Permalink
Cannot retrieve contributors at this time
Fetching contributors…
Cannot retrieve contributors at this time
| PHP NEWS | |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| | |
| ?? ??? 2014, PHP 5.6.0 Release Candidate 4 | |
| - Core: | |
| . Fixed bug #67693 (incorrect push to the empty array). (Tjerk) | |
| . Removed inconsistency regarding behaviour of array in constants at | |
| run-time. (Bob) | |
| - Fileinfo: | |
| . Fixed bug #67705 (extensive backtracking in rule regular expression). | |
| (CVE-2014-3538) (Remi) | |
| - Milter: | |
| . Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike) | |
| - SPL: | |
| . Revert fix for bug #67064 (BC issues). (Bob) | |
| 31 Jul 2014, PHP 5.6.0 Release Candidate 3 | |
| - Core: | |
| . Fixed bug #67497 (eval with parse error causes segmentation fault in | |
| generator). (Nikita) | |
| . Fixed bug #67151 (strtr with empty array crashes). (Nikita) | |
| . Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server | |
| 2012). (Christian Wenz) | |
| . Fixed bug #66608 (Incorrect behavior with nested "finally" blocks). | |
| (Laruence, Dmitry) | |
| . Implemented FR #34407 (ucwords and Title Case). (Tjerk) | |
| - COM: | |
| . Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas). | |
| - CLI server: | |
| . Fixed bug #66830 (Empty header causes PHP built-in web server to hang). | |
| (Adam) | |
| . Fixed bug #67594 (Unable to access to apache_request_headers() elements). | |
| (Tjerk) | |
| - FPM: | |
| . Fixed bug #67530 (error_log=syslog ignored). (Remi) | |
| . Fixed bug #67635 (php links to systemd libraries without using pkg-config). | |
| (pacho@gentoo.org, Remi) | |
| - Intl: | |
| . Fixed bug #66921 (Wrong argument type hint for function | |
| intltz_from_date_time_zone). (Stas) | |
| . Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting). | |
| (Stas) | |
| - pgsql: | |
| . Fixed bug #67555 (Cannot build against libpq 7.3). (Adam) | |
| - ODBC: | |
| . Fixed bug #60616 (odbc_fetch_into returns junk at end of multi-byte char | |
| fields). (Keyur Govande) | |
| - OpenSSL: | |
| . Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas). | |
| . Fixed bug #67609 (TLS connections fail behind HTTP proxy). (Daniel Lowrey) | |
| . Fixed broken build against OpenSSL older than 0.9.8 where ECDH unavailable. | |
| (Lior Kaplan) | |
| . Fixed bug #67666 (Subject altNames doesn't support wildcard matching). (Tjerk) | |
| - Phar: | |
| . Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske) | |
| - readline: | |
| . Fixed bug #55496 (Interactive mode doesn't force a newline before the | |
| prompt). (Bob, Johannes) | |
| . Fixed bug #67496 (Save command history when exiting interactive shell | |
| with control-c). (Dmitry Saprykin, Johannes) | |
| - Reflection: | |
| . Implemented FR #67713 (loosen the restrictions on | |
| ReflectionClass::newInstanceWithoutConstructor()). (Ferenc) | |
| - SPL: | |
| . Fixed bug #67539 (ArrayIterator use-after-free due to object change during | |
| sorting). (research at insighti dot org, Laruence) | |
| . Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence) | |
| - Session: | |
| . Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas). | |
| . Fixed bug #66827 (Session raises E_NOTICE when session name variable is array). | |
| (Yasuo) | |
| - OPCache: | |
| . Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault | |
| happen) (Dmitry, Laruence) | |
| - phpdbg | |
| . Fixed bug #67575 (Compilation fails for phpdbg when the | |
| build directory != src directory). (Andy Thompson) | |
| 03 Jul 2014, PHP 5.6.0 Release Candidate 2 | |
| - Core: | |
| . Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0). | |
| (Ferenc) | |
