NEWS 414 KB
Newer Older
1
PHP                                                                        NEWS
2
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
3
20 Jun 2013, PHP 5.5.0
4 5

- Core:
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58
  . Added Zend Opcache extension and enable building it by default.
    More details here: https://wiki.php.net/rfc/optimizerplus. (Dmitry)
  . Added generators and coroutines (https://wiki.php.net/rfc/generators).
    (Nikita Popov)
  . Added "finally" keyword (https://wiki.php.net/rfc/finally). (Laruence)
  . Added simplified password hashing API
    (https://wiki.php.net/rfc/password_hash). (Anthony Ferrara)
  . Added support for constant array/string dereferencing. (Laruence)
  . Added array_column function which returns a column in a multidimensional
    array. https://wiki.php.net/rfc/array_column. (Ben Ramsey)
  . Added boolval(). (Jille Timmermans)
  . Added "Z" option to pack/unpack. (Gustavo)
  . Added Generator::throw() method. (Nikita Popov)
  . Added Class Name Resolution As Scalar Via "class" Keyword.
    (Ralph Schindler, Nikita Popov, Lars)
  . Added optional second argument for assert() to specify custom message. Patch
    by Lonny Kapelushnik (lonny@lonnylot.com). (Lars)
  . Added support for using empty() on the result of function calls and
    other expressions (https://wiki.php.net/rfc/empty_isset_exprs).
    (Nikita Popov)
  . Added support for non-scalar Iterator keys in foreach
    (https://wiki.php.net/rfc/foreach-non-scalar-keys). (Nikita Popov)
  . Added support for list in foreach (https://wiki.php.net/rfc/foreachlist).
    (Laruence)
  . Added support for changing the process's title in CLI/CLI-Server SAPIs.
    The implementation is more robust that the proctitle PECL module. More
    details here: https://wiki.php.net/rfc/cli_process_title. (Keyur)
  . Added ARMv7/v8 versions of various Zend arithmetic functions that are
    implemented using inline assembler (Ard Biesheuvel)
  . Added systemtap support by enabling systemtap compatible dtrace probes on
    linux. (David Soria Parra)
  . Optimized access to temporary and compiled VM variables. 8% less memory
    reads. (Dmitry)
  . The VM stacks for passing function arguments and syntaticaly nested calls
    were merged into a single stack. The stack size needed for op_array
    execution is calculated at compile time and preallocated at once. As result
    all the stack push operatins don't require checks for stack overflow
    any more. (Dmitry)
  . Improve set_exception_handler while doing reset. (Laruence)
  . Return previous handler when passing NULL to set_error_handler and
    set_exception_handler. (Nikita Popov)
  . Remove php_logo_guid(), php_egg_logo_guid(), php_real_logo_guid(),
    zend_logo_guid(). (Adnrew Faulds)
  . Drop Windows XP and 2003 support. (Pierre)
  . Implemented FR #64175 (Added HTTP codes as of RFC 6585). (Jonh Wendell)
  . Implemented FR #60738 (Allow 'set_error_handler' to handle NULL).
    (Laruence, Nikita Popov)
  . Implemented FR #60524 (specify temp dir by php.ini). (ALeX Kazik).
  . Implemented FR #46487 (Dereferencing process-handles no longer waits on
    those processes). (Jille Timmermans)
  . Fixed bug #65051 (count() off by one inside unset()). (Nikita)
  . Fixed bug #64988 (Class loading order affects E_STRICT warning). (Laruence)
  . Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC). (Laruence)
59
  . Fixed bug #64960 (Segfault in gc_zval_possible_root). (Laruence)
60 61 62
  . Fixed bug #64936 (doc comments picked up from previous scanner run). (Stas,
    Jonathan Oddy)
  . Fixed bug #64934 (Apache2 TS crash with get_browser()). (Anatol)
63 64
  . Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode,
    CVE 2013-2110). (Stas)
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396 2397 2398 2399 2400 2401 2402 2403 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425 2426 2427 2428 2429 2430 2431 2432 2433 2434 2435 2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2455 2456 2457 2458 2459 2460 2461 2462 2463 2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510 2511 2512 2513 2514 2515 2516 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535 2536 2537 2538 2539 2540 2541 2542 2543 2544 2545 2546 2547 2548 2549 2550 2551 2552 2553 2554 2555 2556 2557 2558 2559 2560 2561 2562 2563 2564 2565 2566 2567 2568 2569 2570 2571 2572 2573 2574 2575 2576 2577 2578 2579 2580 2581 2582 2583 2584 2585 2586 2587 2588 2589 2590 2591 2592 2593 2594 2595 2596 2597 2598 2599 2600 2601 2602 2603 2604 2605 2606 2607 2608 2609 2610 2611 2612 2613 2614 2615 2616 2617 2618 2619 2620 2621 2622 2623 2624 2625 2626 2627 2628 2629 2630 2631 2632 2633 2634 2635 2636 2637 2638
  . Fixed bug #64853 (Use of no longer available ini directives causes crash
    on TS build). (Anatol)
  . Fixed bug #64821 (Custom Exceptions crash when internal properties overridden).
      (Anatol)
  . Fixed bug #64720 (SegFault on zend_deactivate). (Dmitry)
  . Fixed bug #64677 (execution operator `` stealing surrounding arguments).
  . Fixed bug #64660 (Segfault on memory exhaustion within function definition).
    (Stas, reported by Juha Kylmänen)
  . Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap:
    segfault). (Laruence)
  . Fixed bug #64565 (copy doesn't report failure on partial copy). (Remi)
  . Fixed bug #64555 (foreach no longer copies keys if they are interned).
    (Nikita Popov)
  . Fixed bugs #47675 and #64577 (fd leak on Solaris)
  . Fixed bug #64544 (Valgrind warnings after using putenv). (Laruence)
  . Fixed bug #64515 (Memoryleak when using the same variablename 2times in
    function declaration). (Laruence)
  . Fixed bug #64503 (Compilation fails with error: conflicting types for
    'zendparse'). (Laruence)
  . Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10 or 5.4.11).
    (Dmitry, Laruence)
  . Fixed bug #64523, allow XOR in php.ini. (Dejan Marjanovic, Lars)
  . Fixed bug #64354 (Unserialize array of objects whose class can't
    be autoloaded fail). (Laruence)
  . Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']).
    (Anatol)
  . Fixed bug #64166 (quoted-printable-encode stream filter incorrectly
    discarding whitespace). (Michael M Slusarz)
    (Laruence)
  . Fixed bug #64142 (dval to lval different behavior on ppc64). (Remi)
  . Fixed bug #64135 (Exceptions from set_error_handler are not always
    propagated). (Laruence)
  . Fixed bug #63980 (object members get trimmed by zero bytes). (Laruence)
  . Fixed bug #63874 (Segfault if php_strip_whitespace has heredoc). (Pierrick)
  . Fixed bug #63830 (Segfault on undefined function call in nested generator).
    (Nikita Popov)
  . Fixed bug #63822 (Crash when using closures with ArrayAccess).
    (Nikita Popov)
  . Fixed bug #61681 (Malformed grammar). (Nikita Popov, Etienne, Laruence)
  . Fixed bug #61038 (unpack("a5", "str\0\0") does not work as expected).
    (srgoogleguy, Gustavo)
  . Fixed bug #61025 (__invoke() visibility not honored). (Laruence)
  . Fixed bug #60833 (self, parent, static behave inconsistently
    case-sensitive). (Stas, mario at include-once dot org)
  . Fixed Bug #52126: timestamp for mail.log (Martin Jansen, Lars)
  . Fixed bug #49348 (Uninitialized ++$foo->bar; does not cause a notice).
    (Stas)
  . Fixed Bug #23955: allow specifying Max-Age attribute in setcookie() (narfbg, Lars)
  . Fixed bug #18556 (Engine uses locale rules to handle class names). (Stas)
  . Fix undefined behavior when converting double variables to integers.
    The double is now always rounded towards zero, the remainder of its division
    by 2^32 or 2^64 (depending on sizeof(long)) is calculated and it's made
    signed assuming a two's complement representation. (Gustavo)
  . Drop support for bison < 2.4 when building PHP from GIT source.
    (Laruence)

- Apache2 Handler SAPI:
  . Enabled Apache 2.4 configure option for Windows (Pierre, Anatoliy)

- Calendar:
  . Fixed bug #64895 (Integer overflow in SndToJewish). (Remi)
  . Fixed bug #54254 (cal_from_jd returns month = 6 when there is only one Adar)
    (Stas, Eitan Mosenkis)

- CLI server:
  . Fixed bug #64128 (buit-in web server is broken on ppc64). (Remi)

- CURL:
  . Remove curl stream wrappers. (Pierrick)
  . Implemented FR #46439 - added CURLFile for safer file uploads.
    (Stas)
  . Added support for CURLOPT_FTP_RESPONSE_TIMEOUT, CURLOPT_APPEND,
    CURLOPT_DIRLISTONLY, CURLOPT_NEW_DIRECTORY_PERMS, CURLOPT_NEW_FILE_PERMS,
    CURLOPT_NETRC_FILE, CURLOPT_PREQUOTE, CURLOPT_KRBLEVEL, CURLOPT_MAXFILESIZE,
    CURLOPT_FTP_ACCOUNT, CURLOPT_COOKIELIST, CURLOPT_IGNORE_CONTENT_LENGTH,
    CURLOPT_CONNECT_ONLY, CURLOPT_LOCALPORT, CURLOPT_LOCALPORTRANGE,
    CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_SSL_SESSIONID_CACHE,
    CURLOPT_FTP_SSL_CCC, CURLOPT_HTTP_CONTENT_DECODING,
    CURLOPT_HTTP_TRANSFER_DECODING, CURLOPT_PROXY_TRANSFER_MODE,
    CURLOPT_ADDRESS_SCOPE, CURLOPT_CRLFILE, CURLOPT_ISSUERCERT,
    CURLOPT_USERNAME, CURLOPT_PASSWORD, CURLOPT_PROXYUSERNAME,
    CURLOPT_PROXYPASSWORD, CURLOPT_NOPROXY, CURLOPT_SOCKS5_GSSAPI_NEC,
    CURLOPT_SOCKS5_GSSAPI_SERVICE, CURLOPT_TFTP_BLKSIZE,
    CURLOPT_SSH_KNOWNHOSTS, CURLOPT_FTP_USE_PRET, CURLOPT_MAIL_FROM,
    CURLOPT_MAIL_RCPT, CURLOPT_RTSP_CLIENT_CSEQ, CURLOPT_RTSP_SERVER_CSEQ,
    CURLOPT_RTSP_SESSION_ID, CURLOPT_RTSP_STREAM_URI, CURLOPT_RTSP_TRANSPORT,
    CURLOPT_RTSP_REQUEST, CURLOPT_RESOLVE, CURLOPT_ACCEPT_ENCODING,
    CURLOPT_TRANSFER_ENCODING, CURLOPT_DNS_SERVERS and CURLOPT_USE_SSL.
    (Pierrick)
  . Fixed bug #55635 (CURLOPT_BINARYTRANSFER no longer used. The constant
    still exists for backward compatibility but is doing nothing). (Pierrick)
  . Fixed bug #54995 (Missing CURLINFO_RESPONSE_CODE support). (Pierrick)

- DateTime
  . Added DateTimeImmutable - a variant of DateTime that only returns the
    modified state instead of changing itself. (Derick)
  . Added new functions curl_escape, curl_multi_setopt, curl_multi_strerror
    curl_pause, curl_reset, curl_share_close, curl_share_init,
    curl_share_setopt curl_strerror and curl_unescape. (Pierrick)
  . Addes new curl options CURLOPT_TELNETOPTIONS, CURLOPT_GSSAPI_DELEGATION,
    CURLOPT_ACCEPTTIMEOUT_MS, CURLOPT_SSL_OPTIONS, CURLOPT_TCP_KEEPALIVE,
    CURLOPT_TCP_KEEPIDLE and CURLOPT_TCP_KEEPINTVL. (Pierrick)
  . Fixed bug #64825 (Invalid free when unserializing DateTimeZone).
    (Anatol)
  . Fixed bug #64359 (strftime crash with VS2012). (Anatol)
  . Fixed bug #62852 (Unserialize Invalid Date causes crash). (Anatol)
  . Fixed bug #61642 (modify("+5 weekdays") returns Sunday).
    (Dmitri Iouchtchenko)
  . Fixed bug #60774 (DateInterval::format("%a") is always zero when an
    interval is created using the createFromDateString method) (Lonny
    Kapelushnik, Derick)
  . Fixed bug #54567 (DateTimeZone serialize/unserialize) (Lonny
    Kapelushnik, Derick)
  . Fixed bug #53437 (Crash when using unserialized DatePeriod instance).
    (Gustavo, Derick, Anatol)

- dba:
  . Bug #62489: dba_insert not working as expected.
    (marc-bennewitz at arcor dot de, Lars)

- Filter:
  . Implemented FR #49180 - added MAC address validation. (Martin)

- Fileinfo:
  . Upgraded libmagic to 5.14. (Anatol)
  . Fixed bug #64830 (mimetype detection segfaults on mp3 file). (Anatol)
  . Fixed bug #63590 (Different results in TS and NTS under Windows).
    (Anatoliy)
  . Fixed bug #63248 (Load multiple magic files from a directory under Windows).
      (Anatoliy)

- FPM:
  . Add --with-fpm-systemd option to report health to systemd, and
    systemd_interval option to configure this. The service can now use
    Type=notify in the systemd unit file. (Remi)
  . Ignore QUERY_STRING when sent in SCRIPT_FILENAME. (Remi)
  . Log a warning when a syscall fails. (Remi)
  . Implemented FR #64764 (add support for FPM init.d script). (Lior Kaplan)
  . Fixed Bug #64915 (error_log ignored when daemonize=0). (Remi)
  . Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam)
  . Fixed some possible memory or resource leaks and possible null dereference
    detected by code coverity scan. (Remi)

- GD:
  . Fixed Bug #64962 (imagerotate produces corrupted image). (Remi)
  . Fixed Bug #64961 (segfault in imagesetinterpolation). (Remi)
  . Fix build with system libgd >= 2.1 which is now the minimal
    version required (as build with previous version is broken).
    No change when bundled libgd is used.  (Ondrej Sury, Remi)

- Hash:
  . Added support for PBKDF2 via hash_pbkdf2(). (Anthony Ferrara)
  . Fixed Bug #64745 (hash_pbkdf2() truncates data when using default length
    and hex output). (Anthony Ferrara)

- Intl:
  . Added UConverter wrapper.
  . The intl extension now requires ICU 4.0+.
  . Added intl.use_exceptions INI directive, which controls what happens when
    global errors are set together with intl.error_level. (Gustavo)
  . MessageFormatter::format() and related functions now accepted named
    arguments and mixed numeric/named arguments in ICU 4.8+. (Gustavo)
  . MessageFormatter::format() and related functions now don't error out when
    an insufficient argument count is provided. Instead, the placeholders will
    remain unsubstituted. (Gustavo)
  . MessageFormatter::parse() and MessageFormat::format() (and their static
    equivalents) don't throw away better than second precision in the arguments.
    (Gustavo)
  . IntlDateFormatter::__construct and datefmt_create() now accept for the
    $timezone argument time zone identifiers, IntlTimeZone objects, DateTimeZone
    objects and NULL. (Gustavo)
  . IntlDateFormatter::__construct and datefmt_create() no longer accept invalid
    timezone identifiers or empty strings. (Gustavo)
  . The default time zone used in IntlDateFormatter::__construct and
    datefmt_create() (when the corresponding argument is not passed or NULL is
    passed) is now the one given by date_default_timezone_get(), not the
    default ICU time zone. (Gustavo)
  . The time zone passed to the IntlDateFormatter is ignored if it is NULL and
    if the calendar passed is an IntlCalendar object -- in this case, the
    IntlCalendar's time zone will be used instead. Otherwise, the time zone
    specified in the $timezone argument is used instead. This does not affect
    old code, as IntlCalendar was introduced in this version. (Gustavo)
  . IntlDateFormatter::__construct and datefmt_create() now accept for the
    $calendar argument also IntlCalendar objects. (Gustavo)
  . IntlDateFormatter::getCalendar() and datefmt_get_calendar() return false
    if the IntlDateFormatter was set up with an IntlCalendar instead of the
    constants IntlDateFormatter::GREGORIAN/TRADITIONAL. IntlCalendar did not
    exist before this version. (Gustavo)
  . IntlDateFormatter::setCalendar() and datefmt_set_calendar() now also accept
    an IntlCalendar object, in which case its time zone is taken. Passing a
    constant is still allowed, and still keeps the time zone. (Gustavo)
  . IntlDateFormatter::setTimeZoneID() and datefmt_set_timezone_id() are
    deprecated. Use IntlDateFormatter::setTimeZone() or datefmt_set_timezone()
    instead. (Gustavo)
  . IntlDateFormatter::format() and datefmt_format() now also accept an
    IntlCalendar object for formatting. (Gustavo)
  . Added the classes: IntlCalendar, IntlGregorianCalendar, IntlTimeZone,
    IntlBreakIterator, IntlRuleBasedBreakIterator and
    IntlCodePointBreakIterator. (Gustavo)
  . Added the functions: intlcal_get_keyword_values_for_locale(),
    intlcal_get_now(), intlcal_get_available_locales(), intlcal_get(),
    intlcal_get_time(), intlcal_set_time(), intlcal_add(),
    intlcal_set_time_zone(), intlcal_after(), intlcal_before(), intlcal_set(),
    intlcal_roll(), intlcal_clear(), intlcal_field_difference(),
    intlcal_get_actual_maximum(), intlcal_get_actual_minimum(),
    intlcal_get_day_of_week_type(), intlcal_get_first_day_of_week(),
    intlcal_get_greatest_minimum(), intlcal_get_least_maximum(),
    intlcal_get_locale(), intlcal_get_maximum(),
    intlcal_get_minimal_days_in_first_week(), intlcal_get_minimum(),
    intlcal_get_time_zone(), intlcal_get_type(),
    intlcal_get_weekend_transition(), intlcal_in_daylight_time(),
    intlcal_is_equivalent_to(), intlcal_is_lenient(), intlcal_is_set(),
    intlcal_is_weekend(), intlcal_set_first_day_of_week(),
    intlcal_set_lenient(), intlcal_equals(),
    intlcal_get_repeated_wall_time_option(),
    intlcal_get_skipped_wall_time_option(),
    intlcal_set_repeated_wall_time_option(),
    intlcal_set_skipped_wall_time_option(), intlcal_from_date_time(),
    intlcal_to_date_time(), intlcal_get_error_code(),
    intlcal_get_error_message(), intlgregcal_create_instance(),
    intlgregcal_set_gregorian_change(), intlgregcal_get_gregorian_change() and
    intlgregcal_is_leap_year(). (Gustavo)
  . Added the functions: intltz_create_time_zone(), intltz_create_default(),
    intltz_get_id(), intltz_get_gmt(), intltz_get_unknown(),
    intltz_create_enumeration(), intltz_count_equivalent_ids(),
    intltz_create_time_zone_id_enumeration(), intltz_get_canonical_id(),
    intltz_get_region(), intltz_get_tz_data_version(),
    intltz_get_equivalent_id(), intltz_use_daylight_time(), intltz_get_offset(),
    intltz_get_raw_offset(), intltz_has_same_rules(), intltz_get_display_name(),
    intltz_get_dst_savings(), intltz_from_date_time_zone(),
    intltz_to_date_time_zone(), intltz_get_error_code(),
    intltz_get_error_message(). (Gustavo)
  . Added the methods: IntlDateFormatter::formatObject(),
    IntlDateFormatter::getCalendarObject(), IntlDateFormatter::getTimeZone(),
    IntlDateFormatter::setTimeZone(). (Gustavo)
  . Added the functions: datefmt_format_object(), datefmt_get_calendar_object(),
    datefmt_get_timezone(), datefmt_set_timezone(),
    datefmt_get_calendar_object(), intlcal_create_instance(). (Gustavo)

- mbstring:
  . Fixed bug #64769 (mbstring PHPTs crash on Windows x64). (Anatol)

- MCrypt
  . mcrypt_ecb(), mcrypt_cbc(), mcrypt_cfb() and mcrypt_ofb() now throw
    E_DEPRECATED. (GoogleGuy)

- mysql
  . This extension is now deprecated, and deprecation warnings will be generated
    when connections are established to databases via mysql_connect(),
    mysql_pconnect(), or through implicit connection: use MySQLi or PDO_MySQL
    instead (https://wiki.php.net/rfc/mysql_deprecation). (Adam)
  . Dropped support for LOAD DATA LOCAL INFILE handlers when using libmysql.
    Known for stability problems. (Andrey)
  . Added support for SHA256 authentication available with MySQL 5.6.6+.
    (Andrey)

- mysqli:
  . Added mysqli_begin_transaction()/mysqli::begin_transaction(). Implemented
    all options, per MySQL 5.6, which can be used with START TRANSACTION, COMMIT
    and ROLLBACK through options to mysqli_commit()/mysqli_rollback() and their
    respective OO counterparts. They work in libmysql and mysqlnd mode. (Andrey)
  . Added mysqli_savepoint(), mysqli_release_savepoint(). (Andrey)
  . Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB
    pointer has closed). (Laruence)
  . Fixed bug #64394 (MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS undeclared when
    using Connector/C). (Andrey)

- mysqlnd
  . Add new begin_transaction() call to the connection object. Implemented all
    options, per MySQL 5.6, which can be used with START TRANSACTION, COMMIT
    and ROLLBACK. (Andrey)
  . Added mysqlnd_savepoint(), mysqlnd_release_savepoint(). (Andrey)
  . Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc
    for stmt->param_bind). (Andrey)
  . Fixed return value of mysqli_stmt_affected_rows() in the time after
    prepare() and before execute(). (Andrey)

- PCRE:
  . Merged PCRE 8.32. (Anatol)
  . Deprecated the /e modifier
    (https://wiki.php.net/rfc/remove_preg_replace_eval_modifier). (Nikita Popov)
  . Fixed bug #63284 (Upgrade PCRE to 8.31). (Anatoliy)

- PDO:
  . Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to 
    the same db server). (Laruence)

- PDO_DBlib:
  . Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib).
    (Stanley Sufficool)
  . Fixed bug #64338 (pdo_dblib can't connect to Azure SQL). (Stanley
    Sufficool)
  . Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not executed
    statement crashes). (Stanley Sufficool)

