PHP 8.5.0: Downloads, Changelog, News

Release Information

Release: 8.5.0
PHP Version: PHP 8.5
Release Date: 2025 Nov 20
Release Type: Bug Fix Release
Release Status: Latest
Branch Status: Supported (Latest)

Latest PHP release in the latest version.
PHP 8.5 continues to receive bug fixes and security fixes until 2027-12-31.

PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries

Non-Thread Safe Builds

Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.

php-8.5.0-x64NTS.zip

Size: 32.96 MiB SHA256: 8c4459a13687686b910e72d0322c34dcc8df4f54acf94a6d2361af24cf6a0bd0

php-8.5.0-x86NTS.zip

Size: 29.46 MiB SHA256: 4b260762685f88ad5cdf12c3d6adf3802673a567f042e6f025a47073b7fc10e9

Thread-Safe Builds

Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

php-8.5.0-x64TS.zip

Size: 33.09 MiB SHA256: 1d75a68524f788544cb66e36378ea468ef5f9e3627ef44d8b1869b6ffa72c3d2

php-8.5.0-x86TS.zip

Size: 29.47 MiB SHA256: 38ef44af41c63561356434c0e8e2b48b49dc6a829c9d7746cc9806fb903d004c

Docker/Podman Containers

PHP CLI

PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.

docker pull php:8.5.0-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.

docker pull php:8.5.0-cli

PHP CLI + Web Server Integration

These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.

docker pull php:8.5.0-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.

docker pull php:8.5.0-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.

docker pull php:8.5.0-fpm

ChangeLog

Core

Added the #[\NoDiscard] attribute to indicate that a function's return value is important and should be consumed.
Added the (void) cast to indicate that not using a value is intentional.
Added get_error_handler(), get_exception_handler() functions.
Added support for casts in constant expressions.
Added the pipe (|>) operator.
Added support for final with constructor property promotion.
Added support for configuring the URI parser for the FTP/FTPS as well as the SSL/TLS stream wrappers as described in https://wiki.php.net/rfc/url_parsing_api#plugability.
Added PHP_BUILD_PROVIDER constant.
Added PHP_BUILD_DATE constant.
Added support for Closures and first class callables in constant expressions.
Add support for backtraces for fatal errors.
Add clone-with support to the clone() function.
Add RFC 3986 and WHATWG URL compliant APIs for URL parsing and manipulation
Fixed AST printing for immediately invoked Closure.
Properly handle __debugInfo() returning an array reference.
Properly handle reference return value from __toString().
Improved error message of UnhandledMatchError for zend.exception_string_param_max_len=0.
Fixed bug GH-15753 and GH-16198 (Bind traits before parent class).
Fixed bug GH-17951 (memory_limit is not always limited by max_memory_limit).
Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval).
Fixed bug GH-20113 (Missing new Foo(...) error in constant expressions).
Fixed bug GH-19844 (Don't bail when closing resources on shutdown).
Fixed bug GH-20177 (Accessing overridden private property in get_object_vars() triggers assertion error).
Fix OSS-Fuzz #447521098 (Fatal error during sccp shift eval).
Fixed bug GH-20002 (Broken build on *BSD with MSAN).
Fixed bug GH-19352 (Cross-compilation with musl C library).
Fixed bug GH-19765 (object_properties_load() bypasses readonly property checks).
Fixed hard_timeout with --enable-zend-max-execution-timers.
Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array).
Fixed bug GH-19823 (register_argc_argv deprecation emitted twice when using OPcache).
Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is configured).
Fixed bug GH-19719 (Allow empty statements before declare(strict_types)).
Fixed bug GH-19934 (CGI with auto_globals_jit=0 causes uouv).
Fixed bug GH-19613 (Stale array iterator pointer).
Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge).
Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0).
Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant already defined" warning).
Fixed bug GH-19476 (pipe operator fails to correctly handle returning by reference).
Fixed bug GH-19081 (Wrong lineno in property error with constructor property promotion).
Fixed bug GH-17959 (Relax missing trait fatal error to error exception).
Fixed bug GH-18033 (NULL-ptr dereference when using register_tick_function in destructor).
Fixed bug GH-18026 (Improve "expecting token" error for ampersand).
The report_memleaks INI directive has been deprecated.
Fixed OSS-Fuzz #439125710 (Pipe cannot be used in write context).
Fixed bug GH-19548 (Shared memory violation on property inheritance).
Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap references).
Fixed bug GH-18373 (Don't substitute self/parent with anonymous class).
Fix support for non-userland stream notifiers.
Fixed bug GH-19305 (Operands may be being released during comparison).
Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator).
Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes).
Fix OSS-Fuzz #427814452 (pipe compilation fails with assert).
Fixed bug GH-16665 (\array and \callable should not be usable in class_alias).
Use clock_gettime_nsec_np() for high resolution timer on macOS if available.
Make clone() a function.
Introduced the TAILCALL VM, enabled by default when compiling with Clang>=19 on x86_64 or aarch64.
Enacted the follow-up phase of the "Path to Saner Increment/Decrement operators" RFC, meaning that incrementing non-numeric strings is now deprecated.
Various closure binding issues are now deprecated.
Constant redeclaration has been deprecated.
Marks the stack as non-executable on Haiku.
Deriving $_SERVER['argc'] and $_SERVER['argv'] from the query string is now deprecated.
Using null as an array offset or when calling array_key_exists() is now deprecated.
The disable_classes INI directive has been removed.
The locally predefined variable $http_response_header is deprecated.
Non-canonical cast names (boolean), (integer), (double), and (binary) have been deprecated.
The $exclude_disabled parameter of the get_defined_functions() function has been deprecated, as it no longer has any effect since PHP 8.0.
Terminating case statements with a semicolon instead of a colon has been deprecated.
The backtick operator as an alias for shell_exec() has been deprecated.
Returning null from __debugInfo() has been deprecated.
Support #[\Override] on properties.
Destructing non-array values (other than NULL) using [] or list() now emits a warning.
Casting floats that are not representable as ints now emits a warning.
Casting NAN to other types now emits a warning.
Implement GH-15680 (Enhance zend_dump_op_array to properly represent non-printable characters in string literals).
Fixed bug GH-17442 (Engine UAF with reference assign and dtor).
Do not use RTLD_DEEPBIND if dlmopen is available.

