Release Information
- Release Type
- Bug Fix Release
- Release Status
- QA Release Latest
- Branch Status
- Upcoming Release
PHP 8.6 is a development version, and is not recommended for production use. This is the latest QA release in the series.
Downloads
Source Code
Git Clone
Use Git to clone the 8.6.0alpha1 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.6.0alpha1How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
./buildconf), configuring the build ./configure, and running make.Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.
Docker/Podman Containers
PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.6.0alpha1-cli-alpineDebian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.6.0alpha1-cliPHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.
Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.6.0alpha1-fpm-alpineDebian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.6.0alpha1-apacheDebian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.6.0alpha1-fpmChangeLog
Core
- Added first-class callable cache to share instances for the duration of the request.
- It is now possible to use reference assign on WeakMap without the key needing to be present beforehand.
- Added
clamp(). - Fix OSS-Fuzz #429429090 (Failed assertion on
unset()with uninitialized container). - Fixed GH-20564 (Don't call autoloaders with pending exception).
- Fix deprecation now showing when accessing null key of an array with JIT.
- Fixed bug GH-20174 (Assertion failure in
ReflectionProperty::skipLazyInitializationafter failed LazyProxy initialization). - Enabled the TAILCALL VM on Windows when compiling with Clang >= 19 x86_64.
- Deprecate specifying a nullable return type for
__debugInfo(). - Fixed bug GH-22142 (Assertion failure in
zendi_try_get_long()on IS_UNDEF). - Fixed bug GH-22046 (The unserialize function can lead to segfault when non-Serializable internal classes are serialized back with the C format).
- Fixed bug GH-22292 (AST pretty printing does not correctly handle invalid variable names).
- Fixed bug GH-22291 (AST pretty printing does not correctly handle braces in string interpolation).
- Fixed bug GH-22373 (AST pretty-printing drops meaningful parentheses surrounding property access).
- Fixed GH-22422 (
zend_arenalayout mismatch leaked memory in separately built extensions under AddressSanitizer). - TSRM: use local-exec TLS in PIE executables.
- perf: make all static extensions use TSRMG_STATIC.
- Fixed bug GH-22257 (type confusion in
Exception::getTraceAsString()). - TSRM: make CG, EG, SCNG and AG compile-time offsets.
- Deprecate returning values from
__construct()and__destruct().
BCMath
- Added NUL-byte validation to BCMath functions.
BZ2
- Reject oversized input in bzdecompress().
Curl
- Add support for
CURLINFO_SIZE_DELIVERED(libcurl >= 8.20.0).
Date
- Update timelib to 2022.16.
DOM
- Removed LIBXML_XINCLUDE from valid options for XMLDocument, as it was a no-op.
- Readonly DOM properties are now declared with asymmetric visibility (public private(set)).
ReflectionProperty::isWritable()reports them correctly, and external writes raise "Cannot modify private(set) property" instead of the previous readonly modification error. - Fixed Dom\Notation nodes missing tree connection, so that ownerDocument, parentNode, isConnected and baseURI now return correct values, and textContent returns NULL per the DOM specification.
EXIF
- Added support for reading EXIF metadata from WebP images (GH-19904).
Fileinfo
- Fixed bug GH-20679 (
finfo_file()doesn't work on remote resources). - Fixed bug #66095 (Hide libmagic dynamic symbols).
GD
- imagesetstyle()/imagefilter()/
imagecrop()check array argument entries types.
GMP
gmp_fact()reject values larger than unsigned long.- gmp_pow/binomial/root/rootrem and shift/pow operators reject values larger than unsigned long.
- GMP exponentiation and shift operators now emit a deprecation warning when converting a float right operand to int loses precision.
Hash
- Upgrade xxHash to 0.8.2.
Intl
- Fixed malformed
ResourceBundle::get()error message when fallback is disabled. - Added
Locale::getDisplayKeyword()andLocale::getDisplayKeywordValue(), with the alias oflocale_get_display_keyword()andlocale_get_display_keyword_value()respectively. - Fix incorrect argument positions for invalid start/end arguments in
transliterator_transliterate(). - Fixed
IntlTimeZone::getDisplayName()to synchronize object error state for invalid display types. - Fixed
Locale::lookup()andlocale_lookup()to return NULL instead of the fallback locale when a language tag cannot be canonicalized. - Added IntlNumberRangeFormatter class to format an interval of two numbers with a given skeleton, locale, collapse type and identity fallback.