- PDO_pgsql:
  . Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error). (Remi)

- PDO_mysql:
  . Fixed bug #48724 (getColumnMeta() doesn't return native_type for BIT,
    TINYINT and YEAR). (Antony, Daniel Beardsley)

- pgsql:
  . Added pg_escape_literal() and pg_escape_identifier() (Yasuo)
  . Bug #46408: Locale number format settings can cause pg_query_params to
    break with numerics. (asmecher, Lars)

- Phar:
  . Fixed timestamp update on Phar contents modification. (Dmitry)

- Readline:
  . Implement FR #55694 (Expose additional readline variable to prevent
    default filename completion). (Hartmel)

- Reflection:
  . Fixed bug #64007 (There is an ability to create instance of Generator by
    hand). (Laruence)

- Sockets:
  . Added recvmsg() and sendmsg() wrappers. (Gustavo)
    See https://wiki.php.net/rfc/sendrecvmsg
  . Fixed bug #64508 (Fails to build with --disable-ipv6). (Gustavo)
  . Fixed bug #64287 (sendmsg/recvmsg shutdown handler causes segfault).
    (Gustavo)

- SPL:
  . Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on
    64-bits systems). (Laruence)
  . Fixed bug #64264 (SPLFixedArray toArray problem). (Laruence)
  . Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS).
    (patch by kriss@krizalys.com, Laruence)
  . Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended).
    (Nikita Popov)
  . Fix bug #60560 (SplFixedArray un-/serialize, getSize(), count() return 0,
    keys are strings). (Adam)
  . Fixed bug #52861 (unset fails with ArrayObject and deep arrays).
    (Mike Willbanks)
  . Implement FR #48358 (Add SplDoublyLinkedList::add() to insert an element
    at a given offset). (Mark Baker, David Soria Parra)

- SNMP:
  . Fixed bug #64765 (Some IPv6 addresses get interpreted wrong).
    (Boris Lytochkin)
  . Fixed bug #64159 (Truncated snmpget). (Boris Lytochkin)
  . Fixed bug #64124 (IPv6 malformed). (Boris Lytochkin)
  . Fixed bug #61981 (OO API, walk: $suffix_as_key is not working correctly).
    (Boris Lytochkin)

- SOAP:
  . Added SoapClient constructor option 'ssl_method' to specify ssl method.
    (Eric Iversen)

- Streams:
  . Fixed bug #64770 (stream_select() fails with pipes returned by proc_open()
    on Windows x64). (Anatol)
  . Fixed Windows x64 version of stream_socket_pair() and improved error
    handling. (Anatol Belski)

- Tokenizer:
  . Fixed bug #60097 (token_get_all fails to lex nested heredoc). (Nikita Popov)

- Zip:
  . Upgraded libzip to 0.10.1 (Anatoliy)
  . Bug #64452 (Zip crash intermittently). (Anatol)
  . Fixed bug #64342 (ZipArchive::addFile() has to check for file existence).
    (Anatol)

06 Jun 2013, PHP 5.4.16

- Core:
  . Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, 
    CVE 2013-2110). (Stas)
  . Fixed bug #64853 (Use of no longer available ini directives causes crash on
    TS build). (Anatol)
  . Fixed bug #64729 (compilation failure on x32). (Gustavo)
  . Fixed bug #64720 (SegFault on zend_deactivate). (Dmitry)
  . Fixed bug #64660 (Segfault on memory exhaustion within function definition).
    (Stas, reported by Juha Kylmänen)

- Calendar:
  . Fixed bug #64895 (Integer overflow in SndToJewish). (Remi)

- Fileinfo:
  . Fixed bug #64830 (mimetype detection segfaults on mp3 file). (Anatol)

- FPM:
  . Ignore QUERY_STRING when sent in SCRIPT_FILENAME. (Remi)
  . Fixed some possible memory or resource leaks and possible null dereference
    detected by code coverity scan. (Remi)
  . Log a warning when a syscall fails. (Remi)
  . Add --with-fpm-systemd option to report health to systemd, and
    systemd_interval option to configure this. The service can now use
    Type=notify in the systemd unit file. (Remi)

- MySQLi
 . Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB
    pointer has closed). (Laruence)

- Phar
  . Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or 
    with non std tmp dir). (Pierre)

- SNMP:
  . Fixed bug #64765 (Some IPv6 addresses get interpreted wrong).
    (Boris Lytochkin)
  . Fixed bug #64159 (Truncated snmpget). (Boris Lytochkin)

- Streams:
  . Fixed bug #64770 (stream_select() fails with pipes returned by proc_open()
    on Windows x64). (Anatol)

- Zend Engine:
  . Fixed bug #64821 (Custom Exceptions crash when internal properties 
    overridden). (Anatol)

09 May 2013, PHP 5.4.15
- Core:
  . Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap:
    segfault). (Laruence)
  . Fixed bug #64458 (dns_get_record result with string of length -1). (Stas)
  . Fixed bug #64433 (follow_location parameter of context is ignored for most
    response codes). (Sergey Akbarov)
  . Fixed bugs #47675 and #64577 (fd leak on Solaris)

- Fileinfo:
  . Upgraded libmagic to 5.14. (Anatol)

- MySQLi:
  . Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB
    pointer has closed). (Laruence)

- Zip:
  . Fixed bug #64342 (ZipArchive::addFile() has to check for file existence).
    (Anatol)

- Streams:
  . Fixed Windows x64 version of stream_socket_pair() and improved error
    handling. (Anatol Belski)
  . Fixed bug #64770 (stream_select() fails with pipes returned by proc_open()
    on Windows x64). (Anatol)

11 Apr 2013, PHP 5.4.14

- Core:
  . Fixed bug #64529 (Ran out of opcode space). (Dmitry)
  . Fixed bug #64515 (Memoryleak when using the same variablename two times in
    function declaration). (Laruence)
  . Fixed bug #64432 (more empty delimiter warning in strX methods). (Laruence)
  . Fixed bug #64417 (ArrayAccess::&offsetGet() in a trait causes fatal error).
    (Dmitry)
  . Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']).
    (Anatol)
  . Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10 or 5.4.11).
    (Dmitry, Laruence)
  . Fixed bug #63976 (Parent class incorrectly using child constant in class
    property). (Dmitry)
  . Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not handle
    exceptions properly). (Jeff Welch)
  . Fixed bug #62343 (Show class_alias In get_declared_classes()) (Dmitry)

- PCRE:
  . Merged PCRE 8.32. (Anatol)

- SNMP:
  . Fixed bug #61981 (OO API, walk: $suffix_as_key is not working correctly).
	(Boris Lytochkin)

- Zip:
  . Bug #64452 (Zip crash intermittently). (Anatol)

14 Mar 2013, PHP 5.4.13

- Core:
  . Fixed bug #64354 (Unserialize array of objects whose class can't
    be autoloaded fail). (Laruence)
  . Fixed bug #64235 (Insteadof not work for class method in 5.4.11).
    (Laruence)
  . Fixed bug #64197 (_Offsetof() macro used but not defined on ARM/Clang).
    (Ard Biesheuvel)
  . Implemented FR #64175 (Added HTTP codes as of RFC 6585). (Jonh Wendell)
  . Fixed bug #64142 (dval to lval different behavior on ppc64). (Remi)
  . Fixed bug #64070 (Inheritance with Traits failed with error). (Dmitry)

- CLI server:
  . Fixed bug #64128 (buit-in web server is broken on ppc64). (Remi)

- Mbstring:
  . mb_split() can now handle empty matches like preg_split() does. (Moriyoshi)

- mysqlnd
  . Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc
    for stmt->param_bind). (Andrey)

- OpenSSL:
  . New SSL stream context option to prevent CRIME attack vector. (Daniel Lowrey,
	Lars)
  . Fixed bug #61930 (openssl corrupts ssl key resource when using
    openssl_get_publickey()). (Stas)

- PDO_mysql:
  . Fixed bug #60840 (undefined symbol: mysqlnd_debug_std_no_trace_funcs).
    (Johannes)

- Phar:
  . Fixed timestamp update on Phar contents modification. (Dmitry)

- SOAP
  . Added check that soap.wsdl_cache_dir conforms to open_basedir
    (CVE-2013-1635). (Dmitry)
  . Disabled external entities loading (CVE-2013-1643, CVE-2013-1824).
    (Dmitry)

- Phar:
  . Fixed timestamp update on Phar contents modification. (Dmitry)

- SPL:
  . Fixed bug #64264 (SPLFixedArray toArray problem). (Laruence)
  . Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS).
    (patch by kriss@krizalys.com, Laruence)
  . Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended).
    (Nikita Popov)
  . Fixed bug #52861 (unset fails with ArrayObject and deep arrays).
    (Mike Willbanks)

- SNMP:
  . Fixed bug #64124 (IPv6 malformed). (Boris Lytochkin)

21 Feb 2013, PHP 5.4.12

- Core:
  . Fixed bug #64099 (Wrong TSRM usage in zend_Register_class alias). (Johannes)
  . Fixed bug #64011 (get_html_translation_table() output incomplete with
    HTML_ENTITIES and ISO-8859-1). (Gustavo)
  . Fixed bug #63982 (isset() inconsistently produces a fatal error on
    protected property). (Stas)
  . Fixed bug #63943 (Bad warning text from strpos() on empty needle).
    (Laruence)
  . Fixed bug #63899 (Use after scope error in zend_compile). (Laruence)
  . Fixed bug #63893 (Poor efficiency of strtr() using array with keys of very
    different length). (Gustavo)
  . Fixed bug #63882 (zend_std_compare_objects crash on recursion). (Dmitry)
  . Fixed bug #63462 (Magic methods called twice for unset protected
    properties). (Stas)
  . Fixed bug #62524 (fopen follows redirects for non-3xx statuses).
    (Wes Mason)
  . Support BITMAPV5HEADER in getimagesize(). (AsamK, Lars)

- Date:
  . Fixed bug #63699 (Performance improvements for various ext/date functions).
    (Lars, original patch by njaguar at gmail dot com)
  . Fixed bug #55397: Comparsion of incomplete DateTime causes SIGSEGV.
    (Derick)

- FPM:
  . Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam)

- Litespeed:
  . Fixed bug #63228 (-Werror=format-security error in lsapi code). (George)

- ext/sqlite3:
  . Fixed bug #63921 (sqlite3::bindvalue and relative PHP functions aren't
    using sqlite3_*_int64 API). (srgoogleguy, Lars)

- PDO_OCI
  . Fixed bug #57702 (Multi-row BLOB fetches). (hswong3i, Laruence)
  . Fixed bug #52958 (Segfault in PDO_OCI on cleanup after running a long
    testsuite). (hswong3i, Lars)

- PDO_sqlite:
  . Fixed bug #63916 (PDO::PARAM_INT casts to 32bit int internally even
    on 64bit builds in pdo_sqlite). (srgoogleguy, Lars)

17 Jan 2013, PHP 5.4.11

- Core:
  . Fixed bug #63762 (Sigsegv when Exception::$trace is changed by user).
    (Johannes)
  . Fixed bug #43177 (Errors in eval()'ed code produce status code 500).
    (Todd Ruth, Stas).

- Filter:
  . Fixed bug #63757 (getenv() produces memory leak with CGI SAPI). (Dmitry)
  . Fixed bug #54096 (FILTER_VALIDATE_INT does not accept +0 and -0).
    (martin at divbyzero dot net, Lars)

- JSON:
  . Fixed bug #63737 (json_decode does not properly decode with options
    parameter). (Adam)

- CLI server
  . Update list of common mime types. Added webm, ogv, ogg. (Lars,
    pascalc at gmail dot com)

- cURL extension:
  . Fixed bug (segfault due to libcurl connection caching). (Pierrick)
  . Fixed bug #63859 (Memory leak when reusing curl-handle). (Pierrick)
  . Fixed bug #63795 (CURL >= 7.28.0 no longer support value 1 for
    CURLOPT_SSL_VERIFYHOST). (Pierrick)
  . Fixed bug #63352 (Can't enable hostname validation when using curl stream
    wrappers). (Pierrick)
  . Fixed bug #55438 (Curlwapper is not sending http header randomly).
    (phpnet@lostreality.org, Pierrick)

20 Dec 2012, PHP 5.4.10

- Core:
  . Fixed bug #63726 (Memleak with static properties and internal/user
    classes). (Laruence)
  . Fixed bug #63635 (Segfault in gc_collect_cycles). (Dmitry)
  . Fixed bug #63512 (parse_ini_file() with INI_SCANNER_RAW removes quotes
    from value). (Pierrick)
  . Fixed bug #63468 (wrong called method as callback with inheritance).
    (Laruence)
  . Fixed bug #63451 (config.guess file does not have AIX 7 defined,
    shared objects are not created). (kemcline at au1 dot ibm dot com)
  . Fixed bug #61557 (Crasher in tt-rss backend.php).
    (i dot am dot jack dot mail at gmail dot com)
  . Fixed bug #61272 (ob_start callback gets passed empty string).
    (Mike, casper at langemeijer dot eu)

- Date:
  . Fixed bug #63666 (Poor date() performance). (Paul Taulborg).
  . Fixed bug #63435 (Datetime::format('u') sometimes wrong by 1 microsecond).
    (Remi)

- Imap:
  . Fixed bug #63126 (DISABLE_AUTHENTICATOR ignores array). (Remi)

- Json:
  . Fixed bug #63588 (use php_next_utf8_char and remove duplicate
    implementation). (Remi)

- MySQLi:
  . Fixed bug #63361 (missing header). (Remi)

- MySQLnd:
  . Fixed bug #63398 (Segfault when polling closed link). (Laruence)

- Fileinfo:
  . Fixed bug #63590 (Different results in TS and NTS under Windows).
    (Anatoliy)

- FPM:
  . Fixed bug #63581 Possible null dereference and buffer overflow (Remi)

- Pdo_sqlite:
  . Fixed Bug #63149 getColumnMeta should return the table name
    when system SQLite used. (Remi)

- Apache2 Handler SAPI:
  . Enabled Apache 2.4 configure option for Windows (Pierre, Anatoliy)

- Reflection:
  . Fixed Bug #63614 (Fatal error on Reflection). (Laruence)

- SOAP
  . Fixed bug #63271 (SOAP wsdl cache is not enabled after initial requests).
    (John Jawed, Dmitry)

- Sockets
  . Fixed bug #49341 (Add SO_REUSEPORT support for socket_set_option()).
    (Igor Wiedler, Lars)

- SPL
  . Fixed bug #63680 (Memleak in splfixedarray with cycle reference). (Laruence)

22 Nov 2012, PHP 5.4.9

- Core:
  . Fixed bug #63305 (zend_mm_heap corrupted with traits). (Dmitry, Laruence)
  . Fixed bug #63369 ((un)serialize() leaves dangling pointers, causes crashes).
    (Tony, Andrew Sitnikov)
  . Fixed bug #63241 (PHP fails to open Windows deduplicated files).
    (daniel dot stelter-gliese at innogames dot de)
  . Fixed bug #62444 (Handle leak in is_readable on windows).
    (krazyest at seznam dot cz)

- Curl:
  . Fixed bug #63363 (Curl silently accepts boolean true for SSL_VERIFYHOST).
    Patch by John Jawed GitHub PR #221 (Anthony)

- Fileinfo:
  . Fixed bug #63248 (Load multiple magic files from a directory under Windows).
    (Anatoliy)

- Libxml
  . Fixed bug #63389 (Missing context check on libxml_set_streams_context()
    causes memleak). (Laruence)

- Mbstring:
  . Fixed bug #63447 (max_input_vars doesn't filter variables when
    mbstring.encoding_translation = On). (Laruence)

- OCI8:
  . Fixed bug #63265 (Add ORA-00028 to the PHP_OCI_HANDLE_ERROR macro)
    (Chris Jones)

- PCRE:
  . Fixed bug #63180 (Corruption of hash tables). (Dmitry)
  . Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite).
    (Dmitry, Laruence)
  . Fixed bug #63284 (Upgrade PCRE to 8.31). (Anatoliy)

- PDO:
  . Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec).
    (Martin Osvald, Remi)

- PDO_pgsql:
  . Fixed bug #62593 (Emulate prepares behave strangely with PARAM_BOOL).
    (Will Fitch)

- Phar:
  . Fixed bug #63297 (Phar fails to write an openssl based signature).
    (Anatoliy)

- Streams:
  . Fixed bug #63240 (stream_get_line() return contains delimiter string).
    (Tjerk, Gustavo)

- Reflection:
  . Fixed bug #63399 (ReflectionClass::getTraitAliases() incorrectly resolves
    traitnames). (Laruence)

18 Oct 2012, PHP 5.4.8

- CLI server:
  . Implemented FR #63242 (Default error page in PHP built-in web server uses
    outdated html/css). (pascal.chevrel@free.fr)
  . Changed response to unknown HTTP method to 501 according to RFC.
    (Niklas Lindgren).
  . Support HTTP PATCH method. Patch by Niklas Lindgren, GitHub PR #190.
    (Lars)

- Core:
  . Fixed bug #63219 (Segfault when aliasing trait method when autoloader
    throws excpetion). (Laruence)
  . Added optional second argument for assert() to specify custom message. Patch
    by Lonny Kapelushnik (lonny@lonnylot.com). (Lars)
  . Support building PHP with the native client toolchain. (Stuart Langley)
  . Added --offline option for tests. (Remi)
  . Fixed bug #63162 (parse_url does not match password component). (husman)
  . Fixed bug #63111 (is_callable() lies for abstract static method). (Dmitry)
  . Fixed bug #63093 (Segfault while load extension failed in zts-build).
    (Laruence)
  . Fixed bug #62976 (Notice: could not be converted to int when comparing
    some builtin classes). (Laruence)
  . Fixed bug #62955 (Only one directive is loaded from "Per Directory Values"
    Windows registry). (aserbulov at parallels dot com)
  . Fixed bug #62907 (Double free when use traits). (Dmitry)
  . Fixed bug #61767 (Shutdown functions not called in certain error
    situation). (Dmitry)
  . Fixed bug #60909 (custom error handler throwing Exception + fatal error
    = no shutdown function). (Dmitry)
  . Fixed bug #60723 (error_log error time has changed to UTC ignoring default
    timezone). (Laruence)

- cURL:
  . Fixed bug #62085 (file_get_contents a remote file by Curl wrapper will
    cause cpu Soaring). (Pierrick)

- Date:
  . Fixed bug #62896 ("DateTime->modify('+0 days')" modifies DateTime object)
    (Lonny Kapelushnik)
  . Fixed bug #62561 (DateTime add 'P1D' adds 25 hours). (Lonny Kapelushnik)

- DOM:
  . Fixed bug #63015 (Incorrect arginfo for DOMErrorHandler). (Rob)

- FPM:
  . Fixed bug #62954 (startup problems fpm / php-fpm). (fat)
  . Fixed bug #62886 (PHP-FPM may segfault/hang on startup). (fat)
  . Fixed bug #63085 (Systemd integration and daemonize). (remi, fat)
  . Fixed bug #62947 (Unneccesary warnings on FPM). (fat)
  . Fixed bug #62887 (Only /status?plain&full gives "last request cpu"). (fat)
  . Fixed bug #62216 (Add PID to php-fpm init.d script). (fat)

- OCI8:
  . Fixed bug #60901 (Improve "tail" syntax for AIX installation) (Chris Jones)

- OpenSSL:
  . Implemented FR #61421 (OpenSSL signature verification missing RMD160,
    SHA224, SHA256, SHA384, SHA512). (Mark Jones)

- PDO:
  . Fixed bug #63258 (seg fault with PDO and dblib using DBSETOPT(H->link,
    DBQUOTEDIDENT, 1)). (Laruence)
  . Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec).
    (Martin Osvald, Remi)

- PDO Firebird:
  . Fixed bug #63214 (Large PDO Firebird Queries).
    (james at kenjim dot com)

- SOAP
  . Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice).
    (Dmitry)

- SPL:
  . Bug #62987 (Assigning to ArrayObject[null][something] overrides all
    undefined variables). (Laruence)

- mbstring:
  . Allow passing null as a default value to mb_substr() and mb_strcut(). Patch
    by Alexander Moskaliov via GitHub PR #133. (Lars)

- Filter extension:
  . Bug #49510: Boolean validation fails with FILTER_NULL_ON_FAILURE with empty
    string or false. (Lars)

- Sockets
  . Fixed bug #63000 (MCAST_JOIN_GROUP on OSX is broken, merge of PR 185 by
    Igor Wiedler). (Lars)

13 Sep 2012, PHP 5.4.7

- Core:
  . Fixed bug (segfault while build with zts and GOTO vm-kind). (Laruence)
  . Fixed bug #62844 (parse_url() does not recognize //). (Andrew Faulds).
  . Fixed bug #62829 (stdint.h included on platform where HAVE_STDINT_H is not
    set). (Felipe)
  . Fixed bug #62763 (register_shutdown_function and extending class).
    (Laruence)
  . Fixed bug #62725 (Calling exit() in a shutdown function does not return
    the exit value). (Laruence)
  . Fixed bug #62744 (dangling pointers made by zend_disable_class). (Laruence)
  . Fixed bug #62716 (munmap() is called with the incorrect length).
    (slangley@google.com)
  . Fixed bug #62358 (Segfault when using traits a lot). (Laruence)
  . Fixed bug #62328 (implementing __toString and a cast to string fails)
    (Laruence)
  . Fixed bug #51363 (Fatal error raised by var_export() not caught by error
    handler). (Lonny Kapelushnik)
  . Fixed bug #40459 (Stat and Dir stream wrapper methods do not call
    constructor). (Stas)

- CURL:
  . Fixed bug #62912 (CURLINFO_PRIMARY_* AND CURLINFO_LOCAL_* not exposed).
	(Pierrick)
  . Fixed bug #62839 (curl_copy_handle segfault with CURLOPT_FILE). (Pierrick)

- Intl:
  . Fixed Spoofchecker not being registered on ICU 49.1. (Gustavo)
  . Fix bug #62933 (ext/intl compilation error on icu 3.4.1). (Gustavo)
  . Fix bug #62915 (defective cloning in several intl classes). (Gustavo)

- Installation:
  . Fixed bug #62460 (php binaries installed as binary.dSYM). (Reeze Xia)

- PCRE:
  . Fixed bug #55856 (preg_replace should fail on trailing garbage).
    (reg dot php at alf dot nu)