BCMath

Simplify bc_divide() code.
If the result is 0, n_scale is set to 0.
If size of BC_VECTOR array is within 64 bytes, stack area is now used.
Fixed bug GH-20006 (Power of 0 of BcMath number causes UB).

Bz2

Fixed bug GH-19810 (Broken bzopen() stream mode validation).

CLI

Add --ini=diff to print INI settings changed from the builtin default.
Drop support for -z CLI/CGI flag.
Fixed GH-17956 - development server 404 page does not adapt to mobiles.
Fix useless "Failed to poll event" error logs due to EAGAIN in CLI server with PHP_CLI_SERVER_WORKERS.
Fixed bug GH-19461 (Improve error message on listening error with IPv6 address).

COM

Fixed property access of PHP objects wrapped in variant.
Fixed method calls for PHP objects wrapped in variant.

Curl

Added CURLFOLLOW_ALL, CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY values for CURLOPT_FOLLOWLOCATION curl_easy_setopt option.
Added curl_multi_get_handles().
Added curl_share_init_persistent().
Added CURLINFO_USED_PROXY, CURLINFO_HTTPAUTH_USED, and CURLINFO_PROXYAUTH_USED support to curl_getinfo.
Add support for CURLINFO_CONN_ID in curl_getinfo()
Add support for CURLINFO_QUEUE_TIME_T in curl_getinfo()
Add support for CURLOPT_SSL_SIGNATURE_ALGORITHMS.
The curl_close() function has been deprecated.
The curl_share_close() function has been deprecated.
Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead of the curl_copy_handle() function to clone a CurlHandle.

Date

Fix undefined behaviour problems regarding integer overflow in extreme edge cases.
The DATE_RFC7231 and DateTimeInterface::RFC7231 constants have been deprecated.
Fixed date_sunrise() and date_sunset() with partial-hour UTC offset.
Fixed GH-17159: "P" format for ::createFromFormat swallows string literals.
The __wakeup() magic method of DateTimeInterface, DateTime, DateTimeImmutable, DateTimeZone, DateInterval, and DatePeriod has been deprecated in favour of the __unserialize() magic method.

DOM

Added Dom\Element::$outerHTML.
Added Dom\Element::insertAdjacentHTML().
Added $children property to ParentNode implementations.
Make cloning DOM node lists, maps, and collections fail.
Added Dom\Element::getElementsByClassName().
Fixed bug GH-18877 (\Dom\HTMLDocument querySelectorAll selecting only the first when using ~ and :has).
Fix getNamedItemNS() incorrect namespace check.