- Fixed bug GH-20426 (
Spoofchecker::setRestrictionLevel()error message suggests missing constants). - Added
grapheme_strrev - Passing a non-stringable object as a time zone to Intl time zone argument handling now raises TypeError instead of Error.
IntlBreakIterator::getLocale()now raises ValueError for invalid locale types.- Fixed
MessageFormatter::parse()and parseMessage() returningPHP_INT_MINas float rather than int on 64-bit platforms. - Fixed
UConverter::transcode()silently truncating from_subst and to_subst option lengths greater than 127 bytes. - Fixed
IntlIterator::current()to return NULL instead of an undefined value when the iterator is not positioned on a valid element.
IO
- Added new polling API.
JSON
- Enriched JSON last error / exception message with error location.
Fibers
- Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value).
- Fixed bug GH-20862 (null pointer dereference in
php_mail_detect_multiple_crlfvia error_log
Mbstring
ini_set()with mbstring.detect_order changes the order ofmb_detect_orderas intended, since mbstring.detect_order is an INI_ALL setting.- Added GB18030-2022 to default encoding list for zh-CN.
- Fixed bug GH-20836 (Stack overflow in
mb_convert_variableswith recursive array references). - Fixed bug GH-21223;
mb_guess_encodingno longer crashes when passed huge list of candidate encodings (with 200,000+ entries). - mbregex has been deprecated.
Mysqli
- Added
mysqli_quote_string()andmysqli::quote_string().
Opcache
- Fixed bug GH-20051 (apache2 shutdowns when restart is requested during preloading).
OpenSSL
- Added AES-SIV support.
- Implemented GH-20310 (No critical extension indication in
openssl_x509_parse()output). - Added TLS session resumption support for streams with new context options and Openssl\Session class.
- Added TLS external PSK support for streams with new context options and Openssl\Psk class.
- Added stream crypto status for exposing OpenSSL WANT_READ / WANT_WRITE.
PCNTL
pcntl_exec()now throws a ValueError if the$argsarray is not a list array.
PDO_DBLIB
- Added dblib_handle_check_liveness handler.
PDO_PGSQL
- Clear session-local state disconnect-equivalent processing.
PGSQL
- Enabled 64 bits support for pg_lo_truncate()/
pg_lo_tell()if the server supports it. pg_fetch_object()now surfaces non-instantiable class errors before fetching, resolves the constructor via the get_constructor handler, and reports the empty-constructor ValueError on the$constructor_argsargument.
Phar
- Support reference values in
Phar::mungServer(). - Invalid values now throw in
Phar::mungServer()instead of being silently ignored. - Fixed a bypass of the magic ".phar" directory protection in
Phar::addEmptyDir()for paths starting with "/.phar". - Fixed an integer underflow when parsing ZIP extra fields.
Phar::addEmptyDir()now allows non-magic directory names that merely share the ".phar" prefix.- Support overridden methods in SplFileInfo for getMTime() and getPathname() when building a phar.
- Mark
Phar::buildFromIterator()base directory argument as a path.
Posix
- Added validity check to the flags argument for
posix_access().
Reflection
- Fixed bug GH-20217 (
ReflectionClass::isIterable()incorrectly returns true for classes with property hooks). - Added
ReflectionConstant::inNamespace(). - Added
ReflectionProperty::isReadable()and ::isWritable(). - Fixed bug GH-21362 (ReflectionMethod::invoke/invokeArgs() did not verify Closure instance identity for
Closure::__invoke()). - Added
ReflectionParameter::getDocComment().
Session
- Fixed bug 71162 (updateTimestamp never called when session data is empty).
- Null bytes in
session.cookie_path,session.cookie_domain, andsession.cache_limiter are now rejected with a warning. session.cookie_samesite now rejects invalid values with a warning; only "Strict", "Lax", "None", or "" are accepted.session.cookie_lifetime now rejects non-integer and out-of-range values with a warning.- Session file GC now recursively cleans nested subdirectories when session.save_path uses the dirdepth prefix.
- Changed defaults of session.use_strict_mode (now 1),
session.cookie_httponly (now 1) andsession.cookie_samesite (now "Lax").
