The fourth release candidate for PHP 8.5.0 has been made available for testing, addressing various bugs and improvements across multiple components. Key updates include fixes for critical issues related to core functionality, OPCache, PCRE, PgSql, Reflection, Standard Library, Streams, URI, and Zip extensions. These enhancements aim to improve the overall stability and security of PHP 8.5.0, with specific changes targeting heap overflows, image misidentification, and incorrect behavior in certain scenarios. The release candidate is now available for testing and feedback before its official release as PHP 8.5.0.

PHP 8.5.0 Release Candidate 4 released

The fourth release candidate for PHP 8.5.0 has been made available for testing, bringing various improvements to the language.

In terms of core functionality, several bugs have been addressed. A critical issue related to broken parent hook calls with named arguments has been fixed. Additionally, a stale pointer problem has been resolved through evaluation. Furthermore, null offset deprecation warnings are now correctly emitted for write operations. Furthermore, final promoted properties without explicit visibility are automatically assigned.

Improvements have also been made to the OPCache component, including the fixing of a bug that could potentially cause a heap buffer overflow in the just-in-time compiler. Although a known issue related to reusing file caches across different environments still persists, it has been partially addressed.

Regarding PCRE, PHP has been downgraded back to version 10.44 due to an earlier issue.

The PgSql extension has also seen enhancements, with fixes for segfaults that occurred when attempting to fetch rows into non-instantiable class names.

In the area of Reflection, a bug has been fixed that caused incorrect results from ReflectionClass::isIterable() for classes with property hooks. This improvement ensures accurate behavior in scenarios where iterable checks are necessary.

The Standard Library has also seen updates, including the fixing of bugs related to heap overflows and image misidentification. Specifically, mail() heap overflow vulnerabilities have been addressed when sending messages with empty content in line feed mode. Moreover, AVIF images were previously mistakenly identified as HEIF after introducing support for the latter format in getimagesize(), but this issue has now been resolved.

Streams also saw improvement, including fixes to socket stream modules that resulted from incorrect conditions on Win32 and Win64 systems.

The URI library has undergone updates, with changes to its behavior concerning username and password components. Specifically, it will now follow the rules outlined by the WHATWG URL Standard when deciding whether these values should be returned as null or an empty string. Additionally, the distinction between missing and empty username/password components in Uri\Rfc3986\Uri objects has been addressed.

Finally, fixes have been applied to the Zip extension, particularly regarding the caching of Zend release fcall info on methods such as registerProgressCallback() and registerCancelCallback().

Release php-8.5.0RC4 · php/php-src

Tag for php-8.5.0RC4

Release php-8.5.0RC4 · php/php-src