test for gmp.h needs to test machine includes).
Intl:
Fixed bug #73956 (Link use CC instead of CXX).
LDAP:
Fixed bug #73933 (error/segfault with ldap_mod_replace and opcache).
MySQLi:
Fixed bug #73949 (leak in mysqli_fetch_object).
Mysqlnd:
Fixed bug #69899 (segfault on close() after free_result() with mysqlnd).
Opcache:
Fixed bug #73983 (crash on finish work with phar in cli + opcache).
OpenSSL:
Fixed bug #71519 (add serial hex to return value array).
PDO_Firebird:
Implemented FR #72583 (All data are fetched as strings).
PDO_PgSQL:
Fixed bug #73959 (lastInsertId fails to throw an exception for wrong sequence name).
Phar:
Fixed bug #70417 (PharData::compress() doesn't close temp file).
posix:
Fixed bug #71219 (configure script incorrectly checks for ttyname_r).
Session:
Fixed bug #69582 (session not readable by root in CLI).
SPL:
Fixed bug #73896 (spl_autoload() crashes when calls magic _call()).
Standard:
ZIP:
Fixed bug #70103 (ZipArchive::addGlob ignores remove_all_path option).
Version 7.0.15
Core:
COM:
Fixed bug #73679 (DOTNET read access violation using invalid codepage).
DOM:
Fixed bug #67474 (getElementsByTagNameNS filter on default ns).
EXIF:
Fixed bug #73737 (FPE when parsing a tag format). (CVE-2016-10158)
GD:
Fixed bug #73869 (Signed Integer Overflow gd_io.c). (CVE-2016-10168)
Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (CVE-2016-10167)
GMP:
Fixed bug #70513 (GMP Deserialization Type Confusion Vulnerability).
Mysqli:
Fixed bug #73462 (Persistent connections don't set $connect_errno).
Mysqlnd:
Fixed issue with decoding BIT columns when having more than one rows in the result set. 7.0+ problem.
Fixed bug #73800 (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE).
PCRE:
Fixed bug #73612 (preg_*() may leak memory).
PDO_Firebird:
Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning statement).
Phar:
Phpdbg:
Reflection:
Fixed bug #46103 (ReflectionObject memory leak).
Streams:
Fixed bug #73586 (php_user_filter::$stream is not set to the stream the filter is working on).
SQLite3:
Reverted fix for #73530 (Unsetting result set may reset other result set).
Standard:
Zlib:
Fixed bug #73373 (deflate_add does not verify that output was not truncated).
Version 7.1.1
Core
CLI
Fixed bug #72555 (CLI output(japanese) on Windows).
COM
Fixed bug #73679 (DOTNET read access violation using invalid codepage).
DOM
Fixed bug #67474 (getElementsByTagNameNS filter on default ns).
EXIF
Fixed bug #73737 (FPE when parsing a tag format). (CVE-2016-10158)
GD
Fixed bug #73869 (Signed Integer Overflow gd_io.c). (CVE-2016-10168)
Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (CVE-2016-10167)
mbstring
Fixed bug #73646 (mb_ereg_search_init null pointer dereference).
MySQLi
Fixed bug #73462 (Persistent connections don't set $connect_errno).
mysqlnd
Optimized handling of BIT fields - less memory copies and lower memory usage.
Fixed bug #73800 (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE).
opcache
PDO Firebird
Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning statement).
Phar:
phpdbg
Fixed bug #73794 (Crash (out of memory) when using run and # command separator).
Fixed bug #73704 (phpdbg shows the wrong line in files with shebang).
SQLite3
Reverted fix for Fixed bug #73530 (Unsetting result set may reset other result set).
Standard
zlib
Fixed bug #73373 (deflate_add does not verify that output was not truncated).
Version 7.0.14
Core:
Calendar:
(Fix integer overflows).
Date:
Fixed bug #69587 (DateInterval properties and isset).
DTrace:
Disabled PHP call tracing by default (it makes significant overhead). This may be enabled again using envirionment variable USE_ZEND_DTRACE=1.
JSON:
Fixed bug #73526 (php_json_encode depth issue).
Mysqlnd:
Fixed bug #64526 (Add missing mysqlnd.* parameters to php.ini-*).
