PHP 8.5.6 RC2 Drops Memory Leaks and Segfaults Before Final Release
The second release candidate for PHP 8.5.6 is out now, and it quietly patches enough memory leaks and segmentation faults to make production servers breathe easier. This update targets the exact crash patterns that have been tripping up developers who run heavy workloads with Opcache enabled or rely on Phar archives for deployment. Getting hands on this build before the final drop saves a lot of late night debugging when scripts suddenly refuse to cooperate.
PHP 8.5.6 Core Stability and Opcache Fixes That Actually Matter
The changelog reads like a laundry list of assertion failures, but the real story here is how the engine handles memory during complex operations. Several core patches address garbage collection crashes when fibers and generators interact with destructors, which has been a known pain point for async heavy applications. The Opcache section gets the most attention because JIT compilation bugs have historically turned performance gains into system reboots. Developers running conditional optimizations or smart branch predictions will notice fewer random crashes when tracing complex loops. These fixes prevent the engine from throwing up its hands when it encounters edge cases in compiled bytecode, and they matter most for anyone who has watched a high traffic site grind to a halt after an opcode cache warmup cycle.
Phar Archives and Network Calls Stop Breaking Under Pressure
Phar handling has always been a minefield for deployment scripts that bundle entire applications into single files. This release restores the symlink handler during shutdown and fixes a null pointer crash when SCRIPT_NAME disappears from the environment. That specific missing variable issue shows up more often than people admit in shared hosting or custom SAPI setups where web server variables get stripped out during background processing. Network calls also get better treatment with a fix for file_get_contents segfaults when using HTTPS through a proxy. Anyone who has watched a cron job silently fail because of a broken stream wrapper will appreciate this patch, since it stops the engine from dereferencing invalid pointers when environment data goes missing.
Security Patches and Memory Leak Cleanup
The URI module finally addresses CVE-2026-42371, which involves numeric truncation in text range comparisons before version 1.0.1 of uriparser. While this sounds like a library detail, it directly impacts how PHP validates URLs during routing or form processing, and leaving it unpatched opens the door to unexpected parsing behavior. Memory leaks get cleaned up across OpenSSL, Iconv, and Session handling, which matters most for long running workers that never restart. The Random module also blocks all-zero states in the Xoshiro256StarStar engine, preventing predictable seed values from slipping through automated testing pipelines. These are the kind of fixes that keep background processes from slowly choking on their own allocated memory over time.
Release php-8.5.6RC2 · php/php-src
Tag for php-8.5.6RC2
Testing this build before it hits stable gives teams a chance to catch any lingering quirks without waiting for the next major version cycle. The PHP core team keeps chipping away at the crash patterns that make deployment feel like Russian roulette, and this release candidate shows exactly where those weak spots used to be. Keep an eye on the official repository when the final build drops, and run your test suites through a few different server configurations before pushing anything live.