- PDO:
  . Fixed bug #62685 (Wrong return datatype in PDO::inTransaction()). (Laruence)

- Reflection:
  . Fixed bug #62892 (ReflectionClass::getTraitAliases crashes on importing
    trait methods as private). (Felipe)
  . Fixed bug #62715 (ReflectionParameter::isDefaultValueAvailable() wrong
    result). (Laruence)

- Session:
  . Fixed bug (segfault due to retval is not initialized). (Laruence)
  . Fixed bug (segfault due to PS(mod_user_implemented) not be reseted
    when close handler call exit). (Laruence)

- SOAP
  . Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice).
    (Dmitry)

- SPL:
  . Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray)
    (Laruence)
  . Implemented FR #62840 (Add sort flag to ArrayObject::ksort). (Laruence)

- Standard:
  . Fixed bug #62836 (Seg fault or broken object references on unserialize()).
    (Laruence)

- FPM:
  . Merged PR 121 by minitux to add support for slow request counting on PHP
    FPM status page. (Lars)

16 Aug 2012, PHP 5.4.6

- CLI Server:
  . Implemented FR #62700 (have the console output 'Listening on
    http://localhost:8000'). (pascal.chevrel@free.fr)

- Core:
  . Fixed bug #62661 (Interactive php-cli crashes if include() is used in
    auto_prepend_file). (Laruence)
  . Fixed bug #62653: (unset($array[$float]) causes a crash). (Nikita Popov,
    Laruence)
  . Fixed bug #62565 (Crashes due non-initialized internal properties_table).
    (Felipe)
  . Fixed bug #60194 (--with-zend-multibyte and --enable-debug reports LEAK
    with run-test.php). (Laruence)

- CURL:
  . Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false).
    (r.hampartsumyan@gmail.com, Laruence)

- DateTime:
  . Fixed Bug #62500 (Segfault in DateInterval class when extended). (Laruence)

- Fileinfo:
  . Fixed bug #61964 (finfo_open with directory causes invalid free).
    (reeze.xia@gmail.com)

- Intl:
  . Fixed bug #62564 (Extending MessageFormatter and adding property causes
    crash). (Felipe)

- MySQLnd:
  . Fixed bug #62594 (segfault in mysqlnd_res_meta::set_mode). (Laruence)

- readline:
  . Fixed bug #62612 (readline extension compilation fails with
    sapi/cli/cli.h: No such file). (Johannes)

- Reflection:
  . Implemented FR #61602 (Allow access to name of constant used as default
    value). (reeze.xia@gmail.com)

- SimpleXML:
  . Implemented FR #55218 Get namespaces from current node. (Lonny)

- SPL:
  . Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance
    gives Segmentation fault). (Laruence, Gustavo)
  . Fixed bug #61527 (ArrayIterator gives misleading notice on next() when
    moved to the end). (reeze.xia@gmail.com)

- Streams:
  . Fixed bug #62597 (segfault in php_stream_wrapper_log_error with ZTS build).
    (Laruence)

- Zlib:
  . Fixed bug #55544 (ob_gzhandler always conflicts with
    zlib.output_compression). (Laruence)

19 Jul 2012, PHP 5.4.5

- Core:
  . Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed
    Salt). (Anthony Ferrara)
  . Fixed bug #62432 (ReflectionMethod random corrupt memory on high
    concurrent). (Johannes)
  . Fixed bug #62373 (serialize() generates wrong reference to the object).
    (Moriyoshi)
  . Fixed bug #62357 (compile failure: (S) Arguments missing for built-in
    function __memcmp). (Laruence)
  . Fixed bug #61998 (Using traits with method aliases appears to result in
    crash during execution). (Dmitry)
  . Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that
    includes a semi-colon). (Pierrick)
  . Fixed potential overflow in _php_stream_scandir (CVE-2012-2688).
    (Jason Powell, Stas)

- EXIF:
  . Fixed information leak in ext exif (discovered by Martin Noga,
    Matthew "j00ru" Jurczyk, Gynvael Coldwind)

- FPM:
  . Fixed bug #62205 (php-fpm segfaults (null passed to strstr)). (fat)
  . Fixed bug #62160 (Add process.priority to set nice(2) priorities). (fat)
  . Fixed bug #62153 (when using unix sockets, multiples FPM instances
  . Fixed bug #62033 (php-fpm exits with status 0 on some failures to start).
    (fat)
  . Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm). (fat)
  . Fixed bug #61835 (php-fpm is not allowed to run as root). (fat)
  . Fixed bug #61295 (php-fpm should not fail with commented 'user'
  . Fixed bug #61218 (FPM drops connection while receiving some binary values
    in FastCGI requests). (fat)
  . Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat)
    for non-root start). (fat)
  . Fixed bug #61026 (FPM pools can listen on the same address). (fat)
    can be launched without errors). (fat)

- Iconv:
  . Fix bug #55042 (Erealloc in iconv.c unsafe). (Stas)

- Intl:
  . Fixed bug #62083 (grapheme_extract() memory leaks). (Gustavo)
  . ResourceBundle constructor now accepts NULL for the first two arguments.
    (Gustavo)
  . Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called
    twice). (Gustavo)
  . Fixed bug #62070 (Collator::getSortKey() returns garbage). (Gustavo)
  . Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks
    pattern). (Gustavo)
  . Fixed bug #60785 (memory leak in IntlDateFormatter constructor). (Gustavo)

- JSON:
  . Fixed bug #61359 (json_encode() calls too many reallocs). (Stas)

- libxml:
  . Fixed bug #62266 (Custom extension segfaults during xmlParseFile with FPM
    SAPI). (Gustavo)

- Phar:
  . Fixed bug #62227 (Invalid phar stream path causes crash). (Felipe)

- Readline:
  . Fixed bug #62186 (readline fails to compile - void function should not
    return a value). (Johannes)

- Reflection:
  . Fixed bug #62384 (Attempting to invoke a Closure more than once causes
    segfault). (Felipe)
  . Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks
    with constant). (Laruence)

- Sockets:
  . Fixed bug #62025 (__ss_family was changed on AIX 5.3). (Felipe)

- SPL:
  . Fixed bug #62433 (Inconsistent behavior of RecursiveDirectoryIterator to
    dot files). (Laruence)
  . Fixed bug #62262 (RecursiveArrayIterator does not implement Countable).
    (Nikita Popov)

- XML Writer:
  . Fixed bug #62064 (memory leak in the XML Writer module).
    (jean-pierre dot lozi at lip6 dot fr)

- Zip:
  . Upgraded libzip to 0.10.1 (Anatoliy)

14 Jun 2012, PHP 5.4.4

- COM:
  . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes)

- CLI Server:
  . Implemented FR #61977 (Need CLI web-server support for files with .htm &
    svg extensions). (Sixd, Laruence)
  . Improved performance while sending error page, this also fixed
    bug #61785 (Memory leak when access a non-exists file without router).
    (Laruence)
  . Fixed bug #61546 (functions related to current script failed when chdir()
    in cli sapi). (Laruence, reeze.xia@gmail.com)

- Core:
  . Fixed missing bound check in iptcparse(). (chris at chiappa.net)
  . Fixed CVE-2012-2143. (Solar Designer)
  . Fixed bug #62097 (fix for for bug #54547). (Gustavo)
  . Fixed bug #62005 (unexpected behavior when incrementally assigning to a
    member of a null object). (Laruence)
  . Fixed bug #61978 (Object recursion not detected for classes that implement
    JsonSerializable). (Felipe)
  . Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy)
  . Fixed bug #61922 (ZTS build doesn't accept zend.script_encoding config).
    (Laruence)
  . Fixed bug #61827 (incorrect \e processing on Windows) (Anatoliy)
  . Fixed bug #61782 (__clone/__destruct do not match other methods when checking
    access controls). (Stas)
  . Fixed bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64). (Gustavo)
  . Fixed bug #61761 ('Overriding' a private static method with a different
    signature causes crash). (Laruence)
  . Fixed bug #61730 (Segfault from array_walk modifying an array passed by
    reference). (Laruence)
  . Fixed bug #61728 (PHP crash when calling ob_start in request_shutdown
    phase). (Laruence)
  . Fixed bug #61713 (Logic error in charset detection for htmlentities).
    (Anatoliy)
  . Fixed bug #61660 (bin2hex(hex2bin($data)) != $data). (Nikita Popov)
  . Fixed bug #61650 (ini parser crashes when using ${xxxx} ini variables
    (without apache2)). (Laruence)
  . Fixed bug #61605 (header_remove() does not remove all headers). (Laruence)
  . Fixed bug #54547 (wrong equality of string numbers). (Gustavo)
  . Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename
    set to null). (Anatoliy)
  . Changed php://fd to be available only for CLI.

- CURL:
  . Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction).
    (Laruence)

- Fileinfo
  . Fixed bug #61812 (Uninitialised value used in libmagic).
    (Laruence, Gustavo)
  . Fixed bug #61566 failure caused by the posix lseek and read versions
    under windows in cdf_read(). (Anatoliy)
  . Fixed bug #61565 where php_stream_open_wrapper_ex tries to open a
    directory descriptor under windows. (Anatoliy)

- Intl
  . Fixed bug #62082 (Memory corruption in internal function
    get_icu_disp_value_src_php()). (Gustavo)

- Libxml:
  . Fixed bug #61617 (Libxml tests failed(ht is already destroyed)).
    (Laruence)

- PDO:
  . Fixed bug #61755 (A parsing bug in the prepared statements can lead to
    access violations). (Johannes)

- Phar:
  . Fixed bug #61065 (Secunia SA44335, CVE-2012-2386). (Rasmus)

- Pgsql:
  . Added pg_escape_identifier/pg_escape_literal. (Yasuo Ohgaki)

- Streams:
  . Fixed bug #61961 (file_get_contents leaks when access empty file with
    maxlen set). (Reeze)

- Zlib:
  . Fixed bug #61820 (using ob_gzhandler will complain about headers already
    sent when no compression). (Mike)
  . Fixed bug #61443 (can't change zlib.output_compression on the fly). (Mike)
  . Fixed bug #60761 (zlib.output_compression fails on refresh). (Mike)

08 May 2012, PHP 5.4.3

- CGI
  . Re-Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.
    (Stas)
  . Fix bug #61807 - Buffer Overflow in apache_request_headers.
    (nyt-php at countercultured dot net).

03 May 2012, PHP 5.4.2

- Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Rasmus)

26 Apr 2012, PHP 5.4.1

- CLI Server:
  . Fixed bug #61461 (missing checks around malloc() calls). (Ilia)
  . Implemented FR #60850 (Built in web server does not set
    $_SERVER['SCRIPT_FILENAME'] when using router). (Laruence)
  . "Connection: close" instead of "Connection: closed" (Gustavo)

- Core:
  . Fixed crash in ZTS using same class in many threads. (Johannes)
  . Fixed bug #61374 (html_entity_decode tries to decode code points that don't
    exist in ISO-8859-1). (Gustavo)
  . Fixed bug #61273 (call_user_func_array with more than 16333 arguments
    leaks / crashes). (Laruence)
  . Fixed bug #61225 (Incorrect lexing of 0b00*+<NUM>). (Pierrick)
  . Fixed bug #61165 (Segfault - strip_tags()). (Laruence)
  . Fixed bug #61106 (Segfault when using header_register_callback). (Nikita
    Popov)
  . Fixed bug #61087 (Memory leak in parse_ini_file when specifying
    invalid scanner mode). (Nikic, Laruence)
  . Fixed bug #61072 (Memory leak when restoring an exception handler).
    (Nikic, Laruence)
  . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX).
    (Laruence)
  . Fixed bug #61052 (Missing error check in trait 'insteadof' clause). (Stefan)
  . Fixed bug #61011 (Crash when an exception is thrown by __autoload
    accessing a static property). (Laruence)
  . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
    vars). (Laruence)
  . Fixed bug #60978 (exit code incorrect). (Laruence)
  . Fixed bug #60911 (Confusing error message when extending traits). (Stefan)
  . Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam)
  . Fixed bug #60717 (Order of traits in use statement can cause a fatal
    error). (Stefan)
  . Fixed bug #60573 (type hinting with "self" keyword causes weird errors).
    (Laruence)
  . Fixed bug #60569 (Nullbyte truncates Exception $message). (Ilia)
  . Fixed bug #52719 (array_walk_recursive crashes if third param of the
    function is by reference). (Nikita Popov)
  . Improve performance of set_exception_handler while doing reset (Laruence)

- fileinfo:
  . Fix fileinfo test problems. (Anatoliy Belsky)

- FPM
  . Fixed bug #61430 (Transposed memset() params in sapi/fpm/fpm/fpm_shm.c).
    (michaelhood at gmail dot com, Ilia)

- Ibase
  . Fixed bug #60947 (Segmentation fault while executing ibase_db_info).
    (Ilia)

- Installation
  . Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones)

- Intl:
  . Fixed bug #61487 (Incorrent bounds checking in grapheme_strpos).
    (Stas)

- mbstring:
  . MFH mb_ereg_replace_callback() for security enhancements. (Rui)

- mysqli
  . Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes).

- mysqlnd
  . Fixed bug #61704 (Crash apache, phpinfo() threading issue). (Johannes)
  . Fixed bug #60948 (mysqlnd FTBFS when -Wformat-security is enabled).
    (Johannes)

- PDO
  . Fixed bug #61292 (Segfault while calling a method on an overloaded PDO
    object). (Laruence)

- PDO_mysql
  . Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't
    always work). (Johannes)
  . Fixed bug #61194 (PDO should export compression flag with myslqnd).
    (Johannes)

- PDO_odbc
  . Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO). (Ilia)

- Phar
  . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL
    bytes). (Nikita Popov)

- Readline:
  . Fixed bug #61088 (Memory leak in readline_callback_handler_install).
    (Nikic, Laruence)

- Reflection:
  . Implemented FR #61602 (Allow access to the name of constant
    used as function/method parameter's default value). (reeze.xia@gmail.com)
  . Fixed bug #60968 (Late static binding doesn't work with
    ReflectionMethod::invokeArgs()). (Laruence)

- Session
  . Fixed bug #60634 (Segmentation fault when trying to die() in
    SessionHandler::write()). (Ilia)

- SOAP
  . Fixed bug #61423 (gzip compression fails). (Ilia)
  . Fixed bug #60887 (SoapClient ignores user_agent option and sends no
    User-Agent header). (carloschilazo at gmail dot com)
  . Fixed bug #60842, #51775 (Chunked response parsing error when
    chunksize length line is > 10 bytes). (Ilia)
  . Fixed bug #49853 (Soap Client stream context header option ignored).
    (Dmitry)

- SPL:
  . Fixed bug #61453 (SplObjectStorage does not identify objects correctly).
    (Gustavo)
  . Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence)

- Standard:
  . Fixed memory leak in substr_replace. (Pierrick)
  . Make max_file_uploads ini directive settable outside of php.ini (Rasmus)
  . Fixed bug #61409 (Bad formatting on phpinfo()). (Jakub Vrana)
  . Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia)
  . Fixed bug #60106 (stream_socket_server silently truncates long unix socket
    paths). (Ilia)

- XMLRPC:
  . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary
    variable). (Nikita Popov)
  . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikita
    Popov)

- Zlib:
  . Fixed bug #61306 (initialization of global inappropriate for ZTS). (Gustavo)
  . Fixed bug #61287 (A particular string fails to decompress). (Mike)
  . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikita Popov)

01 Mar 2012, PHP 5.4.0

- Installation:
  . autoconf 2.59+ is now supported (and required) for generating the
    configure script with ./buildconf. Autoconf 2.60+ is desirable
    otherwise the configure help order may be incorrect.  (Rasmus, Chris Jones)

- Removed legacy features:
  . break/continue $var syntax. (Dmitry)
  . Safe mode and all related php.ini options. (Kalle)
  . register_globals and register_long_arrays php.ini options. (Kalle)
  . import_request_variables(). (Kalle)
  . allow_call_time_pass_reference. (Pierrick)
  . define_syslog_variables php.ini option and its associated function. (Kalle)
  . highlight.bg php.ini option. (Kalle)
  . safe_mode, safe_mode_gid, safe_mode_include_dir,
    safe_mode_exec_dir, safe_mode_allowed_env_vars and
    safe_mode_protected_env_vars php.ini options.
  . zend.ze1_compatibility_mode php.ini option.
  . Session bug compatibility mode (session.bug_compat_42 and
    session.bug_compat_warn php.ini options). (Kalle)
  . session_is_registered(), session_register() and session_unregister()
    functions. (Kalle)
  . y2k_compliance php.ini option. (Kalle)
  . magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase
    php.ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept
    but always return false, set_magic_quotes_runtime raises an
    E_CORE_ERROR. (Pierrick, Pierre)
  . Removed support for putenv("TZ=..") for setting the timezone. (Derick)
  . Removed the timezone guessing algorithm in case the timezone isn't set with
    date.timezone or date_default_timezone_set(). Instead of a guessed
    timezone, "UTC" is now used instead. (Derick)

- Moved extensions to PECL:
  . ext/sqlite.  (Note: the ext/sqlite3 and ext/pdo_sqlite extensions are
    not affected) (Johannes)

- General improvements:
  . Added short array syntax support ([1,2,3]), see UPGRADING guide for full
    details. (rsky0711 at gmail . com, sebastian.deutsch at 9elements . com,
    Pierre)
  . Added binary number format (0b001010). (Jonah dot Harris at gmail dot com)
  . Added support for Class::{expr}() syntax (Pierrick)
  . Added multibyte support by default. Previously PHP had to be compiled
    with --enable-zend-multibyte.  Now it can be enabled or disabled through
    the zend.multibyte directive in php.ini. (Dmitry)
  . Removed compile time dependency from ext/mbstring (Dmitry)
  . Added support for Traits. (Stefan, with fixes by Dmitry and Laruence)
  . Added closure $this support back. (Stas)
  . Added array dereferencing support. (Felipe)
  . Added callable typehint. (Hannes)
  . Added indirect method call through array. FR #47160. (Felipe)
  . Added DTrace support. (David Soria Parra)
  . Added class member access on instantiation (e.g. (new foo)->bar()) support.
    (Felipe)
  . <?= is now always available regardless of the short_open_tag setting. (Rasmus)
  . Implemented Zend Signal Handling (configurable option --enable-zend-signals,
    off by default). (Lucas Nealan, Arnaud Le Blanc, Brian Shire, Ilia)
  . Improved output layer, see README.NEW-OUTPUT-API for internals. (Mike)
  . Improved UNIX build system to allow building multiple PHP binary SAPIs and
    one SAPI module the same time. FR #53271, FR #52419. (Jani)
  . Implemented closure rebinding as parameter to bindTo. (Gustavo Lopes)
  . Improved the warning message of incompatible arguments. (Laruence)
  . Improved ternary operator performance when returning arrays. (Arnaud, Dmitry)
  . Changed error handlers to only generate docref links when the docref_root
    php.ini setting is not empty. (Derick)
  . Changed silent conversion of array to string to produce a notice. (Patrick)
  . Changed default encoding from ISO-8859-1 to UTF-8 when not specified in
    htmlspecialchars and htmlentities. (Rasmus)
  . Changed casting of null/''/false into an Object when adding a property
    from E_STRICT into a warning. (Scott)
  . Changed E_ALL to include E_STRICT. (Stas)
  . Disabled Windows CRT warning by default, can be enabled again using the
    php.ini directive windows_show_crt_warnings. (Pierre)
  . Fixed bug #55378: Binary number literal returns float number though its
    value is small enough. (Derick)

- Improved Zend Engine memory usage: (Dmitry)
  . Improved parse error messages. (Felipe)
  . Replaced zend_function.pass_rest_by_reference by
    ZEND_ACC_PASS_REST_BY_REFERENCE in zend_function.fn_flags.
  . Replaced zend_function.return_reference by ZEND_ACC_RETURN_REFERENCE
    in zend_function.fn_flags.
  . Removed zend_arg_info.required_num_args as it was only needed for internal
    functions. Now the first arg_info for internal functions (which has special
    meaning) is represented by the zend_internal_function_info structure.
  . Moved zend_op_array.size, size_var, size_literal, current_brk_cont,
    backpatch_count into CG(context) as they are used only during compilation.
  . Moved zend_op_array.start_op into EG(start_op) as it's used only for
    'interactive' execution of a single top-level op-array.
  . Replaced zend_op_array.done_pass_two by ZEND_ACC_DONE_PASS_TWO in
    zend_op_array.fn_flags.
  . op_array.vars array is trimmed (reallocated) during pass_two.
  . Replaced zend_class_entry.constants_updated by ZEND_ACC_CONSTANTS_UPDATED
    in zend_class_entry.ce_flags.
  . Reduced the size of zend_class_entry by sharing the same memory space
    by different information for internal and user classes.
    See zend_class_entry.info union.
  . Reduced size of temp_variable.

- Improved Zend Engine - performance tweaks and optimizations: (Dmitry)
  . Inlined most probable code-paths for arithmetic operations directly into
    executor.
  . Eliminated unnecessary iterations during request startup/shutdown.
  . Changed $GLOBALS into a JIT autoglobal, so it's initialized only if used.
    (this may affect opcode caches!)
  . Improved performance of @ (silence) operator.
  . Simplified string offset reading. Given $str="abc" then $str[1][0] is now
    a legal construct.
  . Added caches to eliminate repeatable run-time bindings of functions,
    classes, constants, methods and properties.
  . Added concept of interned strings. All strings constants known at compile
    time are allocated in a single copy and never changed.
  . ZEND_RECV now always has IS_CV as its result.
  . ZEND_CATCH now has to be used only with constant class names.
  . ZEND_FETCH_DIM_? may fetch array and dimension operands in different order.
  . Simplified ZEND_FETCH_*_R operations. They can't be used with the
    EXT_TYPE_UNUSED flag any more. This is a very rare and useless case.
    ZEND_FREE might be required after them instead.
  . Split ZEND_RETURN into two new instructions ZEND_RETURN and
    ZEND_RETURN_BY_REF.
  . Optimized access to global constants using values with pre-calculated
    hash_values from the literals table.
  . Optimized access to static properties using executor specialization.
    A constant class name may be used as a direct operand of ZEND_FETCH_*
    instruction without previous ZEND_FETCH_CLASS.
  . zend_stack and zend_ptr_stack allocation is delayed until actual usage.