ODBC:
Fixed bug #73448 (odbc_errormsg returns trash, always 513 bytes).
Opcache:
Fixed bug #69090 (check cached files permissions).
Fixed bug #73546 (Logging for opcache has an empty file name).
PCRE:
Fixed bug #73483 (Segmentation fault on pcre_replace_callback).
Fixed bug #73392 (A use-after-free in zend allocator management).
PDO_Firebird:
Fixed bug #73087, #61183, #71494 (Memory corruption in bindParam).
Phar:
Fixed bug #73580 (Phar::isValidPharFilename illegal memory access).
Postgres:
Fixed bug #73498 (Incorrect SQL generated for pg_copy_to()).
Soap:
Fixed bug #73538 (SoapClient::__setSoapHeaders doesn't overwrite SOAP headers).
Fixed bug #73452 (Segfault (Regression for #69152)).
SPL:
Fixed bug #73423 (Reproducible crash with GDB backtrace).
SQLite3:
Fixed bug #73530 (Unsetting result set may reset other result set).
Standard:
Fixed bug #73297 (HTTP stream wrapper should ignore HTTP 100 Continue).
Fixed bug #73645 (version_compare illegal write access).
Wddx:
Fixed bug #73631 (Invalid read when wddx decodes empty boolean element). (CVE-2016-9935)
XML:
Fixed bug #72135 (malformed XML causes fault).
Version 7.1.0
Core:
Apache2handler:
Enable per-module logging in Apache 2.4+.
BCmath:
Fix bug #73190 (memcpy negative parameter _bc_new_num_ex).
Bz2:
Fixed bug #72837 (integer overflow in bzdecompress caused heap corruption).
Fixed bug #72613 (Inadequate error handling in bzread()).
Calendar:
CLI Server:
Fixed bug #73360 (Unable to work in root with unicode chars).
Fixed bug #71276 (Built-in webserver does not send Date header).
COM:
Curl:
Date:
Dba:
Fixed bug #70825 (Cannot fetch multiple values with group in ini file).
Data modification functions (e.g.: dba_insert()) now throw an instance of Error instead of triggering a catchable fatal error if the key is does not contain exactly two elements.
DOM:
DTrace:
Disabled PHP call tracing by default (it makes significant overhead). This may be enabled again using envirionment variable USE_ZEND_DTRACE=1.
EXIF:
Filter:
FPM:
Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
FTP:
Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with require_ssl_reuse).
Implemented FR #55651 (Option to ignore the returned FTP PASV address).
GD:
Hash:
Added SHA3 fixed mode algorithms (224, 256, 384, and 512 bit).
Added SHA512/256 and SHA512/224 algorithms.
iconv:
Fixed bug #72320 (iconv_substr returns false for empty strings).
IMAP:
Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads to crash).
An email address longer than 16385 bytes will throw an instance of Error instead of resulting in a fatal error.
Interbase:
Fixed bug #73512 (Fails to find firebird headers as don't use fb_config output).
Intl:
JSON:
LDAP:
Providing an unknown modification type to ldap_batch_modify() will now throw an instance of Error instead of resulting in a fatal error.
Mbstring:
Mcrypt:
Mysqli:
Attempting to read an invalid or write to a readonly property will throw an instance of Error instead of resulting in a fatal error.
Mysqlnd:
OCI8:
ODBC:
Fixed bug #73448 (odbc_errormsg returns trash, always 513 bytes).
Opcache:
OpenSSL:
Pcntl:
PCRE:
PDO:
PDO_DBlib:
PDO_Firebird:
Fixed bug #73087, #61183, #71494 (Memory corruption in bindParam).
Fixed bug #60052 (Integer returned as a 64bit integer on X86_64).
PDO_pgsql:
Phar:
Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile).
Fixed bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile).
phpdbg:
Added generator command for inspection of currently alive generators.
Postgres:
Readline:
Fixed bug #72538 (readline_redisplay crashes php).
Reflection:
Session:
SimpleXML:
SNMP:
Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory allocation).
Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()).
Soap:
SPL:
SQLite3:
Standard:
Streams:
sysvshm:
Fixed bug #72858 (shm_attach null dereference).
Tidy:
Implemented support for libtidy 5.0.0 and above.
Creating a tidyNode manually will now throw an instance of Error instead of resulting in a fatal error.