| . Fixed bug #67368 (Memory leak with immediately dereferenced array in class | |
| constant). (Laruence) | |
| . Fixed bug #67468 (Segfault in highlight_file()/highlight_string()). | |
| (Andreas Ferber) | |
| . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). | |
| (Stefan Esser) | |
| . Fixed bug #67551 (php://input temp file will be located in sys_temp_dir | |
| instead of upload_tmp_dir). (Mike) | |
| - FPM: | |
| . Fix bug #67531 (syslog cannot be set in pool configuration). (Remi) | |
| . Fix bug #67541 (Fix Apache 2.4.10+ SetHandler proxy:fcgi:// | |
| incompatibilities). (David Zuelke) | |
| - Intl: | |
| . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas) | |
| . Fixed bug #67397 (Buffer overflow in locale_get_display_name and | |
| uloc_getDisplayName (libicu 4.8.1)). (Stas) | |
| - pgsql: | |
| . Fix bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756), | |
| which affected builds against libpq < 7.3. (Adam) | |
| - phpdbg: | |
| . Fix Bug #67499 (readline feature not enabled when build with libedit). (Remi) | |
| . Fix issue krakjoe/phpdbg#94 (List behavior is inconsistent). (Bob) | |
| . Fix issue krakjoe/phpdbg#97 (The prompt should always ensure it is on a | |
| newline). (Bob) | |
| . Fix issue krakjoe/phpdbg#98 (break if does not seem to work). (Bob) | |
| . Fix issue krakjoe/phpdbg#99 (register function has the same behavior as | |
| run). (Bob) | |
| . Fix issue krakjoe/phpdbg#100 (No way to list the current stack/frames) | |
| (Help entry was missing). (Bob) | |
| - SPL: | |
| . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type | |
| Confusion) (CVE-2014-3515). (Stefan Esser) | |
| 19 Jun 2014, PHP 5.6.0 Release Candidate 1 | |
| - Core: | |
| . Implemented FR #64744 (Differentiate between member function call on a null | |
| and non-null, non-objects). (Boro Sitnikovski) | |
| . Fixed bug #67436 (Autoloader isn't called if two method definitions don't | |
| match). (Bob) | |
| . Fixed bug #66622 (Closures do not correctly capture the late bound class | |
| (static::) in some cases). (Levi Morrison) | |
| . Fixed bug #67390 (insecure temporary file use in the configure script). | |
| (Remi) (CVE-2014-3981) | |
| . Fixed bug #67392 (dtrace breaks argument unpack). (Nikita) | |
| . Fixed bug #67428 (header('Location: foo') will override a 308-399 response | |
| code). (Adam) | |
| . Fixed bug #67433 (SIGSEGV when using count() on an object implementing | |
| Countable). (Matteo) | |
| . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) | |
| - CLI server: | |
| . Implemented FR #67429 (CLI server is missing some new HTTP response codes). | |
| (Adam) | |
| . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi) | |
| - Fileinfo: | |
| . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal | |
| string size). (Francisco Alonso, Jan Kaluza, Remi) | |
| . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary | |
| check). (Francisco Alonso, Jan Kaluza, Remi) | |
| . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). | |
| (Francisco Alonso, Jan Kaluza, Remi) | |
| . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary | |
| check). (Francisco Alonso, Jan Kaluza, Remi) | |
| - mysqlnd: | |
| . Added support for gb18030 from MySQL 5.7. (Andrey) | |
| - Network: | |
| . Fixed bug #67432 (Fix potential segfault in dns_get_record()). | |
| (CVE-2014-4049). (Sara) | |
| - OpenSSL: | |
| . Fixed bug #65698 (certificates validity parsing does not work past 2050). | |
| (Paul Oehler) | |
| . Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME). | |
| (Paul Oehler) | |
| - phpdbg: | |
| . Fixed bug #67212 (phpdbg uses non-standard TIOCGWINSZ). (Ferenc) | |
| - SOAP: | |
| . Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski) | |
| - SPL: | |
| . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas) | |
| . Fixed request #67453 (Allow to unserialize empty data). (Remi) | |
| - Streams: | |
| . Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam) | |
| - Tokenizer: | |
| . Fixed bug #67395 (token_name() does not return name for T_POW and T_POW_EQUAL | |
| token). (Ferenc) | |
| 05 Jun 2014, PHP 5.6.0 Beta 4 | |
| - Core: | |
| . Fixed bug #67249 (printf out-of-bounds read). (Stas) | |
| - Date: | |
| . Fixed bug #67308 (Serialize of DateTime truncates fractions of second). | |
| (Adam) | |
| . Fixed regression in fix for bug #67118 (constructor can't be called twice). | |
| (Remi) | |
| - Fileinfo: | |
| . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS). | |
| . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in | |
| performance degradation). | |
| . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). | |
| . Fixed bug #67329 (fileinfo: NULL pointer deference flaw by processing certain | |
| CDF files). | |
| - SPL: | |
| . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence) | |
| - phpdbg: | |
| . Fixed bug which caused phpdbg to fail immediately on startup in non-debug | |
| builds. (Bob) | |
| 15 May 2014, PHP 5.6.0 Beta 3 | |
| - Core: | |
| . Fixed bug #67169 (array_splice all elements, then []= gives wrong index). | |
| (Nikita) | |
| . Fixed bug #67198 (php://input regression). (Mike) | |
| . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas) | |
| . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas) | |
| . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas) | |
| - Date: | |
| . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) | |
| . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) | |
| - GD: | |
| . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas) | |
| - OpenSSL: | |
| . Fixed bug #67224 (Fall back to crypto_type from context if not specified | |
| explicitly in stream_socket_enable_crypto). (Chris Wright) | |
| - PCRE: | |
| . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch | |
| from the upstream). (Anatol) | |
| - mbstring | |
| . Fixed bug #67199 (mb_regex_encoding mismatch). (Yasuo) | |
| 01 May 2014, PHP 5.6.0 Beta 2 | |
| - CLI server: | |
| . Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol) | |
| - COM: | |
| . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol) | |
| - Core: | |
| . Fixed bug #65701 (copy() doesn't work when destination filename is created | |
| by tempnam()). (Boro Sitnikovski) | |
| . Fixed bug #66015 (Unexpected array indexing in class's static property). (Bob) | |
| . Added (constant) string/array dereferencing to static scalar expressions | |
| to complete the set; now possible thanks to bug #66015 being fixed. (Bob) | |
| . Fixed bug #66568 (Update reflection information for unserialize() function). | |
| (Ferenc) | |
| . Fixed bug #66660 (Composer.phar install/update fails). (Ferenc) | |
| . Fixed bug #67024 (getimagesize should recognize BMP files with negative | |
| height). (Gabor Buella) | |
| . Fixed bug #67064 (Countable interface prevents using 2nd parameter | |
| ($mode) of count() function). (Bob) | |
| . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol) | |
| . Fixed bug #67033 (Remove reference to Windows 95). (Anatol) | |
| - cURL: | |
| . Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike) | |
| . Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent). | |
| (Freek Lijten) | |
| - Date: | |
| . Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is | |
| supplied). (Boro Sitnikovski) | |
| . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol) | |
| - DOM: | |
| . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, | |
| not only the subset). (Anatol) | |
| - Fileinfo: | |