- Other improvements to Zend Engine:
  . Added an optimization which saves memory and emalloc/efree calls for empty
    HashTables. (Stas, Dmitry)
  . Added ability to reset user opcode handlers (Yoram).
  . Changed the structure of op_array.opcodes. The constant values are moved from
    opcode operands into a separate literal table. (Dmitry)
  . Fixed (disabled) inline-caching for ZEND_OVERLOADED_FUNCTION methods.
    (Dmitry)

- Improved core functions:
  . Enforce an extended class' __construct arguments to match the
    abstract constructor in the base class.
  . Disallow reusing superglobal names as parameter names.
  . Added optional argument to debug_backtrace() and debug_print_backtrace()
    to limit the amount of stack frames returned. (Sebastian, Patrick)
  . Added hex2bin() function. (Scott)
  . number_format() no longer truncates multibyte decimal points and thousand
    separators to the first byte. FR #53457. (Adam)
  . Added support for object references in recursive serialize() calls.
    FR #36424. (Mike)
  . Added support for SORT_NATURAL and SORT_FLAG_CASE in array
    sort functions (sort, rsort, ksort, krsort, asort, arsort and
    array_multisort). FR#55158 (Arpad)
  . Added stream metadata API support and stream_metadata() stream class
    handler. (Stas)
  . User wrappers can now define a stream_truncate() method that responds
    to truncation, e.g. through ftruncate(). FR #53888. (Gustavo)
  . Improved unserialize() performance.
    (galaxy dot mipt at gmail dot com, Kalle)
  . Changed array_combine() to return empty array instead of FALSE when both
    parameter arrays are empty. FR #34857. (joel.perras@gmail.com)
  . Fixed bug #61095 (Incorect lexing of 0x00*+<NUM>). (Etienne)
  . Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with
    $double=false). (Gustavo)
  . Fixed bug #60895 (Possible invalid handler usage in windows random
    functions). (Pierre)
  . Fixed bug #60879 (unserialize() Does not invoke __wakeup() on object).
    (Pierre, Steve)
  . Fixed bug #60825 (Segfault when running symfony 2 tests).
    (Dmitry, Laruence)
  . Fixed bug #60627 (httpd.worker segfault on startup with php_value).
  . Fixed bug #60613 (Segmentation fault with $cls->{expr}() syntax). (Dmitry)
  . Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax). (Laruence)
    (Laruence)
  . Fixed bug #60558 (Invalid read and writes). (Laruence)
  . Fixed bug #60444 (Segmentation fault with include & class extending).
    (Laruence, Dmitry).
  . Fixed bug #60362 (non-existent sub-sub keys should not have values).
    (Laruence, alan_k, Stas)
  . Fixed bug #60350 (No string escape code for ESC (ascii 27), normally \e).
    (php at mickweiss dot com)
  . Fixed bug #60321 (ob_get_status(true) no longer returns an array when
    buffer is empty). (Pierrick)
  . Fixed bug #60282 (Segfault when using ob_gzhandler() with open buffers).
    (Laruence)
  . Fixed bug #60240 (invalid read/writes when unserializing specially crafted
    strings). (Mike)
  . Fixed bug #60227 (header() cannot detect the multi-line header with
     CR(0x0D)). (rui)
  . Fixed bug #60174 (Notice when array in method prototype error).
    (Laruence)
  . Fixed bug #60169 (Conjunction of ternary and list crashes PHP).
    (Laruence)
  . Fixed bug #60038 (SIGALRM cause segfault in php_error_cb). (Laruence)
    (klightspeed at netspace dot net dot au)
  . Fixed bug #55871 (Interruption in substr_replace()). (Stas)
  . Fixed bug #55801 (Behavior of unserialize has changed). (Mike)
  . Fixed bug #55758 (Digest Authenticate missed in 5.4) . (Laruence)
  . Fixed bug #55748 (multiple NULL Pointer Dereference with zend_strndup())
    (CVE-2011-4153). (Stas)
  . Fixed bug #55124 (recursive mkdir fails with current (dot) directory in path).
    (Pierre)
  . Fixed bug #55084 (Function registered by header_register_callback is
    called only once per process). (Hannes)
  . Implement FR #54514 (Get php binary path during script execution).
    (Laruence)
  . Fixed bug #52211 (iconv() returns part of string on error). (Felipe)
  . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry)

- Improved generic SAPI support:
  . Added $_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision.
    (Patrick)
  . Added header_register_callback() which is invoked immediately
    prior to the sending of headers and after default headers have
    been added. (Scott)
  . Added http_response_code() function. FR #52555. (Paul Dragoonis, Kalle)
  . Fixed bug #55500 (Corrupted $_FILES indices lead to security concern).
    (CVE-2012-1172). (Stas)
  . Fixed bug #54374 (Insufficient validating of upload name leading to
    corrupted $_FILES indices). (CVE-2012-1172). (Stas, lekensteyn at gmail dot com)

- Improved CLI SAPI:
  . Added built-in web server that is intended for testing purpose.
    (Moriyoshi, Laruence, and fixes by Pierre, Derick, Arpad,
    chobieee at gmail dot com)
  . Added command line option --rz <name> which shows information of the
    named Zend extension. (Johannes)
  . Interactive readline shell improvements: (Johannes)
    . Added "cli.pager" php.ini setting to set a pager for output.
    . Added "cli.prompt" php.ini setting to configure the shell prompt.
    . Added shortcut #inisetting=value to change php.ini settings at run-time.
    . Changed shell not to terminate on fatal errors.
    . Interactive shell works with shared readline extension. FR #53878.

- Improved CGI/FastCGI SAPI: (Dmitry)
  . Added apache compatible functions: apache_child_terminate(),
    getallheaders(), apache_request_headers() and apache_response_headers()
  . Improved performance of FastCGI request parsing.
  . Fixed reinitialization of SAPI callbacks after php_module_startup().
    (Dmitry)

- Improved PHP-FPM SAPI:
  . Removed EXPERIMENTAL flag. (fat)
  . Fixed bug #60659 (FPM does not clear auth_user on request accept).
    (bonbons at linux-vserver dot org)

- Improved Litespeed SAPI:
  . Fixed bug #55769 (Make Fails with "Missing Separator" error). (Adam)

- Improved Date extension:
  . Added the + modifier to parseFromFormat to allow trailing text in the
    string to parse without throwing an error. (Stas, Derick)

- Improved DBA extension:
  . Added Tokyo Cabinet abstract DB support. (Michael Maclean)
  . Added Berkeley DB 5 support. (Johannes, Chris Jones)

- Improved DOM extension:
  . Added the ability to pass options to loadHTML (Chregu, fxmulder at gmail dot com)

- Improved filesystem functions:
  . scandir() now accepts SCANDIR_SORT_NONE as a possible sorting_order value.
    FR #53407. (Adam)

- Improved HASH extension:
  . Added Jenkins's one-at-a-time hash support. (Martin Jansen)
  . Added FNV-1 hash support. (Michael Maclean)
  . Made Adler32 algorithm faster. FR #53213. (zavasek at yandex dot ru)
  . Removed Salsa10/Salsa20, which are actually stream ciphers (Mike)
  . Fixed bug #60221 (Tiger hash output byte order) (Mike)

- Improved intl extension:
  . Added Spoofchecker class, allows checking for visibly confusable characters and
    other security issues. (Scott)
  . Added Transliterator class, allowing transliteration of strings.
    (Gustavo)
  . Added support for UTS #46. (Gustavo)
  . Fixed build on Fedora 15 / Ubuntu 11. (Hannes)
  . Fixed bug #55562 (grapheme_substr() returns false on big length). (Stas)

- Improved JSON extension:
  . Added new json_encode() option JSON_UNESCAPED_UNICODE. FR #53946.
    (Alexander, Gwynne)
  . Added JsonSerializable interface. (Sara)
  . Added JSON_BIGINT_AS_STRING, extended json_decode() sig with $options.
    (Sara)
  . Added support for JSON_NUMERIC_CHECK option in json_encode() that converts
    numeric strings to integers. (Ilia)
  . Added new json_encode() option JSON_UNESCAPED_SLASHES. FR #49366. (Adam)
  . Added new json_encode() option JSON_PRETTY_PRINT. FR #44331. (Adam)

- Improved LDAP extension:
  . Added paged results support. FR #42060. (ando@OpenLDAP.org,
    iarenuno@eteo.mondragon.edu, jeanseb@au-fil-du.net, remy.saissy@gmail.com)

- Improved mbstring extension:
  . Added Shift_JIS/UTF-8 Emoji (pictograms) support. (Rui)
  . Added JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004)
    support. (Rui)
  . Ill-formed UTF-8 check for security enhancements. (Rui)
  . Added MacJapanese (Shift_JIS) and gb18030 encoding support. (Rui)
  . Added encode/decode in hex format to mb_[en|de]code_numericentity(). (Rui)
  . Added user JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004)
    support. (Rui)
  . Added the user defined area for CP936 and CP950 (Rui).
  . Fixed bug #60306 (Characters lost while converting from cp936 to utf8).
    (Laruence)

- Improved MySQL extensions:
  . MySQL: Deprecated mysql_list_dbs(). FR #50667. (Andrey)
  . mysqlnd: Added named pipes support. FR #48082. (Andrey)
  . MySQLi: Added iterator support in MySQLi. mysqli_result implements
    Traversable. (Andrey, Johannes)
  . PDO_mysql: Removed support for linking with MySQL client libraries older
    than 4.1. (Johannes)
  . ext/mysql, mysqli and pdo_mysql now use mysqlnd by default. (Johannes)
  . Fixed bug #55473 (mysql_pconnect leaks file descriptors on reconnect).
    (Andrey, Laruence)
  . Fixed bug #55653 (PS crash with libmysql when binding same variable as
    param and out). (Laruence)

- Improved OpenSSL extension:
  . Added AES support. FR #48632. (yonas dot y at gmail dot com, Pierre)
  . Added no padding option to openssl_encrypt()/openssl_decrypt(). (Scott)
  . Use php's implementation for Windows Crypto API in
    openssl_random_pseudo_bytes. (Pierre)
  . On error in openssl_random_pseudo_bytes() made sure we set strong result
    to false. (Scott)
  . Fixed possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
    CVE-2011-3389. (Scott)
  . Fixed bug #61124 (Crash when decoding an invalid base64 encoded string).
    (me at ktamura dot com, Scott)

- Improved PDO:
  . Fixed PDO objects binary incompatibility. (Dmitry)

- PDO DBlib driver:
  . Added nextRowset support.
  . Fixed bug #50755 (PDO DBLIB Fails with OOM).

- Improved PostgreSQL extension:
  . Added support for "extra" parameter for PGNotify().
    (r dot i dot k at free dot fr, Ilia)

- Improved PCRE extension:
  . Changed third parameter of preg_match_all() to optional. FR #53238. (Adam)

- Improved Readline extension:
  . Fixed bug #54450 (Enable callback support when built against libedit).
    (fedora at famillecollet dot com, Hannes)

- Improved Reflection extension:
  . Added ReflectionClass::newInstanceWithoutConstructor() to create a new
    instance of a class without invoking its constructor. FR #55490.
    (Sebastian)
  . Added ReflectionExtension::isTemporary() and
    ReflectionExtension::isPersistent() methods. (Johannes)
  . Added ReflectionZendExtension class. (Johannes)
  . Added ReflectionClass::isCloneable(). (Felipe)

- Improved Session extension:
  . Expose session status via new function, session_status (FR #52982) (Arpad)
  . Added support for object-oriented session handlers. (Arpad)
  . Added support for storing upload progress feedback in session data. (Arnaud)
  . Changed session.entropy_file to default to /dev/urandom or /dev/arandom if
    either is present at compile time. (Rasmus)
  . Fixed bug #60860 (session.save_handler=user without defined function core
    dumps). (Felipe)
  . Implement FR #60551 (session_set_save_handler should support a core's
    session handler interface). (Arpad)
  . Fixed bug #60640 (invalid return values). (Arpad)

- Improved SNMP extension (Boris Lytochkin):
  . Added OO API. FR #53594 (php-snmp rewrite).
  . Sanitized return values of existing functions. Now it returns FALSE on
    failure.
  . Allow ~infinite OIDs in GET/GETNEXT/SET queries. Autochunk them to max_oids
    upon request.
  . Introducing unit tests for extension with ~full coverage.
  . IPv6 support. (FR #42918)
  . Way of representing OID value can now be changed when SNMP_VALUE_OBJECT
    is used for value output mode. Use or'ed SNMP_VALUE_LIBRARY(default if
    not specified) or SNMP_VALUE_PLAIN. (FR #54502)
  . Fixed bug #60749 (SNMP module should not strip non-standard SNMP port
    from hostname). (Boris Lytochkin)
  . Fixed bug #60585 (php build fails with USE flag snmp when IPv6 support
    is disabled). (Boris Lytochkin)
  . Fixed bug #53862 (snmp_set_oid_output_format does not allow returning to default)
  . Fixed bug #46065 (snmp_set_quick_print() persists between requests)
  . Fixed bug #45893 (Snmp buffer limited to 2048 char)
  . Fixed bug #44193 (snmp v3 noAuthNoPriv doesn't work)

- Improved SOAP extension:
  . Added new SoapClient option "keep_alive". FR #60329. (Pierrick)
  . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry)

- Improved SPL extension:
  . Added RegexIterator::getRegex() method. (Joshua Thijssen)
  . Added SplObjectStorage::getHash() hook. (Etienne)
  . Added CallbackFilterIterator and RecursiveCallbackFilterIterator. (Arnaud)
  . Added missing class_uses(..) as pointed out by #55266 (Stefan)
  . Immediately reject wrong usages of directories under Spl(Temp)FileObject
    and friends. (Etienne, Pierre)
  . FilesystemIterator, GlobIterator and (Recursive)DirectoryIterator now use
    the default stream context. (Hannes)
  . Fixed bug #60201 (SplFileObject::setCsvControl does not expose third
    argument via Reflection). (Peter)
  . Fixed bug #55287 (spl_classes() not includes CallbackFilter classes)
    (sasezaki at gmail dot com, salathe)

- Improved Sysvshm extension:
  . Fixed bug #55750 (memory copy issue in sysvshm extension).
    (Ilia, jeffhuang9999 at gmail dot com)

- Improved Tidy extension:
  . Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference).
    (Maksymilian Arciemowicz, Felipe)

- Improved Tokenizer extension:
  . Fixed bug #54089 (token_get_all with regards to __halt_compiler is
    not binary safe). (Nikita Popov)

- Improved XSL extension:
  . Added XsltProcessor::setSecurityPrefs($options) and getSecurityPrefs() to
    define forbidden operations within XSLT stylesheets, default is not to
    enable write operations from XSLT. Bug #54446 (Chregu, Nicolas Gregoire)
  . XSL doesn't stop transformation anymore, if a PHP function can't be called
    (Christian)

- Improved ZLIB extension:
  . Re-implemented non-file related functionality. (Mike)
  . Fixed bug #55544 (ob_gzhandler always conflicts with zlib.output_compression).
    (Mike)

14 Jun 2012, PHP 5.3.14

- CLI SAPI:
  . Fixed bug #61546 (functions related to current script failed when chdir()
    in cli sapi). (Laruence, reeze.xia@gmail.com)

- CURL:
  . Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction).
    (Laruence)

- COM:
  . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes)

- Core:
  . Fixed CVE-2012-2143. (Solar Designer)
  . Fixed missing bound check in iptcparse(). (chris at chiappa.net)
  . Fixed bug #62373 (serialize() generates wrong reference to the object).
    (Moriyoshi)
  . Fixed bug #62005 (unexpected behavior when incrementally assigning to a
    member of a null object). (Laruence)
  . Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy)
  . Fixed bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64). (Gustavo)
  . Fixed bug #61730 (Segfault from array_walk modifying an array passed by
    reference). (Laruence)
  . Fixed bug #61713 (Logic error in charset detection for htmlentities).
    (Anatoliy)
  . Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename
    set to null). (Anatoliy)
  . Changed php://fd to be available only for CLI.

- Fileinfo:
  . Fixed bug #61812 (Uninitialised value used in libmagic).
    (Laruence, Gustavo)

- Iconv extension:
  . Fixed a bug that iconv extension fails to link to the correct library
    when another extension makes use of a library that links to the iconv
    library. See https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail.
    (Moriyoshi)

- Intl:
  . Fixed bug #62082 (Memory corruption in internal function
    get_icu_disp_value_src_php()). (Gustavo)

- JSON
  . Fixed bug #61537 (json_encode() incorrectly truncates/discards
    information). (Adam)

- PDO:
  . Fixed bug #61755 (A parsing bug in the prepared statements can lead to
    access violations). (Johannes)

- Phar:
  . Fix bug #61065 (Secunia SA44335). (Rasmus)

- Streams:
  . Fixed bug #61961 (file_get_contents leaks when access empty file with
    maxlen set). (Reeze)

08 May 2012, PHP 5.3.13
- CGI
  . Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311.
    (Stas)

03 May 2012, PHP 5.3.12
- Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Rasmus)

26 Apr 2012, PHP 5.3.11

- Core:
  . Fixed bug #61605 (header_remove() does not remove all headers).
    (Laruence)
  . Fixed bug #61541 (Segfault when using ob_* in output_callback).
    (reeze.xia@gmail.com)
  . Fixed bug #61273 (call_user_func_array with more than 16333 arguments
    leaks / crashes). (Laruence)
  . Fixed bug #61165 (Segfault - strip_tags()). (Laruence)
  . Improved max_input_vars directive to check nested variables (Dmitry).
  . Fixed bug #61095 (Incorect lexing of 0x00*+<NUM>). (Etienne)
  . Fixed bug #61087 (Memory leak in parse_ini_file when specifying
    invalid scanner mode). (Nikic, Laruence)
  . Fixed bug #61072 (Memory leak when restoring an exception handler).
    (Nikic, Laruence)
  . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX).
    (Laruence)
  . Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).
    (Ondřej Surý)
  . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
    vars). (Laruence)
  . Fixed bug #60895 (Possible invalid handler usage in windows random
    functions). (Pierre)
  . Fixed bug #60825 (Segfault when running symfony 2 tests).
    (Dmitry, Laruence)
  . Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam)
  . Fixed bug #60569 (Nullbyte truncates Exception $message). (Ilia)
  . Fixed bug #60227 (header() cannot detect the multi-line header with CR).
    (rui, Gustavo)
  . Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia)
  . Fixed bug #54374 (Insufficient validating of upload name leading to
    corrupted $_FILES indices). (CVE-2012-1172). (Stas, lekensteyn at
    gmail dot com, Pierre)
  . Fixed bug #52719 (array_walk_recursive crashes if third param of the
    function is by reference). (Nikita Popov)
  . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry)

- DOM
  . Added debug info handler to DOM objects. (Gustavo, Joey Smith)

- FPM
  . Fixed bug #61430 (Transposed memset() params in sapi/fpm/fpm/fpm_shm.c).
    (michaelhood at gmail dot com, Ilia)

- Ibase
  . Fixed bug #60947 (Segmentation fault while executing ibase_db_info).
    (Ilia)

- Installation
  . Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones)

- Fileinfo
  . Fixed bug #61173 (Unable to detect error from finfo constructor). (Gustavo)

- Firebird Database extension (ibase):
  . Fixed bug #60802 (ibase_trans() gives segfault when passing params).

- Libxml:
  . Fixed bug #61617 (Libxml tests failed(ht is already destroyed)).
    (Laruence)
  . Fixed bug #61367 (open_basedir bypass using libxml RSHUTDOWN).
    (Tim Starling)

- mysqli
  . Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes).