Wddx:
XML:
XMLRPC:
Zip:
Version 7.0.13
Core:
GD:
IMAP:
Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads to crash).
OCI8:
Fixed bug #71148 (Bind reference overwritten on PHP 7).
phpdbg:
Session:
Fixed bug #73273 (session_unset() empties values from all variables in which is $_session stored).
SOAP:
SQLite3:
Fixed bug #73333 (2147483647 is fetched as string).
Standard:
Wddx:
Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet Deserialization with PDORow). (CVE-2016-9934)
Version 7.0.12
Core:
BCmath:
Fixed bug #73190 (memcpy negative parameter _bc_new_num_ex).
COM:
Fixed bug #73126 (Cannot pass parameter 1 by reference).
Date:
Fixed bug #73091 (Unserializing DateInterval object may lead to __toString invocation).
DOM:
Fixed bug #73150 (missing NULL check in dom_document_save_html).
Filter:
Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE).
Fixed bug #73054 (default option ignored when object passed to int filter).
GD:
Intl:
Fixed bug #73218 (add mitigation for ICU int overflow).
Mbstring:
Mysqlnd:
Fixed bug #72489 (PHP Crashes When Modifying Array Containing MySQLi Result Data).
Opcache:
Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp() function).
OpenSSL:
PCRE:
Fixed bug #73121 (Bundled PCRE doesn't compile because JIT isn't supported on s390).
Fixed bug #73174 (heap overflow in php_pcre_replace_impl).
PDO_DBlib:
phpdbg:
Fixed bug #72996 (phpdbg_prompt.c undefined reference to DL_LOAD).
Fixed next command not stopping when leaving function.
Session:
Fixed bug #68015 (Session does not report invalid uid for files save handler).
Fixed bug #73100 (session_destroy null dereference in ps_files_path_create).
SimpleXML:
Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()).
SOAP:
Fixed bug #71711 (Soap Server Member variables reference bug).
Fixed bug #71996 (Using references in arrays doesn't work like expected).
SPL:
Fixed bug #73257, Fixed bug #73258 (SplObjectStorage unserialize allows use of non-object as key).
SQLite3:
Updated bundled SQLite3 to 3.14.2.
Zip:
Fixed bug #70752 (Depacking with wrong password leaves 0 length files).
Version 7.0.11
Core:
COM:
Fixed bug #72922 (COM called from PHP does not return out parameters).
Dba:
Fixed bug #70825 (Cannot fetch multiple values with group in ini file).
FTP:
Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with require_ssl_reuse).
GD:
iconv:
Fixed bug #72320 (iconv_substr returns false for empty strings).
IMAP:
Fixed bug #72852 (imap_mail null dereference).
Intl:
Fixed bug #65732 (grapheme_*() is not Unicode compliant on CR LF sequence).
Fixed bug #73007 (add locale length check). (CVE-2016-7416)
Mysqlnd:
Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields). (CVE-2016-7412)
OCI8:
Fixed invalid handle error with Implicit Result Sets.
Fixed bug #72524 (Binding null values triggers ORA-24816 error).
Opcache:
Fixed bug #72949 (Typo in opcache error message).
PDO:
PDO_DBlib:
Implemented stringify 'uniqueidentifier' fields.
PDO_pgsql:
Implemented FR #72633 (Postgres PDO lastInsertId() should work without specifying a sequence).
Fixed bug #72759 (Regression in pgo_pgsql).
Phar:
Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile). (CVE-2016-7414)
Fixed bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile).
Reflection:
Fixed bug #72846 (getConstant for a array constant with constant values returns NULL/NFC/UKNOWN).
Session:
Fixed bug #72724 (PHP7: session-uploadprogress kills httpd).
Fixed bug #72940 (SID always return "name=ID", even if session cookie exist).
SimpleXML:
Fixed bug #72971 (SimpleXML isset/unset do not respect namespace).
Fixed bug #72957 (Null coalescing operator doesn't behave as expected with SimpleXMLElement).
SPL:
Fixed bug #73029 (Missing type check when unserializing SplArray). (CVE-2016-7417)
Standard:
Streams:
SQLite3:
Downgraded bundled SQLite to 3.8.10.2, see #73068
Sysvshm:
Fixed bug #72858 (shm_attach null dereference).
