PHP 8.4.13
A new version of the popular general-purpose scripting language PHP, specifically designed for web development, has been announced by Calvin Buckley. This update, denoted as PHP 8.4.13, boasts significant improvements to its core functionality and overall performance.
At the heart of this release lies a series of critical bug fixes that address key issues affecting various aspects of the language. One notable fix deals with the repeated inclusion of files containing __halt_compiler(), which can trigger "Constant already defined" warnings. Additionally, the scanning of string literals greater than 2GB has been resolved to avoid signed int overflow errors.
In terms of memory management and garbage collection, several enhancements have also been implemented. These updates include improvements in the way Zend weak references are handled, preventing potential UAF (Use-After-Free) vulnerabilities in specific scenarios.
Furthermore, PHP 8.4.13 includes a range of fixes for various extensions, including CLI, Date, DBA, DOM, FPM, Intl, OpenSSL, PGSQL, Phar, Standard, Streams, and Zip. Some notable examples include improved error messages when listening to IPv6 addresses, enhanced support for partial-hour UTC offsets in date_sunrise() and date_sunset(), and fixes for potential memory leaks in various scenarios.
The release also touches on several security vulnerabilities, including UAF issues caused by improper handling of Phar decompression with invalid extensions. As such, PHP 8.4.13 represents a crucial update that will help to maintain the reliability and integrity of web applications built using this versatile scripting language.
php-8.4.13
Tag for php-8.4.13