- PDO_mysql
  . Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't
    always work). (Johannes)
  . Fixed bug #61194 (PDO should export compression flag with myslqnd).
    (Johannes)

- PDO_odbc
  . Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO). (Ilia)

- PDO_pgsql
  . Fixed bug #61267 (pdo_pgsql's PDO::exec() returns the number of SELECTed
    rows on postgresql >= 9). (ben dot pineau at gmail dot com)

- PDO_Sqlite extension:
  . Add createCollation support. (Damien)

- Phar:
  . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL
    bytes). (Nikic)

- PHP-FPM SAPI:
  . Fixed bug #60811 (php-fpm compilation problem). (rasmus)

- Readline:
  . Fixed bug #61088 (Memory leak in readline_callback_handler_install).
    (Nikic, Laruence)
  . Add open_basedir checks to readline_write_history and readline_read_history.
    (Rasmus, reported by Mateusz Goik)

- Reflection:
  . Fixed bug #61388 (ReflectionObject:getProperties() issues invalid reads
    when get_properties returns a hash table with (inaccessible) dynamic
    numeric properties). (Gustavo)
  . Fixed bug #60968 (Late static binding doesn't work with
    ReflectionMethod::invokeArgs()). (Laruence)

- SOAP
  . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry)
  . Fixed bug #60887 (SoapClient ignores user_agent option and sends no
    User-Agent header). (carloschilazo at gmail dot com)
  . Fixed bug #60842, #51775 (Chunked response parsing error when
    chunksize length line is > 10 bytes). (Ilia)
  . Fixed bug #49853 (Soap Client stream context header option ignored).
    (Dmitry)

- SPL
  . Fixed memory leak when calling SplFileInfo's constructor twice. (Felipe)
  . Fixed bug #61418 (Segmentation fault when DirectoryIterator's or
    FilesystemIterator's iterators are requested more than once without
    having had its dtor callback called in between). (Gustavo)
  . Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence)
  . Fixed bug #61326 (ArrayObject comparison). (Gustavo)

- SQLite3 extension:
  . Add createCollation() method. (Brad Dewar)

- Session:
  . Fixed bug #60860 (session.save_handler=user without defined function core
    dumps). (Felipe)
  . Fixed bug #60634 (Segmentation fault when trying to die() in
    SessionHandler::write()). (Ilia)

- Streams:
  . Fixed bug #61371 (stream_context_create() causes memory leaks on use
    streams_socket_create). (Gustavo)
  . Fixed bug #61253 (Wrappers opened with errors concurrency problem on ZTS).
    (Gustavo)
  . Fixed bug #61115 (stream related segfault on fatal error in
    php_stream_context_link). (Gustavo)
  . Fixed bug #60817 (stream_get_line() reads from stream even when there is
    already sufficient data buffered). stream_get_line() now behaves more like
    fgets(), as is documented. (Gustavo)
  . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not
    detected together with the last read). (Gustavo)
  . Fixed bug #60106 (stream_socket_server silently truncates long unix
    socket paths). (Ilia)

- Tidy:
  . Fixed bug #54682 (tidy null pointer dereference). (Tony, David Soria Parra)

- XMLRPC:
  . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary
    variable). (Nikita Popov)
  . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikic)

- Zlib:
  . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikic)

02 Feb 2012, PHP 5.3.10

- Core:
  . Fixed arbitrary remote code execution vulnerability reported by Stefan
    Esser, CVE-2012-0830. (Stas, Dmitry)

10 Jan 2012, PHP 5.3.9

- Core:
  . Added max_input_vars directive to prevent attacks based on hash collisions
    (CVE-2011-4885) (Dmitry).
  . Fixed bug #60205 (possible integer overflow in content_length). (Laruence)
  . Fixed bug #60139 (Anonymous functions create cycles not detected by the
    GC). (Dmitry)
  . Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator)
    (Dmitry).
  . Fixed bug #60120 (proc_open's streams may hang with stdin/out/err when
    the data exceeds or is equal to 2048 bytes). (Pierre, Pascal Borreli)
  . Fixed bug #60099 (__halt_compiler() works in braced namespaces). (Felipe)
  . Fixed bug #60019 (Function time_nanosleep() is undefined on OS X). (Ilia)
  . Fixed bug #55874 (GCC does not provide __sync_fetch_and_add on some archs).
    (klightspeed at netspace dot net dot au)
  . Fixed bug #55798 (serialize followed by unserialize with numeric object
    prop. gives integer prop). (Gustavo)
  . Fixed bug #55749 (TOCTOU issue in getenv() on Windows builds). (Pierre)
  . Fixed bug #55707 (undefined reference to `__sync_fetch_and_add_4' on Linux
    parisc). (Felipe)
  . Fixed bug #55674 (fgetcsv & str_getcsv skip empty fields in some
    tab-separated records). (Laruence)
  . Fixed bug #55649 (Undefined function Bug()). (Laruence)
  . Fixed bug #55622 (memory corruption in parse_ini_string). (Pierre)
  . Fixed bug #55576 (Cannot conditionally move uploaded file without race
    condition). (Gustavo)
  . Fixed bug #55510: $_FILES 'name' missing first character after upload.
    (Arpad)
  . Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence)
  . Fixed bug #55504 (Content-Type header is not parsed correctly on
    HTTP POST request). (Hannes)
  . Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to
    is_a and is_subclass_of). (alan_k)
  . Fixed bug #52461 (Incomplete doctype and missing xmlns).
    (virsacer at web dot de, Pierre)
  . Fixed bug #55366 (keys lost when using substr_replace an array). (Arpad)
  . Fixed bug #55273 (base64_decode() with strict rejects whitespace after
    pad). (Ilia)
  . Fixed bug #52624 (tempnam() by-pass open_basedir with nonnexistent
    directory). (Felipe)
  . Fixed bug #50982 (incorrect assumption of PAGE_SIZE size). (Dmitry)
  . Fixed invalid free in call_user_method() function. (Felipe)
  . Fixed bug #43200 (Interface implementation / inheritence not possible in
    abstract classes). (Felipe)


- BCmath:
  . Fixed bug #60377 (bcscale related crashes on 64bits platforms). (shm)

- Calendar:
  . Fixed bug #55797 (Integer overflow in SdnToGregorian leads to segfault (in
    optimized builds). (Gustavo)

- cURL:
  . Fixed bug #60439 (curl_copy_handle segfault when used with
    CURLOPT_PROGRESSFUNCTION). (Pierrick)
  . Fixed bug #54798 (Segfault when CURLOPT_STDERR file pointer is closed
    before calling curl_exec). (Hannes)
  . Fixed issues were curl_copy_handle() would sometimes lose copied
    preferences. (Hannes)

- DateTime:
  . Fixed bug #60373 (Startup errors with log_errors on cause segfault).
    (Derick)
  . Fixed bug #60236 (TLA timezone dates are not converted properly from
    timestamp). (Derick)
  . Fixed bug #55253 (DateTime::add() and sub() result -1 hour on objects with
    time zone type 2). (Derick)
  . Fixed bug #54851 (DateTime::createFromFormat() doesn't interpret "D").
    (Derick)
  . Fixed bug #53502 (strtotime with timezone memory leak). (Derick)
  . Fixed bug #52062 (large timestamps with DateTime::getTimestamp and
    DateTime::setTimestamp). (Derick)
  . Fixed bug #51994 (date_parse_from_format is parsing invalid date using 'yz'
    format). (Derick)
  . Fixed bug #52113 (Seg fault while creating (by unserialization)
    DatePeriod). (Derick)
  . Fixed bug #48476 (cloning extended DateTime class without calling
    parent::__constr crashed PHP). (Hannes)

- EXIF:
  . Fixed bug #60150 (Integer overflow during the parsing of invalid exif
    header). (CVE-2011-4566) (Stas, flolechaud at gmail dot com)

- Fileinfo:
  . Fixed bug #60094 (C++ comment fails in c89). (Laruence)
  . Fixed possible memory leak in finfo_open(). (Felipe)
  . Fixed memory leak when calling the Finfo constructor twice. (Felipe)

- Filter:
  . Fixed Bug #55478 (FILTER_VALIDATE_EMAIL fails with internationalized
    domain name addresses containing >1 -). (Ilia)

- FTP:
  . Fixed bug #60183 (out of sync ftp responses). (bram at ebskamp dot me,
    rasmus)

- Gd:
  . Fixed bug #60160 (imagefill() doesn't work correctly
    for small images). (Florian)
  . Fixed potential memory leak on a png error (Rasmus, Paul Saab)

- Intl:
  . Fixed bug #60192 (SegFault when Collator not constructed
    properly). (Florian)
  . Fixed memory leak in several Intl locale functions. (Felipe)

- Json:
  . Fixed bug #55543 (json_encode() with JSON_NUMERIC_CHECK fails on objects
    with numeric string properties). (Ilia, dchurch at sciencelogic dot com)

- Mbstring:
  . Fixed possible crash in mb_ereg_search_init() using empty pattern. (Felipe)

- MS SQL:
  . Fixed bug #60267 (Compile failure with freetds 0.91). (Felipe)

- MySQL:
  . Fixed bug #55550 (mysql.trace_mode miscounts result sets). (Johannes)

- MySQLi extension:
  . Fixed bug #55859 (mysqli->stat property access gives error). (Andrey)
  . Fixed bug #55582 (mysqli_num_rows() returns always 0 for unbuffered, when
    mysqlnd is used). (Andrey)
  . Fixed bug #55703 (PHP crash when calling mysqli_fetch_fields).
    (eran at zend dot com, Laruence)

- mysqlnd
  . Fixed bug #55609 (mysqlnd cannot be built shared). (Johannes)
  . Fixed bug #55067 (MySQL doesn't support compression - wrong config option).
    (Andrey)

- NSAPI SAPI:
  . Don't set $_SERVER['HTTPS'] on unsecure connection (bug #55403). (Uwe
    Schindler)

- OpenSSL:
  . Fixed bug #60279 (Fixed NULL pointer dereference in
    stream_socket_enable_crypto, case when ssl_handle of session_stream is not
    initialized.) (shm)
  . Fix segfault with older versions of OpenSSL. (Scott)

- Oracle Database extension (OCI8):
  . Fixed bug #59985 (show normal warning text for OCI_NO_DATA).
    (Chris Jones)
  . Increased maximum Oracle error message buffer length for new 11.2.0.3 size.
    (Chris Jones)
  . Improve internal initalization failure error messages. (Chris Jones)

- PDO
  . Fixed bug #55776 (PDORow to session bug). (Johannes)

- PDO Firebird:
  . Fixed bug #48877 ("bindValue" and "bindParam" do not work for PDO Firebird).
    (Mariuz)
  . Fixed bug #47415 (PDO_Firebird segfaults when passing lowercased column name to bindColumn).
  . Fixed bug #53280 (PDO_Firebird segfaults if query column count less than param count).
    (Mariuz)

- PDO MySQL driver:
  . Fixed bug #60155 (pdo_mysql.default_socket ignored). (Johannes)
  . Fixed bug #55870 (PDO ignores all SSL parameters when used with mysql
    native driver). (Pierre)
  . Fixed bug #54158 (MYSQLND+PDO MySQL requires #define
    MYSQL_OPT_LOCAL_INFILE). (Andrey)

- PDO OCI driver:
  . Fixed bug #55768 (PDO_OCI can't resume Oracle session after it's been
    killed). (mikhail dot v dot gavrilov at gmail dot com, Chris Jones, Tony)

- Phar:
  . Fixed bug #60261 (NULL pointer dereference in phar). (Felipe)
  . Fixed bug #60164 (Stubs of a specific length break phar_open_from_fp
    scanning for __HALT_COMPILER). (Ralph Schindler)
  . Fixed bug #53872 (internal corruption of phar). (Hannes)
  . Fixed bug #52013 (Unable to decompress files in a compressed phar). (Hannes)

- PHP-FPM SAPI:
  . Dropped restriction of not setting the same value multiple times, the last
    one holds. (giovanni at giacobbi dot net, fat)
  . Added .phar to default authorized extensions. (fat)
  . Fixed bug #60659 (FPM does not clear auth_user on request accept).
    (bonbons at linux-vserver dot org)
  . Fixed bug #60629 (memory corruption when web server closed the fcgi fd).
    (fat)
  . Enhance error log when the primary script can't be open. FR #60199. (fat)
  . Fixed bug #60179 (php_flag and php_value does not work properly). (fat)
  . Fixed bug #55577 (status.html does not install). (fat)
  . Fixed bug #55533 (The -d parameter doesn't work). (fat)
  . Fixed bug #55526 (Heartbeat causes a lot of unnecessary events). (fat)
  . Fixed bug #55486 (status show BIG processes number). (fat)
  . Enhanced security by limiting access to user defined extensions.
    FR #55181. (fat)
  . Added process.max to control the number of process FPM can fork. FR #55166.
    (fat)
  . Implemented FR #54577 (Enhanced status page with full status and details
    about each processes. Also provide a web page (status.html) for
    real-time FPM status. (fat)
  . Lowered default value for Process Manager. FR #54098. (fat)
  . Implemented FR #52569 (Add the "ondemand" process-manager
    to allow zero children). (fat)
  . Added partial syslog support (on error_log only). FR #52052. (fat)

- Postgres:
  . Fixed bug #60244 (pg_fetch_* functions do not validate that row param
    is >0). (Ilia)
  . Added PGSQL_LIBPQ_VERSION/PGSQL_LIBPQ_VERSION_STR constants. (Yasuo)

- Reflection:
  . Fixed bug #60367 (Reflection and Late Static Binding). (Laruence)

- Session:
  . Fixed bug #55267 (session_regenerate_id fails after header sent). (Hannes)

- SimpleXML:
  . Reverted the SimpleXML->query() behaviour to returning empty arrays
    instead of false when no nodes are found as it was since 5.3.3
    (bug #48601). (chregu, rrichards)

- SOAP
  . Fixed bug #54911 (Access to a undefined member in inherit SoapClient may
    cause Segmentation Fault). (Dmitry)
  . Fixed bug #48216 (PHP Fatal error: SOAP-ERROR: Parsing WSDL:
    Extra content at the end of the doc, when server uses chunked transfer
    encoding with spaces after chunk size). (Dmitry)
  . Fixed bug #44686 (SOAP-ERROR: Parsing WSDL with references). (Dmitry)

- Sockets:
  . Fixed bug #60048 (sa_len a #define on IRIX). (china at thewrittenword dot
    com)

- SPL:
  . Fixed bug #60082 (Crash in ArrayObject() when using recursive references).
    (Tony)
  . Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY).
    (jgotti at modedemploi dot fr, Hannes)
  . Fixed bug #54304 (RegexIterator::accept() doesn't work with scalar values).
    (Hannes)

- Streams:
  . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together
    with the last read). (Gustavo)

- Tidy:
  . Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference).
    (Maksymilian Arciemowicz, Felipe)

- XSL:
  . Added xsl.security_prefs ini option to define forbidden operations within
    XSLT stylesheets, default is not to enable write operations. This option
    won't be in 5.4, since there's a new method. Fixes Bug #54446. (Chregu,
    Nicolas Gregoire)

23 Aug 2011, PHP 5.3.8

- Core:
  . Fixed bug #55439 (crypt() returns only the salt for MD5). (Stas)

- OpenSSL:
  . Reverted a change in timeout handling restoring PHP 5.3.6 behavior,
    as the new behavior caused mysqlnd SSL connections to hang (#55283).
    (Pierre, Andrey, Johannes)

18 Aug 2011, PHP 5.3.7
- Upgraded bundled SQLite to version 3.7.7.1. (Scott)
- Upgraded bundled PCRE to version 8.12. (Scott)

- Zend Engine:
  . Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even
    though the class has none). (Felipe)
  . Fixed bug #55007 (compiler fail after previous fail). (Felipe)
  . Fixed bug #54910 (Crash when calling call_user_func with unknown function
    name). (Dmitry)
  . Fixed bug #54804 (__halt_compiler and imported namespaces).
    (Pierrick, Felipe)
  . Fixed bug #54624 (class_alias and type hint). (Felipe)
  . Fixed bug #54585 (track_errors causes segfault). (Dmitry)
  . Fixed bug #54423 (classes from dl()'ed extensions are not destroyed).
    (Tony, Dmitry)
  . Fixed bug #54372 (Crash accessing global object itself returned from its
    __get() handle). (Dmitry)
  . Fixed bug #54367 (Use of closure causes problem in ArrayAccess). (Dmitry)
  . Fixed bug #54358 (Closure, use and reference). (Dmitry)
  . Fixed bug #54262 (Crash when assigning value to a dimension in a non-array).
    (Dmitry)
  . Fixed bug #54039 (use() of static variables in lambda functions can break
    staticness). (Dmitry)

- Core
  . Updated crypt_blowfish to 1.2. ((CVE-2011-2483) (Solar Designer)
  . Removed warning when argument of is_a() or is_subclass_of() is not
    a known class. (Stas)
  . Fixed crash in error_log(). (Felipe) Reported by Mateusz Kocielski.
  . Added PHP_MANDIR constant telling where the manpages were installed into,
    and an --man-dir argument to php-config. (Hannes)
  . Fixed a crash inside dtor for error handling. (Ilia)
  . Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas)
  . Implemented FR #54459 (Range function accuracy). (Adam)

  . Fixed bug #55399 (parse_url() incorrectly treats ':' as a valid path).
    (Ilia)
  . Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off).
    (Dmitry)
  . Fixed bug #55295 [NEW]: popen_ex on windows, fixed possible heap overflow
    (Pierre)
  . Fixed bug #55258 (Windows Version Detecting Error).
    ( xiaomao5 at live dot com, Pierre)
  . Fixed bug #55187 (readlink returns weird characters when false result).
   (Pierre)
  . Fixed bug #55082 (var_export() doesn't escape properties properly).
    (Gustavo)
  . Fixed bug #55014 (Compile failure due to improper use of ctime_r()). (Ilia)
  . Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload
    filename). (Felipe) Reported by Krzysztof Kotowicz. (CVE-2011-2202)
  . Fixed bug #54935 php_win_err can lead to crash. (Pierre)
  . Fixed bug #54924 (assert.* is not being reset upon request shutdown). (Ilia)
  . Fixed bug #54895 (Fix compiling with older gcc version without need for
    membar_producer macro). (mhei at heimpold dot de)
  . Fixed bug #54866 (incorrect accounting for realpath_cache_size).
    (Dustin Ward)
  . Fixed bug #54723 (getimagesize() doesn't check the full ico signature).
    (Scott)
  . Fixed bug #54721 (Different Hashes on Windows, BSD and Linux on wrong Salt
    size). (Pierre, os at irj dot ru)
  . Fixed bug #54580 (get_browser() segmentation fault when browscap ini
    directive is set through php_admin_value). (Gustavo)
  . Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption). (Dmitry)
  . Fixed bug #54305 (Crash in gc_remove_zval_from_buffer). (Dmitry)
  . Fixed bug #54238 (use-after-free in substr_replace()). (Stas)
    (CVE-2011-1148)
  . Fixed bug #54204 (Can't set a value with a PATH section in php.ini).
    (Pierre)
  . Fixed bug #54180 (parse_url() incorrectly parses path when ? in fragment).
    (tomas dot brastavicius at quantum dot lt, Pierrick)
  . Fixed bug #54137 (file_get_contents POST request sends additional line
    break). (maurice-php at mertinkat dot net, Ilia)
  . Fixed bug #53848 (fgetcsv() ignores spaces at beginnings of fields). (Ilia)
  . Alternative fix for bug #52550, as applied to the round() function (signed
    overflow), as the old fix impacted the algorithm for numbers with magnitude
    smaller than 0. (Gustavo)
  . Fixed bug #53727 (Inconsistent behavior of is_subclass_of with interfaces)
    (Ralph Schindler, Dmitry)
  . Fixed bug #52935 (call exit in user_error_handler cause stream relate
    core). (Gustavo)
  . Fixed bug #51997 (SEEK_CUR with 0 value, returns a warning). (Ilia)
  . Fixed bug #50816 (Using class constants in array definition fails).
    (Pierrick, Dmitry)
  . Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode
    filter). (slusarz at curecanti dot org)
  . Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using
    TMPDIR on Windows). (Pierre)

- Apache2 Handler SAPI:
  . Fixed bug #54529 (SAPI crashes on apache_config.c:197).
    (hebergement at riastudio dot fr)

- CLI SAPI:
  . Fixed bug #52496 (Zero exit code on option parsing failure). (Ilia)

- cURL extension:
  . Added ini option curl.cainfo (support for custom cert db). (Pierre)
  . Added CURLINFO_REDIRECT_URL support. (Daniel Stenberg, Pierre)
  . Added support for CURLOPT_MAX_RECV_SPEED_LARGE and
    CURLOPT_MAX_SEND_SPEED_LARGE. FR #51815. (Pierrick)

- DateTime extension:
  . Fixed bug where the DateTime object got changed while using date_diff().
    (Derick)
  . Fixed bug #54340 (DateTime::add() method bug). (Adam)
  . Fixed bug #54316 (DateTime::createFromFormat does not handle trailing '|'
    correctly). (Adam)
  . Fixed bug #54283 (new DatePeriod(NULL) causes crash). (Felipe)
  . Fixed bug #51819 (Case discrepancy in timezone names cause Uncaught
    exception and fatal error). (Hannes)

- DBA extension:
  . Supress warning on non-existent file open with Berkeley DB 5.2. (Chris Jones)
  . Fixed bug #54242 (dba_insert returns true if key already exists). (Felipe)

- Exif extesion:
  . Fixed bug #54121 (error message format string typo). (Ilia)

- Fileinfo extension:
  . Fixed bug #54934 (Unresolved symbol strtoull in HP-UX 11.11). (Felipe)

- Filter extension:
  . Added 3rd parameter to filter_var_array() and filter_input_array()
    functions that allows disabling addition of empty elements. (Ilia)
  . Fixed bug #53037 (FILTER_FLAG_EMPTY_STRING_NULL is not implemented). (Ilia)

- Interbase extension:
  . Fixed bug #54269 (Short exception message buffer causes crash). (Felipe)

- intl extension:
  . Implemented FR #54561 (Expose ICU version info). (David Zuelke, Ilia)
  . Implemented FR #54540 (Allow loading of arbitrary resource bundles when
    fallback is disabled). (David Zuelke, Stas)

- Imap extension:
  . Fixed bug #55313 (Number of retries not set when params specified).
    (kevin at kevinlocke dot name)

- json extension:
  . Fixed bug #54484 (Empty string in json_decode doesn't reset
    json_last_error()). (Ilia)

- LDAP extension:
  . Fixed bug #53339 (Fails to build when compilng with gcc 4.5 and DSO
    libraries). (Clint Byrum, Raphael)

- libxml extension:
  . Fixed bug #54601 (Removing the doctype node segfaults). (Hannes)
  . Fixed bug #54440 (libxml extension ignores default context). (Gustavo)

- mbstring extension:
  . Fixed bug #54494 (mb_substr() mishandles UTF-32LE and UCS-2LE). (Gustavo)

- MCrypt extension:
  . Change E_ERROR to E_WARNING in mcrypt_create_iv when not enough data
    has been fetched (Windows). (Pierre)
  . Fixed bug #55169 (mcrypt_create_iv always fails to gather sufficient random
    data on Windows). (Pierre)

- mysqlnd
  . Fixed crash when using more than 28,000 bound parameters. Workaround is to
    set mysqlnd.net_cmd_buffer_size to at least 9000. (Andrey)
  . Fixed bug #54674 mysqlnd valid_sjis_(head|tail) is using invalid operator
    and range). (nihen at megabbs dot com, Andrey)

- MySQLi extension:
  . Fixed bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi
    persistent connections). (Andrey)
  . Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries).
    (Andrey)

- OpenSSL extension:
  . openssl_encrypt()/openssl_decrypt() truncated keys of variable length
    ciphers to the OpenSSL default for the algorithm. (Scott)
  . On blocking SSL sockets respect the timeout option where possible.
    (Scott)
  . Fixed bug #54992 (Stream not closed and error not returned when SSL
    CN_match fails). (Gustavo, laird_ngrps at dodo dot com dot au)

- Oracle Database extension (OCI8):
  . Added oci_client_version() returning the runtime Oracle client library
    version. (Chris Jones)

. PCRE extension:
  . Increased the backtrack limit from 100000 to 1000000 (Rasmus)

- PDO extension:
  . Fixed bug #54929 (Parse error with single quote in sql comment). (Felipe)
  . Fixed bug #52104 (bindColumn creates Warning regardless of ATTR_ERRMODE
    settings). (Ilia)

- PDO DBlib driver:
  . Fixed bug #54329 (MSSql extension memory leak).
    (dotslashpok at gmail dot com)
  . Fixed bug #54167 (PDO_DBLIB returns null on SQLUNIQUE field).
    (mjh at hodginsmedia dot com, Felipe)

- PDO ODBC driver:
  . Fixed data type usage in 64bit. (leocsilva at gmail dot com)