| . Fixed bug #66907 (Solaris 10 is missing strcasestr and needs substitute). | |
| (Anatol) | |
| . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) | |
| - FPM: | |
| . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf). | |
| . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). | |
| (Julio Pintos) | |
| . Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure | |
| default configuration) (CVE-2014-0185). (Stas) | |
| - GMP: | |
| . Fixed crashes in serialize/unserialize. (Stas) | |
| - JSON: | |
| . Fixed bug #66021 (Blank line inside empty array/object when | |
| JSON_PRETTY_PRINT is set). (Kevin Israel) | |
| - LDAP: | |
| . Fixed issue with null bytes in LDAP bindings. (Matthew Daley) | |
| - litespeed | |
| . Fixed bug #63228 (-Werror=format-security error in lsapi code). | |
| (Elan Ruusamäe, George) | |
| - mysqli: | |
| . Fixed building against an external libmysqlclient. (Adam) | |
| - mysqlnd: | |
| . Added a new fetching mode to mysqlnd. (Andrey) | |
| - OpenSSL: | |
| . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma) | |
| . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma) | |
| . Fix bug #66840 (Fix broken build when extension built separately). | |
| (Daniel Lowrey) | |
| - phpdbg: | |
| . Added watchpoints (watch command). (Bob) | |
| . Renamed some commands (next => continue and how to step). (Joe) | |
| . Fixed issue #85 (https://github.com/krakjoe/phpdbg/issues/85) | |
| (Added stdin/stdout/stderr constants and their php:// wrappers). (Bob) | |
| - PDO: | |
| . Fixed bug #66604 ('pdo/php_pdo_error.h' not copied to the include dir). | |
| (Matteo) | |
| - PDO-ODBC: | |
| . Fixed bug #50444 (PDO-ODBC changes for 64-bit). | |
| - Phar: | |
| . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent | |
| in its name). (PR #588) | |
| - SQLite: | |
| . Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol) | |
| - Apache2 Handler SAPI: | |
| . Fixed Apache log issue caused by APR's lack of support for %zu | |
| (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120). | |
| (Jeff Trawick) | |
| 10 Apr 2014, PHP 5.6.0 Beta 1 | |
| - Core: | |
| . Allow zero length comparison in substr_compare() (Tjerk) | |
| . Fixed bug #60602 (proc_open() changes environment array) (Tjerk) | |
| . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike) | |
| . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace | |
| UNIX sockets). (Mike) | |
| . Fixed bug #66182 (exit in stream filter produces segfault). (Mike) | |
| . Fixed bug #66736 (fpassthru broken). (Mike) | |
| . Fixed bug #66822 (Cannot use T_POW in const expression) (Tjerk) | |
| . Fixed bug #67043 (substr_compare broke by previous change) (Tjerk) | |
| - SPL: | |
| . Added feature #65545 (SplFileObject::fread()) (Tjerk) | |
| . Fixed bug #66834 (empty() does not work on classes that extend ArrayObject) (Tjerk) | |
| . Fixed bug #66702 (RegexIterator::INVERT_MATCH does not invert). (Joshua | |
| Thijssen) | |
| - cURL: | |
| . Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour) | |
| (Tjerk) | |
| . Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive. | |
| (Adam) | |
| - Date: | |
| . Added DateTimeImmutable::createFromMutable to create a DateTimeImmutable | |
| object from an existing DateTime (mutable) object (Derick) | |
| - Embed: | |
| . Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol). | |
| - Fileinfo: | |
| . Fixed bug #66820 (out-of-bounds memory access in fileinfo) | |
| (CVE-2014-2270). (Remi) | |
| . Fixed bug #66946i (fileinfo: extensive backtracking in awk rule regular | |
| expression). (CVE-2013-7345) (Remi) | |
| . Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian). | |
| (Remi) | |
| - GD: | |
| . Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer | |
| CVE-2013-7327). (Tomas Hoger, Remi). | |
| . Fixed #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre) | |
| . Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi) | |
| . Fixed bug #66890 (imagescale segfault). (Remi) | |
| . Fixed bug #66893 (imagescale ignore method argument). (Remi) | |
| - GMP: | |
| . Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre) | |
| - Hash: | |
| . Fixed bug #66698 (Missing FNV1a32 and FNV1a64 hash functions). | |
| (Michael M Slusarz). | |
| . Implemented timing attack safe string comparison function | |
| (RFC: https://wiki.php.net/rfc/timing_attack). (Rouven Weßling) | |
| . hash_pbkdf2() now works correctly if the $length argument is not specified. | |
| (Nikita) | |
| - Intl: | |
| . Fixed bug #66873 (A reproductible crash in UConverter when given invalid | |
| encoding) (Stas) | |
| - Mail: | |
| . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk) | |
| - Mbstring: | |
| . Upgraded to oniguruma 5.9.5 (Anatol) | |
| - Mcrypt: | |
| . No longer allow invalid key sizes, invalid IV sizes or missing required IV | |
| in mcrypt_encrypt, mcrypt_decrypt and the deprecated mode functions. | |
| (Nikita) | |
| . Use /dev/urandom as the default source for mcrypt_create_iv(). (Nikita) | |
| - MySQLi: | |
| . Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed) | |
| (Remi) | |
| - OCI8 | |
| . Fixed Bug #66875 (Improve performance of multi-row OCI_RETURN_LOB queries) | |
| (Perrier, Chris Jones) | |
| - OpenSSL: | |
| . Fixed memory leak in windows cert verification on verify failure. | |
| (Chris Wright) | |
| . Peer certificate capturing via SSL context options now functions even if | |
| peer verification fails. (Daniel Lowrey) | |
| . Encrypted TLS servers now support the server name indication TLS extension | |
| via the new "SNI_server_certs" SSL context option. (Daniel Lowrey) | |
| . Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi) | |
| - PCRE: | |
| . Added support for (*MARK) backtracking verbs. (Nikita) | |
| - PDO_firebird: | |
| . Fixed Bug #66071 (memory corruption in error handling) (Popa) | |
| - PDO_pgsql: | |
| . Cleaned up code by increasing the requirements to libpq versions providing | |
| PQexecParams, PQprepare, PQescapeStringConn, PQescapeByteaConn. According | |
| to the release notes that means 8.0.8+ or 8.1.4+. (Matteo) | |
| . Deprecated PDO::PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT, an | |
| undocument constant effectively equivalent to PDO::ATTR_EMULATE_PREPARES. | |
| (Matteo) | |
| . Added PDO::PGSQL_ATTR_DISABLE_PREPARES constant to execute the queries | |
| without preparing them, while still passing parameters separately from | |
| the command text using PQexecParams. (Matteo) | |
| - Pgsql: | |
| . Read-only access to the socket stream underlying database connections is | |
| exposed via a new pg_socket() function to allow read/write polling when | |
| establishing asynchronous connections and executing queries in non-blocking | |
| applications. (Daniel Lowrey) | |
| . Asynchronous connections are now possible using the PGSQL_CONNECT_ASYNC | |
| flag in conjunction with a new pg_connect_poll() function and connection | |
| polling status constants. (Daniel Lowrey) | |
| . New pg_flush() and pg_consume_input() functions added to manually complete | |
| non-blocking reads/writes to underlying connection sockets. (Daniel Lowrey) | |
| - Session | |
| . Remove session_gc() and session_serializer_name() wich were introduced in the first 5.6.0 alpha. | |
| - SimpleXML: | |
| . Fixed bug #66084 (simplexml_load_string() mangles empty node name) | |
| (Anatol) | |
| - SQLite: | |
| . Updated the bundled libsqlite to the version 3.8.3.1 (Anatol) | |
| - XSL: | |