Wddx:
Fixed bug #72860 (wddx_deserialize use-after-free). (CVE-2016-7413)
Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). (CVE-2016-7418)
XML:
Fixed bug #72085 (SEGV on unknown address zif_xml_parse).
Fixed bug #72714 (_xml_startElementHandler() segmentation fault).
ZIP:
Fixed bug #68302 (impossible to compile php with zip support).
Version 7.0.10
Core:
Bz2:
Fixed bug #72837 (integer overflow in bzdecompress caused heap corruption).
Calendar:
Fixed bug #67976 (cal_days_month() fails for final month of the French calendar).
Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in zif_cal_from_jd).
COM:
Fixed bug #72569 (DOTNET/COM array parameters broke in PHP7).
CURL:
DOM:
Fixed bug #66502 (DOM document dangling reference).
EXIF:
Fixed bug #72735 (Samsung picture thumb not read (zero size)).
Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (CVE-2016-7128)
Filter:
Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range).
FPM:
Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
GD:
Intl:
Fixed bug #72639 (Segfault when instantiating class that extends IntlCalendar and adds a property).
Partially fixed Fixed bug #72506 (idn_to_ascii for UTS #46 incorrect for long domain names).
mbstring:
Mcrypt:
Fixed bug #72782 (Heap Overflow due to integer overflows).
Opcache:
Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
PCRE:
Fixed bug #72688 (preg_match missing group names in matches).
PDO_pgsql:
Fixed bug #70313 (PDO statement fails to throw exception).
Reflection:
Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
SimpleXML:
Fixed bug #72588 (Using global var doesn't work while accessing SimpleXML element).
SNMP:
Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory allocation).
SPL:
SQLite3:
Standard:
Streams:
XMLRPC:
Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing array elements).
Wddx:
Zip:
Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd).
Version 7.0.9
Core:
bz2:
Fixed bug #72613 (Inadequate error handling in bzread()). (CVE-2016-5399)
CLI:
Fixed bug #72484 (SCRIPT_FILENAME shows wrong path if the user specify router.php).
COM:
Fixed bug #72498 (variant_date_from_timestamp null dereference).
Curl:
Fixed bug #72541 (size_t overflow lead to heap corruption).
Date:
Fixed bug #66836 (DateTime::createFromFormat 'U' with pre 1970 dates fails parsing).
Exif:
Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE). (CVE-2016-6291)
Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment). (CVE-2016-6292)
GD:
Intl:
Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (CVE-2016-6294)
Mbstring:
Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access).
Fixed bug #72399 (Use-After-Free in MBString (search_re)).
mcrypt:
Fixed bug #72551, bug #72552 (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic).
PDO_pgsql:
Fixed bug #72570 (Segmentation fault when binding parameters on a query without placeholders).
PCRE:
Fixed bug #72476 (Memleak in jit_stack).
Fixed bug #72463 (mail fails with invalid argument).
Readline:
Fixed bug #72538 (readline_redisplay crashes php).
Standard:
Fixed bug #72505 (readfile() mangles files larger than 2G).
Fixed bug #72306 (Heap overflow through proc_open and $env parameter).
Session:
Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow).
Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session Deserialization).
SNMP:
Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()). (CVE-2016-6295)
Streams:
Fixed bug #72439 (Stream socket with remote address leads to a segmentation fault).
XMLRPC:
Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c). (CVE-2016-6296)
Zip:
Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener). (CVE-2016-6297)
Version 7.0.8
Core:
Date:
Fixed bug #63740 (strtotime seems to use both sunday and monday as start of week).
FPM:
Fixed bug #72308 (fastcgi_finish_request and logging environment variables).
GD:
Intl:
Fixed bug #70484 (selectordinal doesn't work with named parameters).
mbstring:
Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (CVE-2016-5768)
mcrypt:
Fixed bug #72455 (Heap Overflow due to integer overflows). (CVE-2016-5769)
OpenSSL:
Fixed bug #72140 (segfault after calling ERR_free_strings()).
PCRE:
Fixed bug #72143 (preg_replace uses int instead of size_t).
PDO_pgsql:
Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound).
Fixed bug #72294 (Segmentation fault/invalid pointer in connection with pgsql_stmt_dtor).
