PHP 8.4.15 has been released, focusing on bug fixes and enhancements rather than introducing new features. This update addresses a total of 18 issues across various components, including the core execution, DOM library, Exif module, FastCGI Process Manager (FPM), FTP functionality, GD library, Intl module, LibXML, MySQLnd library, Opcache, PostgreSQL integration via PgSQL, Phar module, and smaller tweaks to other libraries. These fixes cover areas such as memory leaks, segfaults, and potential UAF problems. The update improves the stability and reliability of PHP, making it a worthwhile upgrade for developers working with various components.

PHP 8.4.15 released

PHP has recently released version 8.4.15, focusing on bug fixes and enhancing existing features. While it doesn't bring massive new capabilities like its debut might suggest (this isn't marketing hype), getting into the details shows they're really paying attention to how things work down underneath.

At its most basic level, this update tackles eight significant issues that could mess with language execution itself. These touch upon several areas: CGI interactions needed some tightening up; there were problems related to handling resources generally and specifically during weak map operations or when mixing lazy object properties with foreach loops. Those kinks have been fixed now. Also on the list is an improvement to auto_globals_jit, which helps manage memory leaks.

Now, moving beyond just core execution, let's talk about specific libraries. The DOM part of things saw some partial fixes for a long-standing issue involving __debugInfo() overrides within classes that should make debugging more reliable in certain situations. There were also bugs patched up related to the getElementById() method and how it behaves after nodes get removed from a document.

For those dealing with image data, the Exif module is getting some well-deserved TLC. A potential memory leak scenario when encountering an empty tag has now been addressed.

If you depend on PHP's FastCGI Process Manager (FPM) to efficiently handle web requests, you can be confident that it has also received attention. GH-19974 specifically deals with a tricky segfault during status export in parallel settings; this is one of those fixes that ensures things run smoothly, preventing crashes under specific loads.

FTP functionality, part of PHP's networking toolkit, has some important stability patches too. Bug GH-20240 fixed an odd connection timeout issue even when writes were happening securely over SSL.

The GD library for image manipulation saw action in its imagefilter function to prevent certain return type snafus when given invalid filters; making sure your image processing tasks actually work as expected is a key win here.

Performance and reliability buffs are coming via the Intl module's update. Addressing a memory leak issue in locale_filter_matches() should leave everyone feeling lighter, especially with its impact on overall system performance.

Multi-threaded environments need extra scrutiny; thankfully, LibXML got some fixes for thread safety concerns tied to schema and RELAX NG calls. It can now be used more confidently where multiple threads are active.

Connecting PHP to MySQL relies heavily on the MySQLnd library, and this update improves it considerably. Fixes include SSL certificate verification hiccups related to port doubling as well as smoother getColumnMeta() interactions with JSON columns in your databases; these subtle bugs were causing headaches for sure.

Opcache, responsible for managing JIT compilation and caching, has also undergone significant improvements. Expect fixes for heap buffer overflows, some annoying macOS 15 JIT quirks, and memory leaks during preload loading to make things faster and less prone to crashes down at runtime.

PostgreSQL integration via PgSQL saw action as well: memory leak problems when string conversion went wrong have been plugged up, and segfaults linked to row fetching with non-standard class names are now avoided, resulting in more stable connections for PHP-Postgres teams.

The Phar module manages archive files such as zip packages either directly in the browser or on the server-side. This update delivers a comprehensive set of fixes addressing various memory leaks (in web handling, alias management, and file descriptor issues) and potential UAF problems during creation operations, basically making Phar stuff safer and more reliable for builds and deployments.

Finally, let's touch on some smaller tweaks: The ReflectionClass::isIterable() method now correctly handles classes with property hooks. SimpleXML saw partial fixes ensuring its own __debugInfo() overrides function right; a bug fix within Streams code ensures platform-specific conditionals work properly across Windows variants; Tidy received attention for better error category detection and another memory leak fix when setting the error buffer fails, and XMLReader got patched up to handle situations where certain configuration flags aren't available, preventing potential arginfo/zpp violations.

Release php-8.4.15 · php/php-src

Tag for php-8.4.15

Release php-8.4.15 · php/php-src