- PDO MySQL driver:
  . Fixed bug #54644 (wrong pathes in php_pdo_mysql_int.h). (Tony, Johannes)
  . Fixed bug #53782 (foreach throws irrelevant exception). (Johannes, Andrey)
  . Implemented FR #48587 (MySQL PDO driver doesn't support SSL connections).
    (Rob)

- PDO PostgreSQL driver:
  . Fixed bug #54318 (Non-portable grep option used in PDO pgsql
    configuration). (bwalton at artsci dot utoronto dot ca)

- PDO Oracle driver:
  . Fixed bug #44989 (64bit Oracle RPMs still not supported by pdo-oci).
    (jbnance at tresgeek dot net)

- Phar extension:
  . Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters).
    (Felipe)

- PHP-FPM SAPI:
  . Implemented FR #54499 (FPM ping and status_path should handle HEAD request). (fat)
  . Implemented FR #54172 (Overriding the pid file location of php-fpm). (fat)
  . Fixed missing Expires and Cache-Control headers for ping and status pages.
    (fat)
  . Fixed memory leak. (fat) Reported and fixed by Giovanni Giacobbi.
  . Fixed wrong value of log_level when invoking fpm with -tt. (fat)
  . Added xml format to the status page. (fat)
  . Removed timestamp in logs written by children processes. (fat)
  . Fixed exit at FPM startup on fpm_resources_prepare() errors. (fat)
  . Added master rlimit_files and rlimit_core in the global configuration
    settings. (fat)
  . Removed pid in debug logs written by chrildren processes. (fat)
  . Added custom access log (also added per request %CPU and memory
    mesurement). (fat)
  . Added a real scoreboard and several improvements to the status page. (fat)

- Reflection extension:
  . Fixed bug #54347 (reflection_extension does not lowercase module function
    name). (Felipe, laruence at yahoo dot com dot cn)

- SOAP extension:
  . Fixed bug #55323 (SoapClient segmentation fault when XSD_TYPEKIND_EXTENSION
    contains itself). (Dmitry)
  . Fixed bug #54312 (soap_version logic bug). (tom at samplonius dot org)

- Sockets extension:
  . Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
    Found by Mateusz Kocielski, Marek Kroemeke and Filip Palian. (Felipe)
  . Changed socket_set_block() and socket_set_nonblock() so they emit warnings
    on error. (Gustavo)
  . Fixed bug #51958 (socket_accept() fails on IPv6 server sockets). (Gustavo)

- SPL extension:
  . Fixed bug #54971 (Wrong result when using iterator_to_array with use_keys
    on true). (Pierrick)
  . Fixed bug #54970 (SplFixedArray::setSize() isn't resizing). (Felipe)
  . Fixed bug #54609 (Certain implementation(s) of SplFixedArray cause hard
    crash). (Felipe)
  . Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and
    SplTempFileObject crash when user-space classes don't call the paren
    constructor). (Gustavo)
  . Fixed bug #54292 (Wrong parameter causes crash in
    SplFileObject::__construct()). (Felipe)
  . Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting
    with \0). (Gustavo)
  . Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator).
    (Felipe)

- Streams:
  . Fixed bug #54946 (stream_get_contents infinite loop). (Hannes)
  . Fixed bug #54623 (Segfault when writing to a persistent socket after
    closing a copy of the socket). (Gustavo)
  . Fixed bug #54681 (addGlob() crashes on invalid flags). (Felipe)


17 Mar 2011, PHP 5.3.6
- Upgraded bundled Sqlite3 to version 3.7.4. (Ilia)
- Upgraded bundled PCRE to version 8.11. (Ilia)

- Zend Engine:
  . Indirect reference to $this fails to resolve if direct $this is never used
    in method. (Scott)
  . Added options to debug backtrace functions. (Stas)
  . Fixed bug numerous crashes due to setlocale (crash on error, pcre, mysql
    etc.) on Windows in thread safe mode. (Pierre)
  . Fixed Bug #53971 (isset() and empty() produce apparently spurious runtime
    error). (Dmitry)
  . Fixed Bug #53958 (Closures can't 'use' shared variables by value and by
    reference). (Dmitry)
  . Fixed Bug #53629 (memory leak inside highlight_string()). (Hannes, Ilia)
  . Fixed Bug #51458 (Lack of error context with nested exceptions). (Stas)
  . Fixed Bug #47143 (Throwing an exception in a destructor causes a fatal
    error). (Stas)
  . Fixed bug #43512 (same parameter name can be used multiple times in
    method/function definition). (Felipe)

- Core:
  . Added ability to connect to HTTPS sites through proxy with basic
    authentication using stream_context/http/header/Proxy-Authorization (Dmitry)
  . Changed default value of ini directive serialize_precision from 100 to 17.
    (Gustavo)
  . Fixed bug #54055 (buffer overrun with high values for precision ini
    setting). (Gustavo)
  . Fixed bug #53959 (reflection data for fgetcsv out-of-date). (Richard)
  . Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir with a
    trailing forward slash). (lekensteyn at gmail dot com, Pierre)
  . Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos)
  . Fixed bug #48484 (array_product() always returns 0 for an empty array).
    (Ilia)
  . Fixed bug #48607 (fwrite() doesn't check reply from ftp server before
    exiting). (Ilia)


- Calendar extension:
  . Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to
    segfault). (Gustavo)

- DOM extension:
  . Implemented FR #39771 (Made DOMDocument::saveHTML accept an optional DOMNode
    like DOMDocument::saveXML). (Gustavo)

- DateTime extension:
  . Fixed a bug in DateTime->modify() where absolute date/time statements had
    no effect. (Derick)
  . Fixed bug #53729 (DatePeriod fails to initialize recurrences on 64bit
    big-endian systems). (Derick, rein@basefarm.no)
  . Fixed bug #52808 (Segfault when specifying interval as two dates). (Stas)
  . Fixed bug #52738 (Can't use new properties in class extended from
    DateInterval). (Stas)
  . Fixed bug #52290 (setDate, setISODate, setTime works wrong when DateTime
    created from timestamp). (Stas)
  . Fixed bug #52063 (DateTime constructor's second argument doesn't have a
    null default value). (Gustavo, Stas)

- Exif extension:
  . Fixed bug #54002 (crash on crafted tag, reported by Luca Carettoni).
    (Pierre) (CVE-2011-0708)

- Filter extension:
  . Fixed bug #53924 (FILTER_VALIDATE_URL doesn't validate port number).
    (Ilia, Gustavo)
  . Fixed bug #53150 (FILTER_FLAG_NO_RES_RANGE is missing some IP ranges).
    (Ilia)
  . Fixed bug #52209 (INPUT_ENV returns NULL for set variables (CLI)). (Ilia)
  . Fixed bug #47435 (FILTER_FLAG_NO_RES_RANGE don't work with ipv6).
    (Ilia, valli at icsurselva dot ch)

- Fileinfo extension:
  . Fixed bug #54016 (finfo_file() Cannot determine filetype in archives).
    (Hannes)

- Gettext
  . Fixed bug #53837 (_() crashes on Windows when no LANG or LANGUAGE
    environment variable are set). (Pierre)

- IMAP extension:
  . Implemented FR #53812 (get MIME headers of the part of the email). (Stas)
  . Fixed bug #53377 (imap_mime_header_decode() doesn't ignore \t during long
    MIME header unfolding). (Adam)

- Intl extension:
  . Fixed bug #53612 (Segmentation fault when using cloned several intl
    objects). (Gustavo)
  . Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus $attr values).
    (Felipe)
  . Implemented clone functionality for number, date & message formatters.
    (Stas).

- JSON extension:
  . Fixed bug #53963 (Ensure error_code is always set during some failed
    decodings). (Scott)

- mysqlnd
  . Fixed problem with always returning 0 as num_rows for unbuffered sets.
    (Andrey, Ulf)

- MySQL Improved extension:
  . Added 'db' and 'catalog' keys to the field fetching functions (FR #39847).
    (Kalle)
  . Fixed buggy counting of affected rows when using the text protocol. The
    collected statistics were wrong when multi_query was used with mysqlnd
    (Andrey)
  . Fixed bug #53795 (Connect Error from MySqli (mysqlnd) when using SSL).
    (Kalle)
  . Fixed bug #53503 (mysqli::query returns false after successful LOAD DATA
    query). (Kalle, Andrey)
  . Fixed bug #53425 (mysqli_real_connect() ignores client flags when built to
    call libmysql). (Kalle, tre-php-net at crushedhat dot com)
2639

2640 2641 2642 2643 2644 2645 2646 2647 2648 2649
- OpenSSL extension:
  . Fixed stream_socket_enable_crypto() not honoring the socket timeout in
    server mode. (Gustavo)
  . Fixed bug #54060 (Memory leaks when openssl_encrypt). (Pierre)
  . Fixed bug #54061 (Memory leaks when openssl_decrypt). (Pierre)
  . Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode).
    (Gustavo)
  . Implemented FR #53447 (Cannot disable SessionTicket extension for servers
    that do not support it) by adding a no_ticket SSL context option. (Adam,
    Tony)
2650

2651 2652 2653 2654 2655
- PDO MySQL driver:
  . Fixed bug #53551 (PDOStatement execute segfaults for pdo_mysql driver).
    (Johannes)
  . Implemented FR #47802 (Support for setting character sets in DSN strings).
    (Kalle)
2656

2657 2658 2659
- PDO Oracle driver:
  . Fixed bug #39199 (Cannot load Lob data with more than 4000 bytes on
    ORACLE 10). (spatar at mail dot nnov dot ru)
2660

2661 2662 2663
- PDO PostgreSQL driver:
  . Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down).
    (gyp at balabit dot hu)
2664

2665 2666 2667 2668 2669 2670 2671
- Phar extension:
  . Fixed bug #54247 (format-string vulnerability on Phar). (Felipe)
    (CVE-2011-1153)
  . Fixed bug #53541 (format string bug in ext/phar).
    (crrodriguez at opensuse dot org, Ilia)
  . Fixed bug #53898 (PHAR reports invalid error message, when the directory
    does not exist). (Ilia)
2672

2673 2674 2675 2676 2677 2678
- PHP-FPM SAPI:
  . Enforce security in the fastcgi protocol parsing.
    (ef-lists at email dotde)
  . Fixed bug #53777 (php-fpm log format now match php_error log format). (fat)
  . Fixed bug #53527 (php-fpm --test doesn't set a valuable return value). (fat)
  . Fixed bug #53434 (php-fpm slowlog now also logs the original request). (fat)
2679

2680 2681 2682
- Readline extension:
  . Fixed bug #53630 (Fixed parameter handling inside readline() function).
    (jo at feuersee dot de, Ilia)
2683

2684 2685 2686
- Reflection extension:
  . Fixed bug #53915 (ReflectionClass::getConstant(s) emits fatal error on
    constants with self::). (Gustavo)
2687

2688 2689 2690
- Shmop extension:
  . Fixed bug #54193 (Integer overflow in shmop_read()). (Felipe)
    Reported by Jose Carlos Norte <jose at eyeos dot org> (CVE-2011-1092)
2691

2692 2693 2694
- SNMP extension:
  . Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree
    correctly). (Boris Lytochkin)
2695

2696 2697 2698
- SOAP extension:
  . Fixed possible crash introduced by the NULL poisoning patch.
    (Mateusz Kocielski, Pierre)
2699

2700 2701 2702 2703 2704 2705 2706 2707
- SPL extension:
  . Fixed memory leak in DirectoryIterator::getExtension() and
    SplFileInfo::getExtension(). (Felipe)
  . Fixed bug #53914 (SPL assumes HAVE_GLOB is defined). (Chris Jones)
  . Fixed bug #53515 (property_exists incorrect on ArrayObject null and 0
    values). (Felipe)
  . Fixed bug #49608 (Using CachingIterator on DirectoryIterator instance
    segfaults). (Felipe)
2708

2709
  . Added SplFileInfo::getExtension(). FR #48767. (Peter Cowburn)
2710

2711 2712 2713 2714 2715 2716 2717 2718 2719
- SQLite3 extension:
  . Fixed memory leaked introduced by the NULL poisoning patch.
    (Mateusz Kocielski, Pierre)
  . Fixed memory leak on SQLite3Result and SQLite3Stmt when assigning to a
    reference. (Felipe)
  . Add SQlite3_Stmt::readonly() for checking if a statement is read only.
    (Scott)
  . Implemented FR #53466 (SQLite3Result::columnType() should return false after
    all of the rows have been fetched). (Scott)
2720

2721 2722 2723 2724 2725 2726 2727 2728
- Streams:
  . Fixed bug #54092 (Segmentation fault when using HTTP proxy with the FTP
    wrapper). (Gustavo)
  . Fixed bug #53913 (Streams functions assume HAVE_GLOB is defined). (Chris
    Jones)
  . Fixed bug #53903 (userspace stream stat callback does not separate the
    elements of the returned array before converting them). (Gustavo)
  . Implemented FR #26158 (open arbitrary file descriptor with fopen). (Gustavo)
2729

2730 2731 2732
- Tokenizer Extension
  . Fixed bug #54089 (token_get_all() does not stop after __halt_compiler).
    (Nikita Popov, Ilia)
2733

2734 2735 2736
- XSL extension:
  . Fixed memory leaked introduced by the NULL poisoning patch.
    (Mateusz Kocielski, Pierre)
2737

2738 2739 2740 2741 2742 2743 2744 2745 2746 2747 2748 2749 2750 2751 2752 2753 2754
- Zip extension:
  . Added the filename into the return value of stream_get_meta_data(). (Hannes)
  . Fixed bug #53923 (Zip functions assume HAVE_GLOB is defined). (Adam)
  . Fixed bug #53893 (Wrong return value for ZipArchive::extractTo()). (Pierre)
  . Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive).
    (Stas, Maksymilian Arciemowicz). (CVE-2011-0421)
  . Fixed bug #53854 (Missing constants for compression type). (Richard, Adam)
  . Fixed bug #53603 (ZipArchive should quiet stat errors). (brad dot froehle at
    gmail dot com, Gustavo)
  . Fixed bug #53579 (stream_get_contents() segfaults on ziparchive streams).
    (Hannes)
  . Fixed bug #53568 (swapped memset arguments in struct initialization).
    (crrodriguez at opensuse dot org)
  . Fixed bug #53166 (Missing parameters in docs and reflection definition).
    (Richard)
  . Fixed bug #49072 (feof never returns true for damaged file in zip).
    (Gustavo, Richard Quadling)
2755

2756 2757 2758
06 Jan 2011, PHP 5.3.5
- Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott,
  Rasmus)
2759

2760 2761 2762
09 Dec 2010, PHP 5.3.4
- Upgraded bundled Sqlite3 to version 3.7.3. (Ilia)
- Upgraded bundled PCRE to version 8.10. (Ilia)
2763

2764 2765 2766 2767 2768 2769 2770 2771 2772 2773 2774 2775 2776 2777 2778 2779 2780 2781 2782 2783 2784 2785 2786 2787 2788 2789 2790 2791 2792 2793 2794 2795 2796 2797 2798 2799 2800
- Security enhancements:
  . Fixed crash in zip extract method (possible CWE-170).
    (Maksymilian Arciemowicz, Pierre)
  . Paths with NULL in them (foo\0bar.txt) are now considered as invalid.
    (Rasmus)
  . Fixed a possible double free in imap extension (Identified by Mateusz
    Kocielski). (CVE-2010-4150). (Ilia)
  . Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
    (CVE-2010-3709). (Maksymilian Arciemowicz)
  . Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
  . Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre)
  . Fixed symbolic resolution support when the target is a DFS share. (Pierre)
  . Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
    large amount of data) (CVE-2010-3710). (Adam)

- General improvements:
  . Added stat support for zip stream. (Pierre)
  . Added follow_location (enabled by default) option for the http stream
    support. (Pierre)
  . Improved support for is_link and related functions on Windows. (Pierre)
  . Added a 3rd parameter to get_html_translation_table. It now takes a charset
    hint, like htmlentities et al. (Gustavo)

- Implemented feature requests:
  . Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect
    zend multibyte at runtime. (Kalle)
  . Implemented FR #52173, added functions pcntl_get_last_error() and
     pcntl_strerror(). (nick dot telford at gmail dot com, Arnaud)
  . Implemented symbolic links support for open_basedir checks. (Pierre)
  . Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre)
  . Implemented FR #50692, not uploaded files don't count towards
    max_file_uploads limit. As a side improvement, temporary files are not
    opened for empty uploads and, in debug mode, 0-length uploads. (Gustavo)

- Improved MySQLnd:
  . Added new character sets to mysqlnd, which are available in MySQL 5.5
    (Andrey)
2801

2802 2803 2804 2805 2806 2807 2808
- Improved PHP-FPM SAPI:
  . Added '-p/--prefix' to php-fpm to use a custom prefix and run multiple
    instances. (fat)
  . Added custom process title for FPM. (fat)
  . Added '-t/--test' to php-fpm to check and validate FPM conf file. (fat)
  . Added statistics about listening socket queue length for FPM.
    (andrei dot nigmatulin at gmail dot com, fat)
2809 2810

- Core:
2811 2812 2813 2814 2815 2816 2817 2818 2819 2820 2821 2822 2823 2824 2825 2826 2827 2828 2829 2830 2831 2832 2833 2834 2835 2836 2837 2838 2839 2840 2841 2842 2843 2844 2845 2846 2847 2848 2849 2850 2851 2852 2853 2854 2855 2856 2857 2858 2859 2860 2861 2862 2863 2864
  . Fixed extract() to do not overwrite $GLOBALS and $this when using
    EXTR_OVERWRITE. (jorto at redhat dot com)
  . Fixed bug in the Windows implementation of dns_get_record, where the two
    last parameters wouldn't be filled unless the type were DNS_ANY (Gustavo).
  . Changed the $context parameter on copy() to actually have an effect. (Kalle)
  . Fixed htmlentities/htmlspecialchars accepting certain ill-formed UTF-8
    sequences. (Gustavo)
  . Fixed bug #53409 (sleep() returns NULL on Windows). (Pierre)
  . Fixed bug #53319 (strip_tags() may strip '<br />' incorrectly). (Felipe)
  . Fixed bug #53304 (quot_print_decode does not handle lower-case hex digits).
    (Ilia, daniel dot mueller at inexio dot net)
  . Fixed bug #53248 (rawurlencode RFC 3986 EBCDIC support misses tilde char).
    (Justin Martin)
  . Fixed bug #53226 (file_exists fails on big filenames). (Adam)
  . Fixed bug #53198 (changing INI setting "from" with ini_set did not have any
    effect). (Gustavo)
  . Fixed bug #53180 (post_max_size=0 not disabling the limit when the content
    type is application/x-www-form-urlencoded or is not registered with PHP).
    (gm at tlink dot de, Gustavo)
  . Fixed bug #53141 (autoload misbehaves if called from closing session).
    (ladislav at marek dot su)
  . Fixed bug #53021 (In html_entity_decode, failure to convert numeric entities
    with ENT_NOQUOTES and ISO-8859-1). Fixed and extended the fix of
    ENT_NOQUOTES in html_entity_decode that had introduced the bug (rev
    #185591) to other encodings. Additionaly, html_entity_decode() now doesn't
    decode &#34; if ENT_NOQUOTES is given. (Gustavo)
  . Fixed bug #52931 (strripos not overloaded with function overloading
    enabled). (Felipe)
  . Fixed bug #52772 (var_dump() doesn't check for the existence of
    get_class_name before calling it). (Kalle, Gustavo)
  . Fixed bug #52534 (var_export array with negative key). (Felipe)
  . Fixed bug #52327 (base64_decode() improper handling of leading padding in
    strict mode). (Ilia)
  . Fixed bug #52260 (dns_get_record fails with non-existing domain on Windows).
    (a_jelly_doughnut at phpbb dot com, Pierre)
  . Fixed bug #50953 (socket will not connect to IPv4 address when the host has
    both IPv4 and IPv6 addresses, on Windows). (Gustavo, Pierre)
  . Fixed bug #50524 (proc_open on Windows does not respect cwd as it does on
    other platforms). (Pierre)
  . Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the number
    of reported malformed sequences). (CVE-2010-3870) (Gustavo)
  . Fixed bug #49407 (get_html_translation_table doesn't handle UTF-8).
    (Gustavo)
  . Fixed bug #48831 (php -i has different output to php --ini). (Richard,
    Pierre)
  . Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4).
    (Felipe)
  . Fixed bug #47168 (printf of floating point variable prints maximum of 40
    decimal places). (Ilia)
  . Fixed bug #46587 (mt_rand() does not check that max is greater than min).
    (Ilia)
  . Fixed bug #29085 (bad default include_path on Windows). (Pierre)
  . Fixed bug #25927 (get_html_translation_table calls the ' &#39; instead of
    &#039;). (Gustavo)
2865

2866 2867 2868 2869 2870 2871 2872 2873 2874 2875 2876 2877 2878 2879 2880 2881 2882 2883 2884 2885 2886 2887 2888
- Zend engine:
  . Reverted fix for bug #51176 (Static calling in non-static method behaves
    like $this->). (Felipe)
  . Changed deprecated ini options on startup from E_WARNING to E_DEPRECATED.
    (Kalle)
  . Fixed NULL dereference in lex_scan on zend multibyte builds where the script
    had a flex incompatible encoding and there was no converter. (Gustavo)
  . Fixed covariance of return-by-ref constraints. (Etienne)
  . Fixed bug #53305 (E_NOTICE when defining a constant starts with
    __COMPILER_HALT_OFFSET__). (Felipe)
  . Fixed bug #52939 (zend_call_function does not respect ZEND_SEND_PREFER_REF).
    (Dmitry)
  . Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset
    can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry)
  . Fixed bug #52786 (PHP should reset section to [PHP] after ini sections).
    (Fedora at famillecollet dot com)
  . Fixed bug #52508 (newline problem with parse_ini_file+INI_SCANNER_RAW).
    (Felipe)
  . Fixed bug #52484 (__set() ignores setting properties with empty names).
    (Felipe)
  . Fixed bug #52361 (Throwing an exception in a destructor causes invalid
    catching). (Dmitry)
  . Fixed bug #51008 (Zend/tests/bug45877.phpt fails). (Dmitry)
2889

2890 2891 2892 2893 2894 2895
- Build issues:
  . Fixed bug #52436 (Compile error if systems do not have stdint.h)
    (Sriram Natarajan)
  . Fixed bug #50345 (nanosleep not detected properly on some solaris versions).
    (Ulf, Tony)
  . Fixed bug #49215 (make fails on glob_wrapper). (Felipe)
2896

2897 2898 2899
- Calendar extension:
  . Fixed bug #52744 (cal_days_in_month incorrect for December 1 BCE).
   (gpap at internet dot gr, Adam)
2900

2901 2902 2903 2904 2905 2906 2907 2908 2909 2910 2911 2912 2913 2914 2915 2916 2917 2918 2919 2920 2921 2922 2923 2924 2925 2926 2927 2928 2929 2930 2931 2932 2933 2934 2935 2936 2937 2938 2939 2940 2941 2942 2943 2944 2945 2946 2947 2948 2949 2950 2951 2952 2953 2954 2955 2956 2957 2958 2959 2960 2961 2962 2963 2964 2965 2966 2967 2968 2969 2970 2971 2972 2973 2974 2975 2976 2977 2978 2979 2980 2981 2982 2983 2984 2985 2986 2987 2988 2989 2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 3000 3001 3002 3003 3004 3005 3006 3007 3008 3009 3010 3011 3012 3013 3014 3015 3016 3017 3018 3019 3020 3021 3022 3023 3024 3025 3026 3027 3028 3029 3030 3031 3032 3033 3034 3035 3036 3037 3038 3039 3040 3041 3042 3043 3044 3045 3046 3047 3048 3049 3050 3051 3052 3053 3054 3055 3056 3057 3058 3059 3060 3061 3062 3063 3064 3065 3066 3067 3068 3069 3070 3071 3072 3073 3074 3075 3076 3077 3078 3079 3080 3081 3082 3083 3084 3085 3086 3087 3088 3089 3090 3091
- cURL extension:
  . Fixed bug #52828 (curl_setopt does not accept persistent streams).
    (Gustavo, Ilia)
  . Fixed bug #52827 (cURL leaks handle and causes assertion error
    (CURLOPT_STDERR)). (Gustavo)
  . Fixed bug #52202 (CURLOPT_PRIVATE gets corrupted). (Ilia)
  . Fixed bug #50410 (curl extension slows down PHP on Windows). (Pierre)

- DateTime extension:
  . Fixed bug #53297 (gettimeofday implementation in php/win32/time.c can return
    1 million microsecs). (ped at 7gods dot org)
  . Fixed bug #52668 (Iterating over a dateperiod twice is broken). (Derick)
  . Fixed bug #52454 (Relative dates and getTimestamp increments by one day).
    (Derick)
  . Fixed bug #52430 (date_parse parse 24:xx:xx as valid time). (Derick)
  . Added support for the ( and ) delimiters/separators to
    DateTime::createFromFormat(). (Derick)

- DBA extension:
  . Added Berkeley DB 5.1 support to the DBA extension. (Oracle Corp.)