| . Fixed bug #53965 (<xsl:include> cannot find files with relative paths | |
| when loaded with "file://"). (Anatol) | |
| 27 Feb 2014, PHP 5.6.0 Alpha 3 | |
| - Core | |
| . Expose get_debug_info class hook as __debugInfo() magic method. (Sara) | |
| . Implemented unified default encoding | |
| (RFC: https://wiki.php.net/rfc/default_encoding). (Yasuo Ohgaki) | |
| - Curl | |
| . Check for openssl.cafile ini directive when loading CA certs. (Daniel Lowrey) | |
| . Remove cURL close policy related constants as these have no effect and are | |
| no longer used in libcurl. (Chris Wright) | |
| - Fileinfo | |
| . Upgraded to libmagic-5.17 (Anatol) | |
| . Fixed bug #66731 (file: infinite recursion). (CVE-2014-1943) (Remi) | |
| - FPM: | |
| . Added clear_env configuration directive to disable clearenv() call. | |
| (Github PR# 598, Paul Annesley) | |
| - GD: | |
| . Fixed imagettftext to load the correct character map rather than the last one. | |
| (Scott) | |
| . Fixed bug #66714 ( imageconvolution breakage). (Brad Daily) | |
| - JSON: | |
| . Fixed bug #65753 (JsonSerializeable couldn't implement on module extension) | |
| (chobieeee@php.net) | |
| - OPCache | |
| . Added function opcache_is_script_cached(). (Danack) | |
| . Added information about interned strings usage. (Terry, Julien, Dmitry) | |
| - OpenSSL | |
| . Fallback to Windows CA cert store for peer verification if no openssl.cafile | |
| ini directive or "cafile" SSL context option specified in Windows. | |
| (Chris Wright) | |
| . The openssl.cafile and openssl.capath ini directives introduced in alpha2 | |
| now have PHP_INI_PERDIR accessibility (was PHP_INI_ALL). (Daniel Lowrey) | |
| . New "peer_name" SSL context option replaces "CN_match" (which still works | |
| as before but triggers E_DEPRECATED). (Daniel Lowrey) | |
| . Fixed segfault when accessing non-existent context for client SNI use | |
| (Daniel Lowrey) | |
| . Fixed bug #66501 (Add EC key support to php_openssl_is_private_key). | |
| (Mark Zedwood) | |
| . Fixed Bug #47030 (add new boolean "verify_peer_name" SSL context option | |
| allowing clients to verify cert names separately from the cert itself). | |
| "verify_peer_name" is enabled by default for client streams. | |
| (Daniel Lowrey) | |
| . Fixed Bug #65538 ("cafile" SSL context option now supports stream | |
| wrappers). (Daniel Lowrey) | |
| . New openssl_get_cert_locations() function to aid CA file and peer | |
| verification debugging. (Daniel Lowrey) | |
| . Encrypted stream wrappers now disable TLS compression by default. | |
| (Daniel Lowrey) | |
| . New "capture_session_meta" SSL context option allows encrypted client and | |
| server streams access to negotiated protocol/cipher information. | |
| (Daniel Lowrey) | |
| . New "honor_cipher_order" SSL context option allows servers to prioritize | |
| cipher suites of their choosing when negotiating SSL/TLS handshakes. | |
| (Daniel Lowrey) | |
| . New "single_ecdh_use" and "single_dh_use" SSL context options allow for | |
| improved forward secrecy in encrypted stream servers. (Daniel Lowrey) | |
| . New "dh_param" SSL context option allows stream servers control over | |
| the parameters when negotiating DHE cipher suites. (Daniel Lowrey) | |
| . New "ecdh_curve" SSL context option allowing stream servers to specify | |
| the curve to use when negotiating ephemeral ECDHE ciphers (defaults to | |
| NIST P-256). (Daniel Lowrey) | |
| . New "rsa_key_size" SSL context option gives stream servers control | |
| over the key size (in bits) used for RSA key agreements. (Daniel Lowrey) | |
| . Crypto methods for encrypted client and server streams now use | |
| bitwise flags for fine-grained protocol support. (Daniel Lowrey) | |