Phar:
Fixed bug #72321 (invalid free in phar_extract_file()). (CVE-2016-4473)
Phpdbg:
Fixed bug #72284 (phpdbg fatal errors with coverage).
Postgres:
Fixed bug #72195 (pg_pconnect/pg_connect cause use-after-free).
Fixed bug #72197 (pg_lo_create arbitrary read).
Standard:
WDDX:
Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (CVE-2016-5772)
XML:
Fixed bug #72206 (xml_parser_create/xml_parser_free leaks mem).
XMLRPC:
Fixed bug #72155 (use-after-free caused by get_zval_xmlrpc_type).
Zip:
Fixed bug #72258 (ZipArchive converts filenames to unrecoverable form).
Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (CVE-2016-5773)
Version 7.0.7
Core:
Curl:
Fixed bug #68658 (Define CURLE_SSL_CACERT_BADFILE).
DBA:
Fixed bug #72157 (use-after-free caused by dba_open).
GD:
Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456)
Intl:
Fixed bug #64524 (Add intl.use_exceptions to php.ini-*).
Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (CVE-2016-5093)
JSON:
Fixed bug #72069 (Behavior \JsonSerializable different from json_encode).
Mbstring:
Fixed bug #72164 (Null Pointer Dereference - mb_ereg_replace).
OCI8:
Fixed bug #71600 (oci_fetch_all segfaults when selecting more than eight columns).
Opcache:
Fixed bug #72014 (Including a file with anonymous classes multiple times leads to fatal error).
OpenSSL:
Fixed bug #72165 (Null pointer dereference - openssl_csr_new).
PCNTL:
Fixed bug #72154 (pcntl_wait/pcntl_waitpid array internal structure overwrite).
POSIX:
Fixed bug #72133 (php_posix_group_to_array crashes if gr_passwd is NULL).
Postgres:
Reflection:
Fixed bug #72174 (ReflectionProperty#getValue() causes __isset call).
Session:
Fixed bug #71972 (Cyclic references causing session_start(): Failed to decode session object).
Sockets:
Added socket_export_stream() function for getting a stream compatible resource from a socket resource.
SPL:
Fixed bug #72051 (The reference in CallbackFilterIterator doesn't work as expected).
SQLite3:
Fixed bug #68849 (bindValue is not using the right data type).
Standard:
Fixed bug #72075 (Referencing socket resources breaks stream_select).
Fixed bug #72031 (array_column() against an array of objects discards all values matching null).
Version 7.0.6
Core:
BCmath:
Fixed bug #72093 (bcpowmod accepts negative scale and corrupts _one_ definition). (CVE-2016-4537, CVE-2016-4538)
Curl:
Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string).
Date:
Fixed bug #71889 (DateInterval::format Segmentation fault).
EXIF:
Fixed bug #72094 (Out of bounds heap read access in exif header processing). (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)
GD:
Fixed bug #71912 (libgd: signedness vulnerability). (CVE-2016-3074)
Intl:
ODBC:
Fixed bug #63171 (Script hangs after max_execution_time).
Opcache:
Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).
PDO:
Fixed bug #52098 (Own PDOStatement implementation ignore __call()).
Fixed bug #71447 (Quotes inside comments not properly handled).
PDO_DBlib:
Fixed bug #71943 (dblib_handle_quoter needs to allocate an extra byte).
Add DBLIB-specific attributes for controlling timeouts.
PDO_pgsql:
Fixed bug #62498 (pdo_pgsql inefficient when getColumnMeta() is used).
Postgres:
Fixed bug #71820 (pg_fetch_object binds parameters before call constructor).
Fixed bug #71998 (Function pg_insert does not insert when column type = inet).
SOAP:
Fixed bug #71986 (Nested foreach assign-by-reference creates broken variables).
SPL:
Standard:
XML:
Fixed bug #72099 (xml_parse_into_struct segmentation fault). (CVE-2016-4539)
Zip:
Fixed bug #71923 (integer overflow in ZipArchive::getFrom*). (CVE-2016-3078)
Version 7.0.5
Core:
CLI Server:
Fixed bug #69953 (Support MKCALENDAR request method).
Curl:
Fixed bug #71694 (Support constant CURLM_ADDED_ALREADY).
