php-8.4.10
- BcMath:
. Fixed bug GH-18641 (Accessing a BcMath\Number property by ref crashes).
(nielsdos)
- Core:
. Fixed bugs GH-17711 and GH-18022 (Infinite recursion on deprecated attribute
evaluation) and GH-18464 (Recursion protection for deprecation constants not
released on bailout). (DanielEScherzer and ilutov)
. Fixed GH-18695 (zend_ast_export() - float number is not preserved).
(Oleg Efimov)
. Fix handling of references in zval_try_get_long(). (nielsdos)
. Do not delete main chunk in zend_gc. (danog, Arnaud)
. Fix compile issues with zend_alloc and some non-default options. (nielsdos)
- Curl:
. Fix memory leak when setting a list via curl_setopt fails. (nielsdos)
- Date:
. Fix leaks with multiple calls to DatePeriod iterator current(). (nielsdos)
- DOM:
. Fixed bug GH-18744 (classList works not correctly if copy HTMLElement by
clone keyword). (nielsdos)
- FPM:
. Fixed GH-18662 (fpm_get_status segfault). (txuna)
- Hash:
. Fixed bug GH-14551 (PGO build fails with xxhash). (nielsdos)
- Intl:
. Fix memory leak in intl_datetime_decompose() on failure. (nielsdos)
. Fix memory leak in locale lookup on failure. (nielsdos)
- Opcache:
. Fixed bug GH-18743 (Incompatibility in Inline TLS Assembly on Alpine 3.22).
(nielsdos, Arnaud)
- ODBC:
. Fix memory leak on php_odbc_fetch_hash() failure. (nielsdos)
- OpenSSL:
. Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure.
(nielsdos)
. Fixed bug #74796 (Requests through http proxy set peer name).
(Jakub Zelenka)
- PGSQL:
. Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during
escaping). (CVE-2025-1735) (Jakub Zelenka)
- PDO ODBC:
. Fix memory leak if WideCharToMultiByte() fails. (nielsdos)
- PDO Sqlite:
. Fixed memory leak with Pdo_Sqlite::createCollation when the callback
has an incorrect return type. (David Carlier)
- Phar:
. Add missing filter cleanups on phar failure. (nielsdos)
. Fixed bug GH-18642 (Signed integer overflow in ext/phar fseek). (nielsdos)
- PHPDBG:
. Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0. (nielsdos)
- PGSQL:
. Fix warning not being emitted when failure to cancel a query with
pg_cancel_query(). (Girgias)
- Random:
. Fix reference type confusion and leak in user random engine.
(nielsdos, timwolla)
- Readline:
. Fix memory leak when calloc() fails in php_readline_completion_cb().
(nielsdos)
- SimpleXML:
. Fixed bug GH-18597 (Heap-buffer-overflow in zend_alloc.c when assigning
string with UTF-8 bytes). (nielsdos)
- SOAP:
. Fix memory leaks in php_http.c when call_user_function() fails. (nielsdos)
. Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension
via Large XML Namespace Prefix). (CVE-2025-6491) (Lekssays, nielsdos)
- Standard:
. Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames).
(CVE-2025-1220) (Jakub Zelenka)
- Tidy:
. Fix memory leak in tidy output handler on error. (nielsdos)
. Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory. (David Carlier)
PHP 8.4.10 has been officially released, featuring a range of bug fixes and enhancements. The updates encompass improvements for BcMath, Core, Date, DOM, FPM, Hash, Intl, Opcache, ODBC, OpenSSL, PGSQL, PDO ODBC, PDO Sqlite, Phar, PHPDBG, PGSQL, Random, Readline, SimpleXML, SOAP, and Tidy. The updates resolve concerns including infinite recursion, implement recursion protection for deprecated constants, manage references effectively, and tackle memory leaks. The release also resolves issues in zend_alloc and certain non-default options while addressing memory leaks in various functions. The release also resolves issues with X509_STORE in php_openssl_setup_verify() and requests via HTTP proxy settings. The release additionally resolves memory leaks in php_readline_completion_cb(), simplexml, and SOAP.