- DOM extension:
  . Fixed bug #52656 (DOMCdataSection does not work with splitText). (Ilia)

- Filter extension:
  . Fixed the filter extension accepting IPv4 octets with a leading 0 as that
    belongs to the unsupported "dotted octal" representation. (Gustavo)
  . Fixed bug #53236 (problems in the validation of IPv6 addresses with leading
    and trailing :: in the filter extension). (Gustavo)
  . Fixed bug #50117 (problems in the validation of IPv6 addresses with IPv4
    addresses and ::). (Gustavo)

- GD extension:
  . Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre)

- GMP extension:
  . Fixed bug #52906 (gmp_mod returns negative result when non-negative is
    expected). (Stas)
  . Fixed bug #52849 (GNU MP invalid version match). (Adam)

- Hash extension:
  . Fixed bug #51003 (unaligned memory access in ext/hash/hash_tiger.c).
    (Mike, Ilia)

- Iconv extension:
  . Fixed bug #52941 (The 'iconv_mime_decode_headers' function is skipping
    headers). (Adam)
  . Fixed bug #52599 (iconv output handler outputs incorrect content type
    when flags are used). (Ilia)
  . Fixed bug #51250 (iconv_mime_decode() does not ignore malformed Q-encoded
    words). (Ilia)

- Intl extension:
  . Fixed crashes on invalid parameters in intl extension. (CVE-2010-4409).
    (Stas, Maksymilian Arciemowicz)
  . Added support for formatting the timestamp stored in a DateTime object.
    (Stas)
  . Fixed bug #50590 (IntlDateFormatter::parse result is limited to the integer
    range). (Stas)

- Mbstring extension:
  . Fixed bug #53273 (mb_strcut() returns garbage with the excessive length
    parameter). (CVE-2010-4156) (Mateusz Kocielski, Pierre, Moriyoshi)
  . Fixed bug #52981 (Unicode casing table was out-of-date. Updated with
    UnicodeData-6.0.0d7.txt and included the source of the generator program
    with the distribution) (Gustavo).
  . Fixed bug #52681 (mb_send_mail() appends an extra MIME-Version header).
    (Adam)

- MSSQL extension:
  . Fixed possible crash in mssql_fetch_batch(). (Kalle)
  . Fixed bug #52843 (Segfault when optional parameters are not passed in to
    mssql_connect). (Felipe)

- MySQL extension:
  . Fixed bug #52636 (php_mysql_fetch_hash writes long value into int).
    (Kalle, rein at basefarm dot no)

- MySQLi extension:
  . Fixed bug #52891 (Wrong data inserted with mysqli/mysqlnd when using
    mysqli_stmt_bind_param and value> PHP_INT_MAX). (Andrey)
  . Fixed bug #52686 (mysql_stmt_attr_[gs]et argument points to incorrect type).
    (rein at basefarm dot no)
  . Fixed bug #52654 (mysqli doesn't install headers with structures it uses).
    (Andrey)
  . Fixed bug #52433 (Call to undefined method mysqli::poll() - must be static).
    (Andrey)
  . Fixed bug #52417 (MySQLi build failure with mysqlnd on MacOS X). (Andrey)
  . Fixed bug #52413 (MySQLi/libmysql build failure on OS X, FreeBSD). (Andrey)
  . Fixed bug #52390 (mysqli_report() should be per-request setting). (Kalle)
  . Fixed bug #52302 (mysqli_fetch_all does not work with MYSQLI_USE_RESULT).
    (Andrey)
  . Fixed bug #52221 (Misbehaviour of magic_quotes_runtime (get/set)). (Andrey)
  . Fixed bug #45921 (Can't initialize character set hebrew). (Andrey)

- MySQLnd:
  . Fixed bug #52613 (crash in mysqlnd after hitting memory limit). (Andrey)

- ODBC extension:
  - Fixed bug #52512 (Broken error handling in odbc_execute).
    (mkoegler at auto dot tuwien dot ac dot at)

- Openssl extension:
  . Fixed possible blocking behavior in openssl_random_pseudo_bytes on Windows.
    (Pierre)
  . Fixed bug #53136 (Invalid read on openssl_csr_new()). (Felipe)
  . Fixed bug #52947 (segfault when ssl stream option capture_peer_cert_chain
    used). (Felipe)

- Oracle Database extension (OCI8):
  . Fixed bug #53284 (Valgrind warnings in oci_set_* functions) (Oracle Corp.)
  . Fixed bug #51610 (Using oci_connect causes PHP to take a long time to
    exit).  Requires Oracle 11.2.0.2 client libraries (or Oracle bug fix
    9891199) for this patch to have an effect. (Oracle Corp.)

- PCNTL extension:
  . Fixed bug #52784 (Race condition when handling many concurrent signals).
    (nick dot telford at gmail dot com, Arnaud)

- PCRE extension:
  . Fixed bug #52971 (PCRE-Meta-Characters not working with utf-8). (Felipe)
  . Fixed bug #52732 (Docs say preg_match() returns FALSE on error, but it
    returns int(0)). (slugonamission at gmail dot com)

- PHAR extension:
  . Fixed bug #50987 (unaligned memory access in phar.c).
    (geissert at debian dot org, Ilia)

- PHP-FPM SAPI:
  . Fixed bug #53412 (segfault when using -y). (fat)
  . Fixed inconsistent backlog default value (-1) in FPM on many systems. (fat)
  . Fixed bug #52501 (libevent made FPM crashed when forking -- libevent has
    been removed). (fat)
  . Fixed bug #52725 (gcc builtin atomic functions were sometimes used when they
    were not available). (fat)
  . Fixed bug #52693 (configuration file errors are not logged to stderr). (fat)
  . Fixed bug #52674 (FPM Status page returns inconsistent Content-Type
    headers). (fat)
  . Fixed bug #52498 (libevent was not only linked to php-fpm). (fat)

- PDO:
  . Fixed bug #52699 (PDO bindValue writes long int 32bit enum).
    (rein at basefarm dot no)
  . Fixed bug #52487 (PDO::FETCH_INTO leaks memory). (Felipe)

- PDO DBLib driver:
  . Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values).
    (Felipe)

- PDO Firebird driver:
  . Restored firebird support (VC9 builds only). (Pierre)
  . Fixed bug #53335 (pdo_firebird did not implement rowCount()).
    (preeves at ibphoenix dot com)
  . Fixed bug #53323 (pdo_firebird getAttribute() crash).
    (preeves at ibphoenix dot com)

- PDO MySQL driver:
  . Fixed bug #52745 (Binding params doesn't work when selecting a date inside a
    CASE-WHEN). (Andrey)

- PostgreSQL extension:
  . Fixed bug #47199 (pg_delete() fails on NULL). (ewgraf at gmail dot com)

- Reflection extension:
  . Fixed ReflectionProperty::isDefault() giving a wrong result for properties
    obtained with ReflectionClass::getProperties(). (Gustavo)
- Reflection extension:
  . Fixed bug #53366 (Reflection doesnt get dynamic property value from
    getProperty()). (Felipe)
  . Fixed bug #52854 (ReflectionClass::newInstanceArgs does not work for classes
    without constructors). (Johannes)

- SOAP extension:
  . Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy
    with SoapClient object). (Dmitry)

- SPL extension:
  . Fixed bug #53362 (Segmentation fault when extending SplFixedArray). (Felipe)
  . Fixed bug #53279 (SplFileObject doesn't initialise default CSV escape
    character). (Adam)
  . Fixed bug #53144 (Segfault in SplObjectStorage::removeAll()). (Felipe)
  . Fixed bug #53071 (SPLObjectStorage defeats gc_collect_cycles). (Gustavo)
  . Fixed bug #52573 (SplFileObject::fscanf Segmentation fault). (Felipe)
  . Fixed bug #51763 (SplFileInfo::getType() does not work symbolic link
    and directory). (Pierre)
  . Fixed bug #50481 (Storing many SPLFixedArray in an array crashes). (Felipe)
  . Fixed bug #50579 (RegexIterator::REPLACE doesn't work). (Felipe)

- SQLite3 extension:
  . Fixed bug #53463 (sqlite3 columnName() segfaults on bad column_number).
    (Felipe)
3092

3093
- Streams:
3094 3095 3096 3097 3098 3099 3100 3101 3102 3103 3104 3105 3106
  . Fixed forward stream seeking emulation in streams that don't support seeking
    in situations where the read operation gives back less data than requested
    and when there was data in the buffer before the emulation started. Also
    made more consistent its behavior -- should return failure every time less
    data than was requested was skipped. (Gustavo)
  . Fixed bug #53241 (stream casting that relies on fdopen/fopencookie fails
    with streams opened with, inter alia, the 'xb' mode). (Gustavo)
  . Fixed bug #53006 (stream_get_contents has an unpredictable behavior when the
    underlying stream does not support seeking). (Gustavo)
  . Fixed bug #52944 (Invalid write on second and subsequent reads with an
    inflate filter fed invalid data). (Gustavo)
  . Fixed bug #52820 (writes to fopencookie FILE* not commited when seeking the
    stream). (Gustavo)
3107

3108 3109 3110
- WDDX extension:
  . Fixed bug #52468 (wddx_deserialize corrupts integer field value when left
    empty). (Felipe)
3111

3112 3113
- Zlib extension:
  . Fixed bug #52926 (zlib fopen wrapper does not use context). (Gustavo)
3114

3115 3116 3117
22 Jul 2010, PHP 5.3.3
- Upgraded bundled sqlite to version 3.6.23.1. (Ilia)
- Upgraded bundled PCRE to version 8.02. (Ilia)
3118

3119 3120 3121 3122 3123 3124 3125 3126 3127 3128 3129 3130 3131 3132 3133 3134 3135 3136 3137 3138
- Added support for JSON_NUMERIC_CHECK option in json_encode() that converts
  numeric strings to integers. (Ilia)
- Added stream_set_read_buffer, allows to set the buffer for read operation.
  (Pierre)
- Added stream filter support to mcrypt extension (ported from
  mcrypt_filter). (Stas)
- Added full_special_chars filter to ext/filter. (Rasmus)
- Added backlog socket context option for stream_socket_server(). (Mike)
- Added fifth parameter to openssl_encrypt()/openssl_decrypt()
  (string $iv) to use non-NULL IV.
  Made implicit use of NULL IV a warning. (Sara)
- Added openssl_cipher_iv_length(). (Sara)
- Added FastCGI Process Manager (FPM) SAPI. (Tony)
- Added recent Windows versions to php_uname and fix undefined windows
  version support. (Pierre)
- Added Berkeley DB 5 support to the DBA extension. (Johannes, Chris Jones)
- Added support for copy to/from array/file for pdo_pgsql extension.
  (Denis Gasparin, Ilia)
- Added inTransaction() method to PDO, with specialized support for Postgres.
  (Ilia, Denis Gasparin)
3139

3140 3141 3142
- Changed namespaced classes so that the ctor can only be named
  __construct now. (Stas)
- Reset error state in PDO::beginTransaction() reset error state. (Ilia)
3143

3144 3145 3146 3147 3148 3149 3150 3151 3152 3153 3154 3155 3156 3157
- Implemented FR#51295 (SQLite3::busyTimeout not existing). (Mark)
- Implemented FR#35638 (Adding udate to imap_fetch_overview results).
  (Charles_Duffy at dell dot com )
- Rewrote var_export() to use smart_str rather than output buffering, prevents
  data disclosure if a fatal error occurs (CVE-2010-2531). (Scott)
- Fixed possible buffer overflows in mysqlnd_list_fields,  mysqlnd_change_user.
  (Andrey)
- Fixed possible buffer overflows when handling error packets in mysqlnd.
  Reported by Stefan Esser. (Andrey)
- Fixed very rare memory leak in mysqlnd, when binding thousands of columns.
  (Andrey)
- Fixed a crash when calling an inexistent method of a class that inherits
  PDOStatement if instantiated directly instead of doing by the PDO methods.
  (Felipe)
3158

3159 3160 3161 3162 3163 3164 3165 3166 3167 3168 3169 3170 3171 3172 3173 3174 3175 3176 3177 3178 3179 3180 3181 3182 3183 3184 3185 3186 3187 3188 3189 3190 3191 3192
- Fixed memory leak on error in mcrypt_create_iv on Windows. (Pierre)
- Fixed a possible crash because of recursive GC invocation. (Dmitry)
- Fixed a possible resource destruction issues in shm_put_var().
  Reported by Stefan Esser. (Dmitry)
- Fixed a possible information leak because of interruption of XOR operator.
  Reported by Stefan Esser. (Dmitry)
- Fixed a possible memory corruption because of unexpected call-time pass by
  refernce and following memory clobbering through callbacks.
  Reported by Stefan Esser. (Dmitry)
- Fixed a possible memory corruption in ArrayObject::uasort(). Reported by
  Stefan Esser. (Dmitry)
- Fixed a possible memory corruption in parse_str(). Reported by Stefan Esser.
  (Dmitry)
- Fixed a possible memory corruption in pack(). Reported by Stefan Esser.
  (Dmitry)
- Fixed a possible memory corruption in substr_replace(). Reported by Stefan
  Esser. (Dmitry)
- Fixed a possible memory corruption in addcslashes(). Reported by Stefan
  Esser. (Dmitry)
- Fixed a possible stack exhaustion inside fnmatch(). Reported by Stefan
  Esser. (Ilia)
- Fixed a possible dechunking filter buffer overflow. Reported by Stefan Esser.
  (Pierre)
- Fixed a possible arbitrary memory access inside sqlite extension. Reported
  by Mateusz Kocielski. (Ilia)
- Fixed string format validation inside phar extension. Reported by Stefan
  Esser. (Ilia)
- Fixed handling of session variable serialization on certain prefix
  characters. Reported by Stefan Esser. (Ilia)
- Fixed a NULL pointer dereference when processing invalid XML-RPC
  requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
- Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas)
- Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas)
- Fixed the mail.log ini setting when no filename was given. (Johannes)
3193

