php-8.4.11
- Calendar:
. Fixed jewishtojd overflow on year argument. (David Carlier)
- Core:
. Fixed bug GH-18833 (Use after free with weakmaps dependent on destruction
order). (Daniil Gentili)
. Fixed bug GH-18907 (Leak when creating cycle in hook). (ilutov)
. Fix OSS-Fuzz #427814456. (nielsdos)
. Fix OSS-Fuzz #428983568 and #428760800. (nielsdos)
. Fixed bug GH-17204 (-Wuseless-escape warnings emitted by re2c). (Peter Kokot)
. Fixed bug GH-19064 (Undefined symbol 'execute_ex' on Windows ARM64).
(Demon)
- Curl:
. Fix memory leaks when returning refcounted value from curl callback.
(nielsdos)
. Remove incorrect string release. (nielsdos)
- DOM:
. Fixed bug GH-18979 (Dom\XMLDocument::createComment() triggers undefined
behavior with null byte). (nielsdos)
- LDAP:
. Fixed GH-18902 ldap_exop/ldap_exop_sync assert triggered on empty
request OID. (David Carlier)
- MbString:
. Fixed bug GH-18901 (integer overflow mb_split). (nielsdos)
- Opcache:
. Fixed bug GH-18639 (Internal class aliases can break preloading + JIT).
(nielsdos)
. Fixed bug GH-18899 (JIT function crash when emitting undefined variable
warning and opline is not set yet). (nielsdos)
. Fixed bug GH-14082 (Segmentation fault on unknown address 0x600000000018
in ext/opcache/jit/zend_jit.c). (nielsdos)
. Fixed bug GH-18898 (SEGV zend_jit_op_array_hot with property hooks
and preloading). (nielsdos)
- OpenSSL:
. Fixed bug #80770 (It is not possible to get client peer certificate with
stream_socket_server). (Jakub Zelenka)
- PCNTL:
. Fixed bug GH-18958 (Fatal error during shutdown after pcntl_rfork() or
pcntl_forkx() with zend-max-execution-timers). (Arnaud)
- Phar:
. Fix stream double free in phar. (nielsdos, dixyes)
. Fix phar crash and file corruption with SplFileObject. (nielsdos)
- SOAP:
. Fixed bug GH-18990, bug #81029, bug #47314 (SOAP HTTP socket not closing
on object destruction). (nielsdos)
. Fix memory leak when URL parsing fails in redirect. (Girgias)
- SPL:
. Fixed bug GH-19094 (Attaching class with no Iterator implementation to
MultipleIterator causes crash). (nielsdos)
- Standard:
. Fix misleading errors in printf(). (nielsdos)
. Fix RCN violations in array functions. (nielsdos)
. Fixed GH-18976 pack() overflow with h/H format and INT_MAX repeater value.
(David Carlier)
- Streams:
. Fixed GH-13264 (fgets() and stream_get_line() do not return false on filter
fatal error). (Jakub Zelenka)
- Zip:
. Fix leak when path is too long in ZipArchive::extractTo(). (nielsdos)
Calvin Buckley has announced the release of PHP 8.4.11, which addresses several bugs within the PHP codebase. The updates encompass resolutions for calendar, core, DOM, LDAP, MbString, Opcache, OpenSSL, PCNTL, Phar, SOAP, SPL, Standard, and Zip. The release encompasses resolutions for jewishtojd overflows, core bugs, weakmaps, OSS-Fuzz, re2c warnings, undefined symbols, and additional issues. The update additionally resolves concerns related to LDAP, MbString, Opcache, OpenSSL, PCNTL, Phar, SOAP, and SPL. The standard version incorporates corrections for misleading errors, RCN violations, pack() overflows, streams, and zip functionalities. The release also resolves issues related to fgets() and stream_get_line(), as well as the undefined symbol 'execute_ex' on Windows ARM64.