Enchant

Added enchant_dict_remove_from_session().
Added enchant_dict_remove().
Fix missing empty string checks.

EXIF

Add OffsetTime* Exif tags.
Added support to retrieve Exif from HEIF file.
Fix OSS-Fuzz #442954659 (zero-size box in HEIF file causes infinite loop).
Fix OSS-Fuzz #442954659 (Crash in exif_scan_HEIF_header).
Various hardening fixes to HEIF parsing.

FileInfo

The finfo_close() function has been deprecated.
The $context parameter of the finfo_buffer() function has been deprecated as it is ignored.
Upgrade to file 5.46.
Change return type of finfo_close() to true.

Filter

Added support for configuring the URI parser for FILTER_VALIDATE_URL as described in https://wiki.php.net/rfc/url_parsing_api#plugability.
Fixed bug GH-16993 (filter_var_array with FILTER_VALIDATE_INT|FILTER_NULL_ON_FAILURE should emit warning for invalid filter usage).

FPM

Fixed bug GH-19817 (Decode SCRIPT_FILENAME issue in php 8.5).
Fixed bug GH-19989 (PHP 8.5 FPM access log lines also go to STDERR).
Fixed GH-17645 (FPM with httpd ProxyPass does not decode script path).
Make FPM access log limit configurable using log_limit.
Fixed failed debug assertion when php_admin_value setting fails.
Fixed GH-8157 (post_max_size evaluates .user.ini too late in php-fpm).

GD

Fixed bug #68629 (Transparent artifacts when using imagerotate).
Fixed bug #64823 (ZTS GD fails to find system TrueType font).
Fix incorrect comparison with result of php_stream_can_cast().
The imagedestroy() function has been deprecated.

Iconv

Extends the ICONV_CONST preprocessor for illumos/solaris.

Intl

Bumped ICU requirement to ICU >= 57.1.
IntlDateFormatter::setTimeZone()/datefmt_set_timezone() throws an exception with uninitialised classes or clone failure.
Added DECIMAL_COMPACT_SHORT/DECIMAL_COMPACT_LONG for NumberFormatter class.
Added Locale::isRightToLeft to check if a locale is written right to left.
Added null bytes presence in locale inputs for Locale class.
Added grapheme_levenshtein() function.
Added Locale::addLikelySubtags/Locale::minimizeSubtags to handle adding/removing likely subtags to a locale.
Added IntlListFormatter class to format a list of items with a locale, operands types and units.
Added grapheme_strpos(), grapheme_stripos(), grapheme_strrpos(), grapheme_strripos(), grapheme_substr(), grapheme_strstr(), grapheme_stristr() and grapheme_levenshtein() functions add $locale parameter
Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter).
Fixed bug GH-18566 ([intl] Weird numeric sort in Collator).
Fix return value on failure for resourcebundle count handler.
Fixed bug GH-19307 (PGO builds of shared ext-intl are broken).
Intl's internal error mechanism has been modernized so that it indicates more accurately which call site caused what error. Moreover, some ext/date exceptions have been wrapped inside a IntlException now.
The intl.error_level INI setting has been deprecated.

LDAP

Allow ldap_get_option to retrieve global option by allowing NULL for connection instance ($ldap).

MBstring

Updated Unicode data tables to Unicode 17.0.

MySQLi

Fixed bugs GH-17900 and GH-8084 (calling mysqli::__construct twice).
The mysqli_execute() alias function has been deprecated.

MySQLnd

Added mysqlnd.collect_memory_statistics to ini quick reference.

ODBC

Removed driver-specific build flags and support.
Remove ODBCVER and assume ODBC 3.5.