Date:
Fixed bug #71635 (DatePeriod::getEndDate segfault).
Fileinfo:
Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic file). (CVE-2015-8865)
libxml:
Fixed bug #71536 (Access Violation crashes php-cgi.exe).
mbstring:
Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in mbfl_strcut). (CVE-2016-4073)
ODBC:
Fixed bug #47803, #69526 (Executing prepared statements is succesfull only for the first two statements).
PCRE:
Fixed bug #71659 (segmentation fault in pcre running twig tests).
PDO_DBlib:
Fixed bug #54648 (PDO::MSSQL forces format of datetime fields).
Phar:
phpdbg:
Fixed crash when advancing (except step) inside an internal function.
Session:
Fixed bug #71683 (Null pointer dereference in zend_hash_str_find_bucket).
SNMP:
Fixed bug #71704 (php_snmp_error() Format String Vulnerability). (CVE-2016-4071)
SPL:
Fixed bug #71617 (private properties lost when unserializing ArrayObject).
Standard:
Fixed bug #71660 (array_column behaves incorrectly after foreach by reference).
Fixed bug #71798 (Integer Overflow in php_raw_url_encode). (CVE-2016-4070)
Zip:
Update bundled libzip to 1.1.2.
Version 7.0.4
Core:
CLI server:
Fixed bug #71559 (Built-in HTTP server, we can download file in web by bug).
CURL:
Fixed bug #71523 (Copied handle with new option CURLOPT_HTTPHEADER crashes while curl_multi_exec).
Fixed memory leak in curl_getinfo().
Date:
Fixed bug #71525 (Calls to date_modify will mutate timelib_rel_time, causing date_date_set issues).
Fileinfo:
Fixed bug #71434 (finfo throws notice for specific python file).
FPM:
Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi setup).
Fixed bug #71269 (php-fpm dumped core).
Opcache:
Fixed bug #71584 (Possible use-after-free of ZCG(cwd) in Zend Opcache).
PCRE:
Fixed bug #71537 (PCRE segfault from Opcache).
phpdbg:
Fixed inherited functions from unspecified files being included in phpdbg_get_executable().
SOAP:
Fixed bug #71610 (Type Confusion Vulnerability - SOAP / make_http_soap_request()). (CVE-2016-3185)
Standard:
Fixed bug #71603 (compact() maintains references in php7).
Fixed bug #70720 (strip_tags improper php code parsing).
XMLRPC:
Fixed bug #71501 (xmlrpc_encode_request ignores encoding option).
Zip:
Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo).
Version 7.0.3
Core:
Apache2handler:
Fix >2G Content-Length headers in apache2handler.
CURL:
Fixed bug #71227 (Can't compile php_curl statically).
Fixed bug #71225 (curl_setopt() fails to set CURLOPT_POSTFIELDS with reference to CURLFile).
GD:
Improved fix for bug #70976.
Interbase:
Fixed bug #71305 (Crash when optional resource is omitted).
LDAP:
Fixed bug #71249 (ldap_mod_replace/ldap_mod_add store value as string "Array").
mbstring:
Fixed bug #71397 (mb_send_mail segmentation fault).
OpenSSL:
Fixed bug #71475 (openssl_seal() uninitialized memory usage).
PCRE:
Upgraded bundled PCRE library to 8.38. (CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)
Phar:
SOAP:
Fixed bug #70979 (crash with bad soap request).
SPL:
Standard:
WDDX:
Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization).
Version 7.0.2
Core:
CURL:
Fixed bug #71144 (Sementation fault when using cURL with ZTS).
DBA:
Fixed key leak with invalid resource.
Filter:
Fixed bug #71063 (filter_input(INPUT_ENV, ..) does not work).
FTP:
Implemented FR #55651 (Option to ignore the returned FTP PASV address).
FPM:
Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (CVE-2016-5114)
GD:
Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds). (CVE-2016-1903)
Mbstring:
Fixed bug #71066 (mb_send_mail: Program terminated with signal SIGSEGV, Segmentation fault).
Opcache:
Fixed bug #71127 (Define in auto_prepend_file is overwrite).
PCRE:
Fixed bug #71178 (preg_replace with arrays creates [0] in replace array if not already set).
Readline:
Fixed bug #71094 (readline_completion_function corrupts static array on second TAB).