| . Added new tlsv1.0 stream wrapper to specify TLSv1 client/server method. | |
| tls wrapper now negotiates TLSv1, TLSv1.1 or TLSv1.2. (Daniel Lowrey) | |
| . Encrypted client streams now enable SNI by default. (Daniel Lowrey) | |
| . Encrypted streams now prioritize ephemeral key agreement and high strength | |
| ciphers by default. (Daniel Lowrey) | |
| . New OPENSSL_DEFAULT_STREAM_CIPHERS constant exposes default cipher | |
| list. (Daniel Lowrey) | |
| . New STREAM_CRYPTO_METHOD_* constants for enhanced control over the crypto | |
| methods negotiated encrypted server/client sessions. (Daniel Lowrey) | |
| . Encrypted stream servers now automatically mitigate potential DoS vector | |
| arising from client-initiated TLS renegotiation. New "reneg_limit", | |
| "reneg_window" and "reneg_limit_callback" SSL context options for custom | |
| renegotiation limiting control. (Daniel Lowrey) | |
| - Pgsql: | |
| . pg_insert()/pg_select()/pg_update()/pg_delete() are no longer EXPERIMENTAL. | |
| (Yasuo) | |
| . Impremented FR #25854 Return value for pg_insert should be resource instead of bool. | |
| (Yasuo) | |
| . Implemented FR #41146 - Add "description" with exteneded flag pg_meta_data(). | |
| pg_meta_data(resource $conn, string $table [, bool extended]) | |
| It also made pg_meta_data() return "is enum" always. | |
| (Yasuo) | |
| 13 Feb 2014, PHP 5.6.0 Alpha 2 | |
| - Core: | |
| . Added T_POW (**) operator | |
| (RFC: https://wiki.php.net/rfc/pow-operator). (Tjerk Meesters) | |
| - mysqli | |
| . Added new function mysqli_get_links_stats() as well as new INI variable | |
| mysqli.rollback_on_cached_plink of type bool (Andrey) | |
| - PCRE: | |
| . Upgraded to PCRE 8.34. (Anatol) | |
| - ldap | |
| . Added new function ldap_modify_batch(). (Ondrej Hosek) | |
| - OpenSSL | |
| . Peer certificates now verified by default in client socket operations | |
| (RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey) | |
| . New openssl.cafile and openssl.capath ini directives. (Daniel Lowrey) | |
| 23 Jan 2014, PHP 5.6.0 Alpha 1 | |
| - CLI server: | |
| . Added some MIME types to the CLI web server. (Chris Jones) | |
| - Core: | |
| . Improved IS_VAR operands fetching. (Laruence, Dmitry) | |
| . Improved empty string handling. Now ZE uses an interned string instead of | |
| allocation new empty string each time. (Laruence, Dmitry) | |
| . Implemented internal operator overloading | |
| (RFC: https://wiki.php.net/rfc/operator_overloading_gmp). (Nikita) | |
| . Made calls from incompatible context issue an E_DEPRECATED warning instead | |
| of E_STRICT (phase 1 of RFC: https://wiki.php.net/rfc/incompat_ctx). | |
| (Gustavo) | |
| . Uploads equal or greater than 2GB in size are now accepted. | |
| (Ralf Lang, Mike) | |
| . Reduced POST data memory usage by 200-300%. Changed INI setting | |
| always_populate_raw_post_data to throw a deprecation warning when enabling | |
| and to accept -1 for never populating the $HTTP_RAW_POST_DATA global | |
| variable, which will be the default in future PHP versions. (Mike) | |
| . Implemented dedicated syntax for variadic functions | |
| (RFC: https://wiki.php.net/rfc/variadics). (Nikita) | |
| . Fixed bug #50333 Improving multi-threaded scalability by using | |
| emalloc/efree/estrdup (Anatol, Dmitry) | |
| . Implemented constant scalar expressions (with support for constants) | |
| (RFC: https://wiki.php.net/rfc/const_scalar_exprs). (Bob) | |
| . Fixed bug #65784 (Segfault with finally). (Laruence, Dmitry) | |
| . Fixed bug #66509 (copy() arginfo has changed starting from 5.4). (willfitch) | |
| - cURL: | |
| . Implemented FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir | |
| or safe_mode). (Adam) | |
| - FPM | |
| . Included apparmor support in fpm | |