Opcache

Make OPcache non-optional
Added opcache.file_cache_read_only.
Updated default value of opcache.jit_hot_loop.
Log a warning when opcache lock file permissions could not be changed.
Fixed bug GH-20012 (heap buffer overflow in jit).
Partially fixed bug GH-17733 (Avoid calling wrong function when reusing file caches across differing environments).
Disallow changing opcache.memory_consumption when SHM is already set up.
Fixed bug GH-15074 (Compiling opcache statically into ZTS PHP fails).
Fixed bug GH-17422 (OPcache bypasses the user-defined error handler for deprecations).
Fixed bug GH-19301 (opcache build failure).
Fixed bug GH-20081 (access to uninitialized vars in preload_load()).
Fixed bug GH-20121 (JIT broken in ZTS builds on MacOS 15).
Fixed bug GH-19875 (JIT 1205 segfault on large file compiled in subprocess).
Fixed segfault in function JIT due to NAN to bool warning.
Fixed bug GH-19984 (Double-free of EG(errors)/persistent_script->warnings on persist of already persisted file).
Fixed bug GH-19889 (race condition in zend_runtime_jit(), zend_jit_hot_func()).
Fixed bug GH-19669 (assertion failure in zend_jit_trace_type_to_info_ex).
Fixed bug GH-19831 (function JIT may not deref property value).
Fixed bug GH-19486 (Incorrect opline after deoptimization).
Fixed bug GH-19601 (Wrong JIT stack setup on aarch64/clang).
Fixed bug GH-19388 (Broken opcache.huge_code_pages).
Fixed bug GH-19657 (Build fails on non-glibc/musl/freebsd/macos/win platforms).
Fixed ZTS OPcache build on Cygwin.
Fixed bug GH-19493 (JIT variable not stored before YIELD).

OpenSSL

Added openssl.libctx INI that allows to select the OpenSSL library context type and convert various parts of the extension to use the custom libctx.
Add $digest_algo parameter to openssl_public_encrypt() and openssl_private_decrypt() functions.
Implement #81724 (openssl_cms_encrypt only allows specific ciphers).
Implement #80495 (Enable to set padding in openssl_(sign|verify).
Implement #47728 (openssl_pkcs7_sign ignores new openssl flags).
Fixed bug GH-19994 (openssl_get_cipher_methods inconsistent with fetching).
Fixed build when --with-openssl-legacy-provider set.
Fixed bug GH-19369 (8.5 | Regression in openssl_sign() - support for alias algorithms appears to be broken).
The $key_length parameter for openssl_pkey_derive() has been deprecated.

Output

Fixed calculation of aligned buffer size.

PCNTL

Extend pcntl_waitid with rusage parameter.

PCRE

Remove PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK from pcre compile options.

PDO

Fixed bug GH-20095 (Incorrect class name in deprecation message for PDO mixins).
Driver specific methods and constants in the PDO class are now deprecated.
The "uri:" DSN scheme has been deprecated due to security concerns with DSNs coming from remote URIs.

PDO_ODBC

Fetch larger block sizes and better handle SQL_NO_TOTAL when calling SQLGetData.

PDO_PGSQL

Added Iterable support for PDO::pgsqlCopyFromArray.
Implement GH-15387 Pdo\Pgsql::setAttribute(PDO::ATTR_PREFETCH, 0) or Pdo\Pgsql::prepare(…, [ PDO::ATTR_PREFETCH => 0 ]) make fetch() lazy instead of storing the whole result set in memory

PDO_SQLITE

Add PDO`Sqlite::ATTR_TRANSACTION_MODE` connection attribute.
Implement GH-17321: Add setAuthorizer to Pdo\Sqlite.
PDO::sqliteCreateCollation now throws a TypeError if the callback has a wrong return type.
Added Pdo_Sqlite::ATTR_BUSY_STATEMENT constant to check if a statement is currently executing.
Added Pdo_Sqlite::ATTR_EXPLAIN_STATEMENT constant to set a statement in either EXPLAIN_MODE_PREPARED, EXPLAIN_MODE_EXPLAIN, EXPLAIN_MODE_EXPLAIN_QUERY_PLAN modes.
Fix bug GH-13952 (sqlite PDO::quote silently corrupts strings with null bytes) by throwing on null bytes.

PGSQL

Added pg_close_stmt to close a prepared statement while allowing its name to be reused.
Added Iterable support for pgsql_copy_from.
pg_connect checks if connection_string contains any null byte, pg_close_stmt check if the statement contains any null byte.
Added pg_service to get the connection current service identifier.
Fix segfaults when attempting to fetch row into a non-instantiable class name.

Phar

Fix potential buffer length truncation due to usage of type int instead of type size_t.
Fixed memory leaks when verifying OpenSSL signature.

POSIX

Added POSIX_SC_OPEN_MAX constant to get the number of file descriptors a process can handle.
posix_ttyname() sets last_error to EBADF on invalid file descriptors, posix_isatty() raises E_WARNING on invalid file descriptors, posix_fpathconf checks invalid file descriptors.
posix_kill and posix_setpgid throws a ValueError on invalid process_id.
posix_setpgid throws a ValueError on invalid process_group_id, posix_setrlimit throws a ValueError on invalid soft_limit and hard_limit arguments.