3194 3195 3196 3197 3198 3199 3200 3201 3202 3203 3204 3205 3206 3207 3208 3209 3210 3211 3212 3213 3214 3215 3216 3217 3218 3219 3220 3221 3222 3223 3224 3225 3226 3227 3228 3229 3230 3231 3232 3233 3234 3235 3236 3237 3238 3239 3240 3241 3242 3243 3244 3245 3246 3247 3248 3249 3250 3251 3252 3253 3254 3255 3256 3257 3258 3259 3260 3261 3262 3263 3264 3265 3266 3267 3268 3269 3270 3271 3272 3273 3274 3275 3276 3277 3278 3279 3280 3281 3282 3283 3284 3285 3286 3287 3288 3289 3290 3291 3292 3293 3294 3295 3296 3297 3298 3299 3300 3301 3302 3303 3304 3305 3306 3307 3308 3309 3310 3311 3312 3313 3314 3315 3316 3317 3318 3319 3320 3321 3322 3323 3324 3325 3326 3327 3328 3329 3330 3331 3332 3333 3334 3335 3336 3337 3338 3339 3340 3341 3342 3343 3344 3345 3346 3347 3348 3349 3350 3351 3352 3353 3354 3355 3356 3357 3358 3359 3360 3361 3362 3363 3364 3365 3366 3367 3368 3369 3370 3371 3372 3373 3374 3375 3376 3377 3378 3379 3380 3381 3382 3383 3384 3385 3386 3387 3388 3389 3390 3391 3392 3393 3394 3395
- Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64
  bit)). (Adam)
- Fixed bug #52262 (json_decode() shows no errors on invalid UTF-8).
  (Scott)
- Fixed bug #52240 (hash_copy() does not copy the HMAC key, causes wrong
  results and PHP crashes). (Felipe)
- Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
  (Johannes)
- Fixed bug #52193 (converting closure to array yields empty array). (Felipe)
- Fixed bug #52183 (Reflectionfunction reports invalid number of arguments for
  function aliases). (Felipe)
- Fixed bug #52162 (custom request header variables with numbers are removed).
  (Sriram Natarajan)
- Fixed bug #52160 (Invalid E_STRICT redefined constructor error). (Felipe)
- Fixed bug #52138 (Constants are parsed into the ini file for section names).
  (Felipe)
- Fixed bug #52115 (mysqli_result::fetch_all returns null, not an empty array).
  (Andrey)
- Fixed bug #52101 (dns_get_record() garbage in 'ipv6' field on Windows).
  (Pierre)
- Fixed bug #52082 (character_set_client & character_set_connection reset after
  mysqli_change_user()). (Andrey)
- Fixed bug #52043 (GD doesn't recognize latest libJPEG versions).
  (php at group dot apple dot com, Pierre)
- Fixed bug #52041 (Memory leak when writing on uninitialized variable returned
  from function). (Dmitry)
- Fixed bug #52060 (Memory leak when passing a closure to method_exists()).
  (Felipe)
- Fixed bug #52057 (ReflectionClass fails on Closure class). (Felipe)
- Fixed bug #52051 (handling of case sensitivity of old-style constructors
  changed in 5.3+). (Felipe)
- Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at
  debian dot org, Kalle)
- Fixed bug #52019 (make lcov doesn't support TESTS variable anymore). (Patrick)
- Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command).
  (Ilia)
- Fixed bug #52001 (Memory allocation problems after using variable variables).
  (Dmitry)
- Fixed bug #51991 (spl_autoload and *nix support with namespace). (Felipe)
- Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle,
  coreystup at gmail dot com)
- Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with
  constant array). (Felipe)
- Fixed bug #51905 (ReflectionParameter fails if default value is an array
  with an access to self::). (Felipe)
- Fixed bug #51899 (Parse error in parse_ini_file() function when empy value
  followed by no newline). (Felipe)
- Fixed bug #51844 (checkdnsrr does not support types other than MX). (Pierre)
- Fixed bug #51827 (Bad warning when register_shutdown_function called with
  wrong num of parameters). (Felipe)
- Fixed bug #51822 (Segfault with strange __destruct() for static class
  variables). (Dmitry)
- Fixed bug #51791 (constant() aborts execution when fail to check undefined
  constant). (Felipe)
- Fixed bug #51732 (Fileinfo __construct or open does not work with NULL).
  (Pierre)
- Fixed bug #51725 (xmlrpc_get_type() returns true on invalid dates). (Mike)
- Fixed bug #51723 (Content-length header is limited to 32bit integer with
  Apache2 on Windows). (Pierre)
- Fixed bug #51721 (mark DOMNodeList and DOMNamedNodeMap as Traversable).
  (David Zuelke)
- Fixed bug #51712 (Test mysql_mysqlnd_read_timeout_long must fail on MySQL4).
  (Andrey)
- Fixed bug #51697 (Unsafe operations in free_storage of SPL iterators,
  causes crash during shutdown). (Etienne)
- Fixed bug #51690 (Phar::setStub looks for case-sensitive
  __HALT_COMPILER()). (Ilia)
- Fixed bug #51688 (ini per dir crashes when invalid document root  are given).
  (Pierre)
- Fixed bug #51671 (imagefill does not work correctly for small images).
  (Pierre)
- Fixed bug #51670 (getColumnMeta causes segfault when re-executing query
  after calling nextRowset). (Pierrick)
- Fixed bug #51647 Certificate file without private key (pk in another file)
  doesn't work. (Andrey)
- Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading).
  (Pierre)
- Fixed bug #51627 (script path not correctly evaluated).
  (russell dot tempero at rightnow dot com)
- Fixed bug #51624 (Crash when calling mysqli_options()). (Felipe)
- Fixed bug #51615 (PHP crash with wrong HTML in SimpleXML). (Felipe)
- Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter).
  (Felipe)
- Fixed bug #51608 (pg_copy_to: WARNING: nonstandard use of \\ in a string
  literal). (cbandy at jbandy dot com)
- Fixed bug #51607 (pg_copy_from does not allow schema in the tablename
  argument). (cbandy at jbandy dot com)
- Fixed bug #51605 (Mysqli - zombie links). (Andrey)
- Fixed bug #51604 (newline in end of header is shown in start of message).
  (Daniel Egeberg)
- Fixed bug #51590 (JSON_ERROR_UTF8 is undefined). (Felipe)
- Fixed bug #51583 (Bus error due to wrong alignment in mysqlnd). (Rainer Jung)
- Fixed bug #51582 (Don't assume UINT64_C it's ever available).
  (reidrac at usebox dot net, Pierre)
- Fixed bug #51577 (Uninitialized memory reference with oci_bind_array_by_name)
  (Oracle Corp.)
- Fixed bug #51562 (query timeout in mssql can not be changed per query).
  (ejsmont dot artur at gmail dot com)
- Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory
  issues). (Dmitry)
- Fixed bug #51445 (var_dump() invalid/slow *RECURSION* detection). (Felipe)
- Fixed bug #51435 (Missing ifdefs / logic bug in crypt code cause compile
  errors). (Felipe)
- Fixed bug #51424 (crypt() function hangs after 3rd call). (Pierre, Sriram)
- Fixed bug #51394 (Error line reported incorrectly if error handler throws an
  exception). (Stas)
- Fixed bug #51393 (DateTime::createFromFormat() fails if format string contains
  timezone). (Adam)
- Fixed bug #51347 (mysqli_close / connection memory leak). (Andrey, Johannes)
- Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is
  on). (Ilia, j dot jeising at gmail dot com)
- Fixed bug #51291 (oci_error doesn't report last error when called two times)
  (Oracle Corp.)
- Fixed bug #51276 (php_load_extension() is missing when HAVE_LIBDL is
  undefined). (Tony)
- Fixed bug #51273 (Faultstring property does not exist when the faultstring is
  empty) (Ilia, dennis at transip dot nl)
- Fixed bug #51269 (zlib.output_compression Overwrites Vary Header). (Adam)
- Fixed bug #51257 (CURL_VERSION_LARGEFILE incorrectly used after libcurl
  version 7.10.1). (aron dot ujvari at microsec dot hu)
- Fixed bug #51242 (Empty mysql.default_port does not default to 3306 anymore,
  but 0). (Adam)
- Fixed bug #51237 (milter SAPI crash on startup). (igmar at palsenberg dot com)
- Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia,
  alexr at oplot dot com)
- Fixed bug #51190 (ftp_put() returns false when transfer was successful).
  (Ilia)
- Fixed bug #51183 (ext/date/php_date.c fails to compile with Sun Studio).
  (Sriram Natarajan)
- Fixed bug #51176 (Static calling in non-static method behaves like $this->).
  (Felipe)
- Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when
  an invalid option is provided). (Ilia)
- Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre)
- Fixed bug #51096 ('last day' and 'first day' are handled incorrectly when
  parsing date strings). (Derick)
- Fixed bug #51086 (DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones)
- Fixed bug #51062 (DBA DB4 uses mismatched headers and libraries). (Chris
  Jones)
- Fixed bug #51026 (mysqli_ssl_set not working). (Andrey)
- Fixed bug #51023 (filter doesn't detect int overflows with GCC 4.4).
  (Raphael Geissert)
- Fixed bug #50999 (unaligned memory access in dba_fetch()). (Felipe)
- Fixed bug #50976 (Soap headers Authorization not allowed).
  (Brain France, Dmitry)
- Fixed bug #50828 (DOMNotation is not subclass of DOMNode). (Rob)
- Fixed bug #50810 (property_exists does not work for private). (Felipe)
- Fixed bug #50762 (in WSDL mode Soap Header handler function only being called
  if defined in WSDL). (mephius at gmail dot com)
- Fixed bug #50731 (Inconsistent namespaces sent to functions registered with
  spl_autoload_register). (Felipe)
- Fixed bug #50563 (removing E_WARNING from parse_url). (ralph at smashlabs dot
  com, Pierre)
- Fixed bug #50578 (incorrect shebang in phar.phar). (Fedora at FamilleCollet
  dot com)
- Fixed bug #50392 (date_create_from_format enforces 6 digits for 'u' format
  character). (Derick)
- Fixed bug #50383 (Exceptions thrown in __call / __callStatic do not include
  file and line in trace). (Felipe)
- Fixed bug #50358 (Compile failure compiling ext/phar/util.lo). (Felipe)
- Fixed bug #50101 (name clash between global and local variable).
  (patch by yoarvi at gmail dot com)
- Fixed bug #50055 (DateTime::sub() allows 'relative' time modifications).
  (Derick)
- Fixed bug #51002 (fix possible memory corruption with very long names).
  (Pierre)
- Fixed bug #49893 (Crash while creating an instance of Zend_Mail_Storage_Pop3).
  (Dmitry)
- Fixed bug #49819 (STDOUT losing data with posix_isatty()). (Mike)
- Fixed bug #49778 (DateInterval::format("%a") is always zero when an interval
  is created from an ISO string). (Derick)
- Fixed bug #49700 (memory leaks in php_date.c if garbage collector is
  enabled). (Dmitry)
- Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus)
- Fixed bug #49490 (XPath namespace prefix conflict). (Rob)
- Fixed bug #49429 (odbc_autocommit doesn't work). (Felipe)
- Fixed bug #49320 (PDO returns null when SQLite connection fails). (Felipe)
- Fixed bug #49234 (mysqli_ssl_set not found). (Andrey)
- Fixed bug #49216 (Reflection doesn't seem to work properly on MySqli).
  (Andrey)
- Fixed bug #49192 (PHP crashes when GC invoked on COM object). (Stas)
- Fixed bug #49081 (DateTime::diff() mistake if start in January and interval >
  28 days). (Derick)
- Fixed bug #49059 (DateTime::diff() repeats previous sub() operation).
  (yoarvi@gmail.com, Derick)
- Fixed bug #48983 (DomDocument : saveHTMLFile wrong charset). (Rob)
- Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3). (Felipe)
- Fixed bug #48902 (Timezone database fallback map is outdated). (Derick)
- Fixed bug #48781 (Cyclical garbage collector memory leak). (Dmitry)
- Fixed bug #48601 (xpath() returns FALSE for legitimate query). (Rob)
- Fixed bug #48361 (SplFileInfo::getPathInfo should return the
  parent dir). (Etienne)
- Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken).
  (Adam, patch from hiroaki dot kawai at gmail dot com).
- Fixed bug #47842 (sscanf() does not support 64-bit values). (Mike)
- Fixed bug #46111 (Some timezone identifiers can not be parsed). (Derick)
- Fixed bug #45808 (stream_socket_enable_crypto() blocks and eats CPU).
  (vincent at optilian dot com)
- Fixed bug #43233 (sasl support for ldap on Windows). (Pierre)
- Fixed bug #35673 (formatOutput does not work with saveHTML). (Rob)
- Fixed bug #33210 (getimagesize() fails to detect width/height on certain
  JPEGs). (Ilia)
3396

3397
04 Mar 2010, PHP 5.3.2
3398

3399 3400 3401 3402
- Upgraded bundled sqlite to version 3.6.22. (Ilia)
- Upgraded bundled libmagic to version 5.03. (Mikko)
- Upgraded bundled PCRE to version 8.00. (Scott)
- Updated timezone database to version 2010.3. (Derick)
3403

3404 3405 3406
- Improved LCG entropy. (Rasmus, Samy Kamkar)
- Improved crypt support for edge cases (UFC compatibility). (Solar Designer,
  Joey, Pierre)
3407

3408 3409
- Reverted fix for bug #49521 (PDO fetchObject sets values before calling
  constructor). (Pierrick, Johannes)
3410

3411 3412 3413 3414 3415
- Changed gmp_strval() to use full range from 2 to 62, and -2 to -36. FR #50283
  (David Soria Parra)
- Changed "post_max_size" php.ini directive to allow unlimited post size by
  setting it to 0. (Rasmus)
- Changed tidyNode class to disallow manual node creation. (Pierrick)
3416

3417 3418
- Removed automatic file descriptor unlocking happening on shutdown and/or
  stream close (on all OSes). (Tony, Ilia)
3419

3420 3421 3422 3423 3424 3425 3426 3427 3428 3429 3430 3431 3432 3433 3434 3435 3436 3437 3438 3439
- Added libpng 1.4.0 support. (Pierre)
- Added support for DISABLE_AUTHENTICATOR for imap_open. (Pierre)
- Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL.
  (Ilia)
- Added stream_resolve_include_path(). (Mikko)
- Added INTERNALDATE support to imap_append. (nick at mailtrust dot com)
- Added support for SHA-256 and SHA-512 to php's crypt. (Pierre)
- Added realpath_cache_size() and realpath_cache_get() functions. (Stas)
- Added FILTER_FLAG_STRIP_BACKTICK option to the filter extension. (Ilia)
- Added protection for $_SESSION from interrupt corruption and improved
  "session.save_path" check. (Stas)
- Added LIBXML_PARSEHUGE constant to override the maximum text size of a
  single text node when using libxml2.7.3+. (Kalle)
- Added ReflectionMethod::setAccessible() for invoking non-public methods
  through the Reflection API. (Sebastian)
- Added Collator::getSortKey for intl extension. (Stas)
- Added support for CURLOPT_POSTREDIR. FR #49571. (Sriram Natarajan)
- Added support for CURLOPT_CERTINFO. FR #49253.
  (Linus Nielsen Feltzing <linus@haxx.se>)
- Added client-side server name indication support in openssl. (Arnaud)
3440

3441
- Improved fix for bug #50006 (Segfault caused by uksort()). (Stas)
3442

3443 3444 3445 3446 3447 3448 3449 3450 3451 3452 3453 3454 3455 3456 3457 3458 3459 3460 3461 3462 3463 3464
- Fixed mysqlnd hang when queries exactly 16777214 bytes long are sent. (Andrey)
- Fixed incorrect decoding of 5-byte BIT sequences in mysqlnd. (Andrey)
- Fixed error_log() to be binary safe when using message_type 3. (Jani)
- Fixed unnecessary invocation of setitimer when timeouts have been disabled.
  (Arvind Srinivasan)
- Fixed memory leak in extension loading when an error occurs on Windows.
  (Pierre)
- Fixed safe_mode validation inside tempnam() when the directory path does
  not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in session extension
  identified by Grzegorz Stachowiak. (Ilia)
- Fixed possible crash when a error/warning is raised during php startup.
  (Pierre)
- Fixed possible bad behavior of rename on windows when used with symbolic
  links or invalid paths. (Pierre)
- Fixed error output to stderr on Windows. (Pierre)
- Fixed memory leaks in is_writable/readable/etc on Windows. (Pierre)
- Fixed memory leaks in the ACL function on Windows. (Pierre)
- Fixed memory leak in the realpath cache on Windows. (Pierre)
- Fixed memory leak in zip_close. (Pierre)
- Fixed crypt's blowfish sanity check of the "setting" string, to reject
  iteration counts encoded as 36 through 39. (Solar Designer, Joey, Pierre)
3465

3466 3467 3468 3469 3470 3471 3472 3473 3474 3475 3476 3477 3478 3479 3480 3481 3482 3483 3484 3485 3486 3487 3488 3489 3490 3491 3492 3493 3494 3495 3496 3497 3498 3499 3500 3501 3502 3503 3504 3505 3506 3507 3508 3509 3510 3511 3512 3513 3514 3515 3516 3517 3518 3519 3520 3521 3522 3523 3524 3525 3526 3527 3528 3529 3530 3531 3532 3533 3534 3535 3536 3537 3538 3539 3540 3541 3542 3543 3544 3545 3546 3547 3548 3549 3550 3551 3552 3553 3554 3555 3556 3557 3558 3559 3560 3561 3562 3563 3564 3565 3566 3567 3568 3569 3570 3571 3572 3573 3574 3575 3576 3577 3578 3579 3580 3581 3582 3583 3584 3585 3586 3587 3588 3589 3590 3591 3592 3593 3594 3595 3596 3597 3598 3599 3600 3601 3602 3603 3604 3605 3606 3607 3608 3609 3610 3611 3612 3613 3614 3615 3616 3617 3618 3619 3620 3621 3622 3623 3624 3625 3626 3627 3628 3629 3630 3631 3632
- Fixed bug #51059 (crypt crashes when invalid salt are given). (Pierre)
- Fixed bug #50952 (allow underscore _ in constants parsed in php.ini files).
  (Jani)
- Fixed bug #50940 (Custom content-length set incorrectly in Apache SAPIs).
  (Brian France, Rasmus)
- Fixed bug #50930 (Wrong date by php_date.c patch with ancient gcc/glibc
  versions). (Derick)
- Fixed bug #50907 (X-PHP-Originating-Script adding two new lines in *NIX).
  (Ilia)
- Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation).
  (Ilia, hanno at hboeck dot de)
- Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes
  long). (Ilia)
- Fixed bug #50829 (php.ini directive pdo_mysql.default_socket is ignored).
  (Ilia)
- Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP
  authentication). (Jani)
- Fixed bug #50787 (stream_set_write_buffer() has no effect on socket streams).
  (vnegrier at optilian dot com, Ilia)
- Fixed bug #50761 (system.multiCall crashes in xmlrpc extension).
  (hiroaki dot kawai at gmail dot com, Ilia)
- Fixed bug #50756 (CURLOPT_FTP_SKIP_PASV_IP does not exist). (Sriram)
- Fixed bug #50732 (exec() adds single byte twice to $output array). (Ilia)
- Fixed bug #50728 (All PDOExceptions hardcode 'code' property to 0).
  (Joey, Ilia)
- Fixed bug #50723 (Bug in garbage collector causes crash). (Dmitry)
- Fixed bug #50690 (putenv does not set ENV when the value is only one char).
  (Pierre)
- Fixed bug #50680 (strtotime() does not support eighth ordinal number). (Ilia)
- Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16). (Rob)
- Fixed bug #50657 (copy() with an empty (zero-byte) HTTP source succeeds but
  returns false). (Ilia)
- Fixed bug #50636 (MySQLi_Result sets values before calling constructor).
  (Pierrick)
- Fixed bug #50632 (filter_input() does not return default value if the
  variable does not exist). (Ilia)
- Fixed bug #50576 (XML_OPTION_SKIP_TAGSTART option has no effect). (Pierrick)
- Fixed bug #50558 (Broken object model when extending tidy). (Pierrick)
- Fixed bug #50540 (Crash while running ldap_next_reference test cases).
  (Sriram)
- Fixed bug #50519 (segfault in garbage collection when using set_error_handler
  and DomDocument). (Dmitry)
- Fixed bug #50508 (compile failure: Conflicting HEADER type declarations).
  (Jani)
- Fixed bug #50496 (Use of <stdbool.h> is valid only in a c99 compilation
  environment. (Sriram)
- Fixed bug #50464 (declare encoding doesn't work within an included file).
  (Felipe)
- Fixed bug #50458 (PDO::FETCH_FUNC fails with Closures). (Felipe, Pierrick)
- Fixed bug #50445 (PDO-ODBC stored procedure call from Solaris 64-bit causes
  seg fault). (davbrown4 at yahoo dot com, Felipe)
- Fixed bug #50416 (PROCEDURE db.myproc can't return a result set in the given
  context). (Andrey)
- Fixed bug #50394 (Reference argument converted to value in __call). (Stas)
- Fixed bug #50351 (performance regression handling objects, ten times slower
  in 5.3 than in 5.2). (Dmitry)
- Fixed bug #50392 (date_create_from_format() enforces 6 digits for 'u'
  format character). (Ilia)
- Fixed bug #50345 (nanosleep not detected properly on some solaris versions).
  (Jani)
- Fixed bug #50340 (php.ini parser does not allow spaces in ini keys). (Jani)
- Fixed bug #50334 (crypt ignores sha512 prefix). (Pierre)
- Fixed bug #50323 (Allow use of ; in values via ;; in PDO DSN).
  (Ilia, Pierrick)
- Fixed bug #50285 (xmlrpc does not preserve keys in encoded indexed arrays).
  (Felipe)
- Fixed bug #50282 (xmlrpc_encode_request() changes object into array in
  calling function). (Felipe)
- Fixed bug #50267 (get_browser(null) does not use HTTP_USER_AGENT). (Jani)
- Fixed bug #50266 (conflicting types for llabs). (Jani)
- Fixed bug #50261 (Crash When Calling Parent Constructor with
  call_user_func()). (Dmitry)
- Fixed bug #50255 (isset() and empty() silently casts array to object).
  (Felipe)
- Fixed bug #50240 (pdo_mysql.default_socket in php.ini shouldn't used
  if it is empty). (foutrelis at gmail dot com, Ilia)
- Fixed bug #50231 (Socket path passed using --with-mysql-sock is ignored when
  mysqlnd is enabled). (Jani)
- Fixed bug #50219 (soap call Segmentation fault on a redirected url).
  (Pierrick)
- Fixed bug #50212 (crash by ldap_get_option() with LDAP_OPT_NETWORK_TIMEOUT).
  (Ilia, shigeru_kitazaki at cybozu dot co dot jp)
- Fixed bug #50209 (Compiling with libedit cannot find readline.h).
  (tcallawa at redhat dot com)
- Fixed bug #50207 (segmentation fault when concatenating very large strings on
  64bit linux). (Ilia)
- Fixed bug #50196 (stream_copy_to_stream() produces warning when source is
  not file). (Stas)
- Fixed bug #50195 (pg_copy_to() fails when table name contains schema. (Ilia)
- Fixed bug #50185 (ldap_get_entries() return false instead of an empty array
  when there is no error). (Jani)
- Fixed bug #50174 (Incorrectly matched docComment). (Felipe)
- Fixed bug #50168 (FastCGI fails with wrong error on HEAD request to
  non-existant file). (Dmitry)
- Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle
  database). (Felipe)
- Fixed bug #50159 (wrong working directory in symlinked files). (Dmitry)
- Fixed bug #50158 (FILTER_VALIDATE_EMAIL fails with valid addresses
  containing = or ?). (Pierrick)
- Fixed bug #50152 (ReflectionClass::hasProperty behaves like isset() not
  property_exists). (Felipe)
- Fixed bug #50146 (property_exists: Closure object cannot have properties).
  (Felipe)
- Fixed bug #50145 (crash while running bug35634.phpt). (Felipe)
- Fixed bug #50140 (With default compilation option, php symbols are unresolved
  for nsapi). (Uwe Schindler)
- Fixed bug #50087 (NSAPI performance improvements). (Uwe Schindler)
- Fixed bug #50073 (parse_url() incorrect when ? in fragment). (Ilia)
- Fixed bug #50023 (pdo_mysql doesn't use PHP_MYSQL_UNIX_SOCK_ADDR). (Ilia)
- Fixed bug #50005 (Throwing through Reflection modified Exception object
  makes segmentation fault). (Felipe)
- Fixed bug #49990 (SNMP3 warning message about security level printed twice).
  (Jani)
- Fixed bug #49985 (pdo_pgsql prepare() re-use previous aborted
  transaction). (ben dot pineau at gmail dot com, Ilia, Matteo)
- Fixed bug #49938 (Phar::isBuffering() returns inverted value). (Greg)
- Fixed bug #49936 (crash with ftp stream in php_stream_context_get_option()).
  (Pierrick)
- Fixed bug #49921 (Curl post upload functions changed). (Ilia)
- Fixed bug #49866 (Making reference on string offsets crashes PHP). (Dmitry)
- Fixed bug #49855 (import_request_variables() always returns NULL). (Ilia,
  sjoerd at php dot net)
- Fixed bug #49851, #50451 (http wrapper breaks on 1024 char long headers).
  (Ilia)
- Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning).
  (Ilia, wmeler at wp-sa dot pl)
- Fixed bug #49719 (ReflectionClass::hasProperty returns true for a private
  property in base class). (Felipe)
- Fixed bug #49677 (ini parser crashes with apache2 and using ${something}
  ini variables). (Jani)
- Fixed bug #49660 (libxml 2.7.3+ limits text nodes to 10MB). (Felipe)
- Fixed bug #49647 (DOMUserData does not exist). (Rob)
- Fixed bug #49600 (imageTTFText text shifted right). (Takeshi Abe)
- Fixed bug #49585 (date_format buffer not long enough for >4 digit years).
  (Derick, Adam)
- Fixed bug #49560 (oci8: using LOBs causes slow PHP shutdown). (Oracle Corp.)
- Fixed bug #49521 (PDO fetchObject sets values before calling constructor).
  (Pierrick)
- Fixed bug #49472 (Constants defined in Interfaces can be overridden).
  (Felipe)
- Fixed bug #49463 (setAttributeNS fails setting default namespace). (Rob)
- Fixed bug #49244 (Floating point NaN cause garbage characters). (Sjoerd)
- Fixed bug #49224 (Compile error due to old DNS functions on AIX systems).
  (Scott)
- Fixed bug #49174 (crash when extending PDOStatement and trying to set
  queryString property). (Felipe)
- Fixed bug #48811 (Directives in PATH section do not get applied to
  subdirectories). (Patch by: ct at swin dot edu dot au)
- Fixed bug #48590 (SoapClient does not honor max_redirects). (Sriram)
- Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive
  in HTTP uploads). (Ilia)
- Fixed bug #47848 (importNode doesn't preserve attribute namespaces). (Rob)
- Fixed bug #47409 (extract() problem with array containing word "this").
  (Ilia, chrisstocktonaz at gmail dot com)
- Fixed bug #47281 ($php_errormsg is limited in size of characters)
  (Oracle Corp.)
- Fixed bug #46478 (htmlentities() uses obsolete mapping table for character
  entity references). (Moriyoshi)
- Fixed bug #45599 (strip_tags() truncates rest of string with invalid
  attribute). (Ilia, hradtke)
- Fixed bug #45120 (PDOStatement->execute() returns true then false for same
  statement). (Pierrick)
- Fixed bug #44827 (define() allows :: in constant names). (Ilia)
- Fixed bug #44098 (imap_utf8() returns only capital letters).
  (steffen at dislabs dot de, Pierre)
- Fixed bug #34852 (Failure in odbc_exec() using oracle-supplied odbc
  driver). (tim dot tassonis at trivadis dot com)
3633

3634 3635 3636
19 Nov 2009, PHP 5.3.1
- Upgraded bundled sqlite to version 3.6.19. (Scott)
- Updated timezone database to version 2009.17 (2009q). (Derick)
3637