| (RFC: https://wiki.php.net/rfc/fpm_change_hat). (Gernot Vormayr) | |
| - GMP: | |
| . Moved GMP to use object as the underlying structure and implemented various | |
| improvements based on this. | |
| (RFC: https://wiki.php.net/rfc/operator_overloading_gmp). (Nikita) | |
| . Added gmp_root() and gmp_rootrem() functions for calculating nth roots. | |
| (Nikita) | |
| - Hash: | |
| . Added gost-crypto (CryptoPro S-box) GOST hash algo. (Manuel Mausz) | |
| - JSON: | |
| . Fixed case part of bug #64874 ("json_decode handles whitespace and | |
| case-sensitivity incorrectly") | |
| - mysqlnd: | |
| . Disabled flag for SP OUT variables for 5.5+ servers as they are not natively | |
| supported by the overlying APIs. (Andrey) | |
| - OPcache: | |
| . Added an optimization of class constants and constant calls to some | |
| internal functions (Laruence, Dmitry) | |
| . Added an optimization pass to convert FCALL_BY_NAME into DO_FCALL. | |
| (Laruence, Dmitry) | |
| . Added an optimization pass to merged identical constants (and related | |
| cache_slots) in op_array->literals table. (Laruence, Dmitry) | |
| . Added script level constant replacement optimization pass. (Dmitry) | |
| - OpenSSL: | |
| . Added crypto_method option for the ssl stream context. (Martin Jansen) | |
| . Added certificate fingerprint support. (Tjerk Meesters) | |
| . Added explicit TLSv1.1 and TLSv1.2 stream transports. (Daniel Lowrey) | |
| . Fixed bug #65729 (CN_match gives false positive). (Tjerk Meesters) | |
| . Peer name verification matches SAN DNS names for certs using | |
| the Subject Alternative Name x509 extension. (Daniel Lowrey) | |
| . Fixed segfault when built against OpenSSL>=1.0.1 (Daniel Lowrey) | |
| . Added SPKAC support. (Jason Gerfen) | |
| - PDO_pgsql: | |
| . Fixed Bug #42614 (PDO_pgsql: add pg_get_notify support). (Matteo) | |
| . Fixed Bug #63657 (pgsqlCopyFromFile, pgsqlCopyToArray use Postgres < 7.3 | |
| syntax). (Matteo) | |
| - phpdbg: | |
| . Included phpdbg sapi (RFC: https://wiki.php.net/rfc/phpdbg). | |
| (Felipe Pena, Joe Watkins and Bob Weinand) | |
| - pgsql: | |
| . pg_version() returns full report which obtained by PQparameterStatus(). | |
| (Yasuo) | |
| . Added pg_lo_truncate(). (Yasuo) | |
| . Added 64bit large object support for PostgreSQL 9.3 and later. (Yasuo) | |
| - Session: | |
| . Fixed Bug #65315 (session.hash_function silently fallback to default md5) | |
| (Yasuo) | |
| . Implemented Request #17860 (Session write short circuit). (Yasuo) | |
| . Implemented Request #20421 (session_abort() and session_reset() function). | |
| (Yasuo) | |
| - Standard: | |
| . Implemented FR #65634 (HTTP wrapper is very slow with protocol_version | |
| 1.1). (Adam) | |
| . Implemented Change crypt() behavior w/o salt RFC. (Yasuo) | |
| https://wiki.php.net/rfc/crypt_function_salt | |
| . Implemented request #49824 (Change array_fill() to allow creating empty | |
| array). (Nikita) | |
| - XMLReader: | |
| . Fixed bug #55285 (XMLReader::getAttribute/No/Ns methods inconsistency). | |
| (Mike) | |
| - Zip: | |
| . update libzip to version 1.11.2. | |
| PHP don't use any ilibzip private symbol anymore. (Pierre, Remi) | |
| . new method ZipArchive::setPassword($password). (Pierre) | |
| . add --with-libzip option to build with system libzip. (Remi) | |
| . new methods: | |
| ZipArchive::setExternalAttributesName($name, $opsys, $attr [, $flags]) | |
| ZipArchive::setExternalAttributesIndex($idx, $opsys, $attr [, $flags]) | |
| ZipArchive::getExternalAttributesName($name, &$opsys, &$attr [, $flags]) | |
| ZipArchive::getExternalAttributesIndex($idx, &$opsys, &$attr [, $flags]) | |
| <<< NOTE: Insert NEWS from last stable release here prior to actual release! >>> |