Random

Moves from /dev/urandom usage to arc4random_buf on Haiku.

Reflection

Added ReflectionConstant::getExtension() and ::getExtensionName().
Added ReflectionProperty::getMangledName() method.
ReflectionConstant is no longer final.
The setAccessible() methods of various Reflection objects have been deprecated, as those no longer have an effect.
ReflectionClass::getConstant() for constants that do not exist has been deprecated.
ReflectionProperty::getDefaultValue() for properties without default values has been deprecated.
Fixed bug GH-12856 (ReflectionClass::getStaticPropertyValue() returns UNDEF zval for uninitialized typed properties).
Fixed bug GH-15766 (ReflectionClass::__toString() should have better output for enums).
Fix GH-19691 (getModifierNames() not reporting asymmetric visibility).
Fixed bug GH-17927 (Reflection: have some indication of property hooks in _property_string()).
Fixed bug GH-19187 (ReflectionNamedType::getName() prints nullable type when retrieved from ReflectionProperty::getSettableType()).
Fixed bug GH-20217 (ReflectionClass::isIterable() incorrectly returns true for classes with property hooks).

SAPI

Fixed bug GH-18582 and #81451: http_response_code() does not override the status code generated by header().

Session

session_start() throws a ValueError on option argument if not a hashmap or a TypeError if read_and_close value is not compatible with int.
Added support for partitioned cookies.
Fix RC violation of session SID constant deprecation attribute.
Fixed GH-19197: build broken with ZEND_STRL usage with memcpy when implemented as macro.

SimpleXML

Fixed bug GH-12231 (SimpleXML xpath should warn when returning other return types than node lists).

SNMP

snmpget, snmpset, snmp_get2, snmp_set2, snmp_get3, snmp_set3 and SNMP::__construct() throw an exception on invalid hostname, community timeout and retries arguments.

SOAP

Added support for configuring the URI parser for SoapClient::__doRequest() as described in https://wiki.php.net/rfc/url_parsing_api#plugability.
Implement request #55503 (Extend __getTypes to support enumerations).
Implement request #61105 (Support Soap 1.2 SoapFault Reason Text lang attribute).
Fixed bug #49169 (SoapServer calls wrong function, although "SOAP action" header is correct).
Fix namespace handling of WSDL and XML schema in SOAP, fixing at least GH-16320 and bug #68576.
Fixed bug #70951 (Segmentation fault on invalid WSDL cache).
Fixed bug GH-19773 (SIGSEGV due to uninitialized soap_globals->lang_en).
Fixed bug GH-19226 (Segfault when spawning new thread in soap extension).

Sockets

Added IPPROTO_ICMP/IPPROTO_ICMPV6 to create raw socket for ICMP usage.
Added TCP_FUNCTION_BLK to change the TCP stack algorithm on FreeBSD.
Added IP_BINDANY for a socket to bind to any address.
Added SO_BUSY_POOL to reduce packets poll latency.
Added UDP_SEGMENT support to optimise multiple large datagrams over UDP if the kernel and hardware supports it.
Added SHUT_RD, SHUT_WR and SHUT_RDWR constants for socket_shutdown().
Added TCP_FUNCTION_ALIAS, TCP_REUSPORT_LB_NUMA, TCP_REUSPORT_LB_NUMA_NODOM, TCP_REUSPORT_LB_CURDOM, TCP_BBR_ALGORITHM constants.
socket_set_option() catches possible overflow with SO_RCVTIMEO/SO_SNDTIMEO with timeout setting on windows.
socket_create_listen() throws an exception on invalid port value.
socket_bind() throws an exception on invalid port value.
socket_sendto() throws an exception on invalid port value.
socket_addrinfo_lookup throws an exception on invalid hints value types.
socket_addrinfo_lookup throws an exception if any of the hints value overflows.
socket_addrinfo_lookup throws an exception if one or more hints entries has an index as numeric.
socket_set_option with the options MCAST_LEAVE_GROUP/MCAST_LEAVE_SOURCE_GROUP will throw an exception if its value is not a valid array/object.
socket_getsockname/socket_create/socket_bind handled AF_PACKET family socket.
socket_set_option for multicast context throws a ValueError when the socket family is not of AF_INET/AF_INET6 family.

