PHP 8.5.5 lands with urgent patches for memory safety flaws in the JIT compiler that previously caused incorrect arithmetic results or infinite loops. System administrators will want to apply this update immediately since several extensions including FFI and Phar contained resource leaks capable of crashing scripts over time. The release also addresses obscure platform-specific issues on AIX systems while improving how common image formats like AVIF get identified by standard functions.

PHP 8.5.5 fixes critical JIT crashes and memory leaks for better stability

PHP 8.5.5 includes urgent corrections for stability issues that have plagued recent builds since the initial rollout. System administrators should prioritize this update to prevent unexpected script failures during production cycles where downtime costs real money. This release targets specific vulnerabilities in the Opcache engine and various extensions like DOM and FFI that are often overlooked until errors occur.

PHP 8.5.5 JIT compiler gets major safety overhauls

The most critical updates land inside the Opcache module where previous versions suffered from arithmetic errors generated by the Just In Time compiler. Developers relying on performance optimizations might have noticed incorrect calculation results or infinite loops when handling undefined properties in polymorphic contexts. A use after free vulnerability within the JIT tracing mechanism has also been patched to stop potential crashes that could expose memory contents to attackers.

Memory leaks and parser issues affect common extensions

Reports indicate scripts running on AIX systems previously crashed after signal handler installation due to storage size limits being exceeded. Beyond the core engine, several utility modules received attention for resource management problems that accumulate over time during long-running processes. The FFI module now handles symbol resolution failures without leaking resources, while the DOM parser stops mangling XML space attributes during document creation. Users working with image processing will find improved identification for AVIF files through standard functions and better reporting of libJPEG support in system info pages.

Security and edge cases get cleaned up across the board

Various low-level issues involving signal handlers on AIX systems and undefined behavior within SNMP security settings have been resolved to ensure consistent operation across different platforms. The SOAP extension corrects a parsing bug regarding Set-Cookie attributes that could lead to malformed headers in certain requests. Finally, memory safety improvements cover the XSL processor and SPL heap structures to eliminate assertion failures when output buffers get mismanaged by scripts.

Release php-8.5.5

Tag for php-8.5.5

Release php-8.5.5 · php/php-src

It is always safer to run the latest code than to gamble on stability with older versions.