Session:
Fixed bug #71122 (Session GC may not remove obsolete session data).
SPL:
Fixed bug #71077 (ReflectionMethod for ArrayObject constructor returns wrong number of parameters).
Fixed bug #71153 (Performance Degradation in ArrayIterator with large arrays).
Standard:
Fixed bug #71270 (Heap BufferOver Flow in escapeshell functions). (CVE-2016-1904)
WDDX:
Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion Vulnerability).
XMLRPC:
Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker).
Version 7.0.1
Core:
CLI server:
Fixed bug #71005 (Segfault in php_cli_server_dispatch_router()).
Intl:
Fixed bug #71020 (Use after free in Collator::sortWithSortKeys). (CVE-2015-8616)
Mysqlnd:
Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
Fixed bug #68344 (MySQLi does not provide way to disable peer certificate validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT connection flag.
OCI8:
Fixed LOB implementation size_t/zend_long mismatch reported by gcov.
Opcache:
PDO_Firebird:
Fixed bug #60052 (Integer returned as a 64bit integer on X64_86).
Phpdbg:
Fixed stderr being written to stdout.
Reflection:
Fixed bug #71018 (ReflectionProperty::setValue() behavior changed).
Fixed bug #70982 (setStaticPropertyValue behaviors inconsistently with 5.6).
Soap:
Fixed bug #70993 (Array key references break argument processing).
SPL:
Fixed bug #71028 (Undefined index with ArrayIterator).
SQLite3:
Fixed bug #71049 (SQLite3Stmt::execute() releases bound parameter instead of internal buffer).
Standard:
Fixed bug #70999 (php_random_bytes: called object is not a function).
Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number of parameters).
Streams/Socket:
Add IPV6_V6ONLY constant / make it usable in stream contexts.
Version 7.0.0
Core:
CLI server:
COM:
Fixed bug #69939 (Casting object to bool returns false).
Curl:
Date:
DBA:
Fixed bug #62490 (dba_delete returns true on missing item (inifile)).
Fixed bug #68711 (useless comparisons).
DOM:
EXIF:
Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
Fileinfo:
Fixed bug #66242 (libmagic: don't assume char is signed).
Filter:
New FILTER_VALIDATE_DOMAIN and better RFC conformance for FILTER_VALIDATE_URL.
Fixed bug #67167 (Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE).
FPM:
FTP:
Fixed bug #69082 (FTPS support on Windows).
GD:
GMP:
Fixed bug #70284 (Use after free vulnerability in unserialize() with GMP).
hash:
Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
IMAP:
Fixed bug #70158 (Building with static imap fails).
Fixed bug #69998 (curl multi leaking memory).
Intl:
JSON:
LDAP:
Fixed bug #47222 (Implement LDAP_OPT_DIAGNOSTIC_MESSAGE).
LiteSpeed:
Updated LiteSpeed SAPI code from V5.5 to V6.6.
libxml:
Fixed handling of big lines in error messages with libxml >= 2.9.0.
Mcrypt:
Mysqli:
Fixed bug #32490 (constructor of mysqli has wrong name).
Mysqlnd:
OCI8:
ODBC:
Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns. (CVE-2015-8879)
Opcache:
OpenSSL:
Pcntl:
PCRE:
PDO:
PDO_DBlib:
Fixed bug #69757 (Segmentation fault on nextRowset).
PDO_mysql:
Fixed bug #68424 (Add new PDO mysql connection attr to control multi statements option).
PDO_OCI:
Fixed bug #70308 (PDO::ATTR_PREFETCH is ignored).
PDO_pgsql:
Fixed bug #69752 (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u).
Removed PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT attribute in favor of ATTR_EMULATE_PREPARES).
Phar:
Phpdbg:
Reflection:
Session:
SOAP:
SPL:
SQLite3:
Standard:
Streams:
Tokenizer:
Fixed bug #69430 (token_get_all has new irrecoverable errors).
XMLReader:
Fixed bug #70309 (XmlReader read generates extra output).
XMLRPC:
Fixed bug #70526 (xmlrpc_set_type returns false on success).
XSL:
Zlib:
Added deflate_init(), deflate_add(), inflate_init(), inflate_add() functions allowing incremental/streaming compression/decompression.
Zip:
