Jakub Zelenka has announced PHP 8.3.26, which includes numerous bug fixes across various components. The update resolves critical issues such as repeated file inclusion warnings, scanning large string literals, and memory leaks in Phar and other components. Additionally, the CLI has been improved to provide better error messages for listening errors with IPv6 addresses, while date functions now correctly handle partial-hour UTC offsets. 

PHP 8.3.26 released

Jakub Zelenka has announced the latest version of the PHP 8.3.x branch. As a popular general-purpose scripting language, PHP is uniquely suited for web development due to its speed, flexibility, and pragmatic nature.

The newest update boasts numerous bug fixes across various components. Core improvements include fixing important problems, like repeated file inclusion causing "Constant already defined" warnings and handling string literals that are larger than 2GB. Additionally, the garbage collector (GC) now correctly treats ZEND_WEAKREF_TAG_MAP references as WeakMap references.

Further core enhancements involve fixing stale array iterator pointers and zend_ssa_range_widening convergence issues. Another notable fix addresses a problem with PHP_EXPAND_PATH in Bash 5.3.0 environments. Moreover, assertion failures when accessing deprecated constants have been resolved.

The Command Line Interface (CLI) has also received attention, with an improved error message being implemented for listening errors with IPv6 addresses. Date functions such as date_sunrise() and date_sunset() now correctly handle partial-hour UTC offsets.

Other notable fixes include mitigating a libxml2 tree dictionary bug in the DOM component, addressing failed debug assertions when php_admin_value settings fail in FPM environments, and resolving an imagefilledellipse underflow on width argument issue in GD.

The Internationalization (Intl) component has also been updated to fix locale strings canonicalization for IntlDateFormatter and NumberFormatter. OpenSSL has received a fix for its success error message on TLS stream accept failure. PostgreSQL (PGSQL) connections have been patched to prevent potential use-after-free issues when using persistent connections.

Lastly, the Phar component has undergone several memory leak fixes, including verification of OpenSSL signatures, Phar tar temporary file error handling code, metadata leaks during conversion logic failures, and decompression with invalid extensions causing Use-After-Free vulnerabilities. These updates are expected to enhance overall performance and security for PHP developers and users worldwide.

php-8.3.26

Tag for php-8.3.26

Release php-8.3.26 · php/php-src