PHP 8.3.28 released
PHP 8.3.28 has been released, bringing a host of important bug fixes to the table. One of the most significant areas of improvement lies in PHP's core functionality.
The core team has tackled an array of niggles. If you were running PHP in CGI mode (which isn't super common these days, but still), they've fixed some bugs there, specifically those memory leak issues that popped up when auto_globals_jit was turned off completely (auto_globals_jit = 0). That's one thing sorted.
Also, the core team addressed a potential interpreter crash during shutdown if things weren't cleaned up properly with resources. This isn't headline news, but it helps keep everything stable at the end of the day.
Now, in the DOM module, which handles XML processing, the developers have implemented improvements similar to those made in another area. You might have run into trouble trying to override __debugInfo() before, especially on certain classes; well, that's less likely now with this update. However, this is only a partial solution, so you should remain vigilant.
Exif support has gotten better too. There was a potential memory leak related to empty tags, but it appears to have been addressed. This kind of thing is easy to overlook but important for smooth operation.
On the server-side stuff, FPM (FastCGI Process Manager) got some patches as well. It fixed an issue that could lead to crashes (segfaults) during parallel work and also sorted out incorrect socket stream handling on Windows systems, which can really mess things up.
FTP functionality was improved too: a bug related to SSL causing write timeouts is now resolved. The old problem has been looked at again.
Looking at the GD library (used for image manipulation), there's a fix for when you try using an image filter with an invalid filter type. That previously caused issues; it should be smoother now.
Internationalization, or i18n, bugs have also been cleaned up. This includes memory leaks in locale handling related to filters (locale_filter_matches()) and ensuring certain XML schema definitions (or RELAXNG calls) aren't run from multiple threads at the same time without proper safety checks, which can be a minefield otherwise.
For database interaction: MySQLnd fixes are included, helping with SSL certificate verification problems. There's also an update for column metadata issues you might encounter.
PHP's built-in Opacache (formerly Xdebug Opcache) saw some action too. They fixed uninitialized variables in preload loading (preload_load()) and addressed Just-In-Time compilation glitches specifically on Apple's macOS Ventura systems (macOS 15).
PgSQL, the database extension for PostgreSQL, had a fix for memory leaks when string conversion fails unexpectedly during startup or initial connection handling, something that might not even be obvious until it bites you.
Phar files, those self-contained archive-based applications, have seen significant attention. Lots of bugs were fixed related to their internal workings: things like memory leaks in the webphar subsystem, fixes for setAlias() functionality, better error handling during zip file parsing (phar_parse_zipfile), preventing resource leaks from failed opening operations (central fp), and addressing potential buffer truncation issues due to type mishandling when building directories (buildFromDirectory). This upgrade is a big win for developers using Phar.
The core random library also had an issue with its __serialize() method, specifically how it handled some types (INDIRECTs), which was patched up. Serialization bugs can be tricky.
SimpleXML users should see similar benefits to DOM: fixes are in place for cases where your classes might have issues overriding __debugInfo(). It’s essentially the same problem area, just applied differently.
Standard PHP functions aren't forgotten either. There was a specific issue with handling shared memory (shm) during unserialization (when using unserialize()), particularly when options were involved, that seems resolved now to prevent data corruption.
Stream-related problems got attention too: incorrect socket stream behavior on Windows is fixed, which should help consistency across platforms for network/file I/O. Finally, the Tidy library (which cleans up HTML) had fixes for potential crashes (segfaults) from use-after-free errors and other issues smoothed out. And to wrap it all up neatly? Additionally, specific arginfo/zpp violations in XMLReader were addressed, ensuring that function arguments are correctly described to help avoid mistakes.
Release php-8.3.28 · php/php-src
Tag for php-8.3.28