Sodium

Fix overall theoretical overflows on zend_string buffer allocations. (David Carlier/nielsdos)

SPL

Fixed bug GH-20101 (SplHeap/SplPriorityQueue serialization exposes INDIRECTs).
Improve __unserialize() hardening for SplHeap/SplPriorityQueue.
Deprecate ArrayObject and ArrayIterator with objects.
Unregistering all autoloaders by passing the spl_autoload_call() function as a callback argument to spl_autoload_unregister() has been deprecated. Instead if this is needed, one should iterate over the return value of spl_autoload_functions() and call spl_autoload_unregister() on each value.
The SplObjectStorage::contains(), SplObjectStorage::attach(), and SplObjectStorage::detach() methods have been deprecated in favour of SplObjectStorage::offsetExists(), SplObjectStorage::offsetSet(), and SplObjectStorage::offsetUnset() respectively.

Sqlite

Added Sqlite3Stmt::busy to check if a statement is still being executed.
Added Sqlite3Stmt::explain to produce an explain query plan from the statement.
Added Sqlite3Result::fetchAll to return all results at once from a query.

Standard

Add HEIF/HEIC support to getimagesize.
Added support for partitioned cookies.
Implement #71517 (Implement SVG support for getimagesize() and friends).
Implement GH-19188: Add support for new INI mail.cr_lf_mode.
Optimized PHP html_entity_decode function.
Minor optimization to array_chunk().
Optimized pack().
Fixed crypt() tests on musl when using --with-external-libcrypt
Fixed bug GH-18062 (is_callable(func(...), callable_name: $name) for first class callables returns wrong name).
Added array_first() and array_last().
Fixed bug GH-18823 (setlocale's 2nd and 3rd argument ignores strict_types).
Fixed exit code handling of sendmail cmd and added warnings.
Fixed bug GH-18897 (printf: empty precision is interpreted as precision 6, not as precision 0).
Fixed bug GH-20257 (mail() heap overflow with an empty message in lf mode).
Fixed bug GH-20201 (AVIF images misdetected as HEIF after introducing HEIF support in getimagesize()).
Fixed bug GH-19926 (reset internal pointer earlier while splicing array while COW violation flag is still set).
Fixed bug GH-19801 (leaks in var_dump() and debug_zval_dump()).
Fixed GH-14402 (SplPriorityQueue, SplMinHeap, and SplMaxHeap lost their data on serialize()).
Fixed GH-19610 (Deprecation warnings in functions taking as argument).
Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator).
Fixed bug GH-19153 (#[\Attribute] validation should error on trait/interface/enum/abstract class).
Fixed bug GH-19070 (setlocale($type, NULL) should not be deprecated).
Fixed bug GH-16649 (UAF during array_splice).
Passing strings which are not one byte long to ord() is now deprecated.
Passing integers outside the interval [0, 255] to chr() is now deprecated.
The socket_set_timeout() alias function has been deprecated.
Passing null to readdir(), rewinddir(), and closedir() to use the last opened directory has been deprecated.

Streams

Fixed bug GH-16889 (stream_select() timeout useless for pipes on Windows).
Fixed bug GH-19798: XP_SOCKET XP_SSL (Socket stream modules): Incorrect condition for Win32/Win64.
Fixed bug GH-14506 (Closing a userspace stream inside a userspace handler causes heap corruption).
Avoid double conversion to string in php_userstreamop_readdir().

Tests

Allow to shuffle tests even in non-parallel mode.

Tidy

tidy::__construct/parseFile/parseString methods throw an exception if the configuration argument is invalid.
Fixed GH-19021 (improved tidyOptGetCategory detection).

Tokenizer

Fixed bug GH-19507 (Corrupted result after recursive tokenization during token_get_all()).

Windows

Fixed bug GH-10992 (Improper long path support for relative paths).
Fixed bug GH-16843 (Windows phpize builds ignore source subfolders).
Fix GH-19722 (_get_osfhandle asserts in debug mode when given a socket).

XML

The xml_parser_free() function has been deprecated.

XMLWriter

Improved performance and reduce memory consumption.

XSL

Implement request GH-30622 (make $namespace parameter functional).

Zlib

gzfile, gzopen and readgzfile, their "use_include_path" argument is now a boolean.
Fixed bug GH-16883 (gzopen() does not use the default stream context when opening HTTP URLs).
Implemented GH-17668 (zlib streams should support locking).

Zip

Fixed missing zend_release_fcall_info_cache on the following methods ZipArchive::registerProgressCallback() and ZipArchive::registerCancelCallback() on failure.