Shmop
- Fixed bug GH-9945 (
shmop_open()silently truncates keys outside the key_t range).
Soap
Soap::__setCookie()when cookie name is a digit is now not stored and represented as a string anymore but a int.- Fixed bug GH-21421 (SoapClient typemap property breaks engine assumptions).
- WSDL/XML Schema parsing now rejects out-of-range integer values for occurrence constraints and integer restriction facets. Negative minOccurs and maxOccurs values are rejected as well.
Sockets
- Added the
TCP_USER_TIMEOUTconstant for Linux to set the maximum time in milliseconds transmitted data can remain unacknowledged. - Added AF_UNSPEC support for
sock_addrinfo_lookup()as a sole umbrella for AF_INET* family only. - Fixed GH-20532 (
socket_addrinfo_lookupgives the error code with a new optional parameter). - Added AF_PACKET support completion for
socket_sendto()/socket_recvfrom().
Sodium
- Added support for libsodium 1.0.21 IPcrypt and XOF APIs.
- pwhash argument-validation errors now throw ValueError instead of SodiumException.
SPL
- DirectoryIterator key can now work better with filesystem supporting larger directory indexing.
- Fixed bug GH-21831 (
SplObjectStorage::removeAllExcept()use-after-free with re-entrant getHash()). - Fix bugs GH-8561, GH-8562, GH-8563, and GH-8564 (Fixing various SplFileObject iterator desync bugs).
- Fix bug GH-22062 (SplDoublyLinkedList iterator UAF via destructor releasing next node).
Sysvshm
- Fixed
shm_attach()to throw ValueError for keys outside the key_t range.
Sqlite3
- Fix NUL byte truncation in sqlite3 TEXT column handling.
Standard
- Fixed bug GH-19926 (reset internal pointer earlier while splicing array while COW violation flag is still set).
- Added form feed (\f) in the default trimmed characters of
trim(),rtrim()and ltrim(). - Invalid mode values now throw in
array_filter()instead of being silently defaulted to 0. - Fixed bug GH-21058 (
error_log()crashes with message_type 3 and null destination). - Fixed bug GH-13204 (
glob()fails if square bracket is in current directory). - Add array size maximum to
array_diff(). - Add enum SortDirection.
pathinfo()raises a ValueError with an invalid$flagsargument.- Passing an invalid flag value to the second argument of
scandir()will now throw a ValueError. array_change_key_case()now raises a ValueError when an invalid$caseargument value is passed.linkinfo()now raises a ValueError when the argument is an empty string.getenv()andputenv()now raises a ValueError when the first argument contains NUL bytes.- dl() now raises a ValueError when the
$extension_filenameargument contains NUL bytes. openlog()now raises a ValueError when the$prefixargument contains NUL bytes.parse_str()now raises a ValueError when the$stringargument contains NUL bytes.proc_open()now raises a ValueError when the$cwdargument contains NUL bytes.ini_get_all()now includes the built-in default value in the details.- Fixed bug GH-22171 (Invalid auth header generation in http(s) stream wrapper).
- Fixed bug GH-17384 (
number_format()may exhaust memory with decimals outside the range from -2147483648 to 2147483647).
Streams
- Added new stream errors API including new StreamException, StreamError classes, StreamErrorStore, StreamErrorMode, StreamErrorCode enums,
stream_last_errors()andstream_clear_errors()functions, error_mode, error_store and error_handler stream context options and extending some stream functions with context param. - Added so_keepalive, tcp_keepidle, tcp_keepintvl and tcp_keepcnt stream socket context options.
- Added so_reuseaddr streams context socket option that allows disabling address reuse.
- Fixed bug GH-20370 (User stream filters could violate typed property constraints).
- Allowed filtered streams to be casted as fd for select.
- Fixed bug GH-21221 (Prevent closing of innerstream of php://temp stream).
- Improved
stream_socket_server()bind failure error reporting. - Fixed bug #49874 (
ftell()andfseek()inconsistency when using stream filters).
URI
- Added
Uri\Rfc3986\Uri::getUriType()andUri\WhatWg\Url::isSpecialScheme(). - Added
Uri\Rfc3986\Uri::getHostType()andUri\WhatWg\Url::getHostType(). - Added Uri\Rfc3986\UriBuilder.
Zip
- Fixed bug GH-21682 (ZipArchive instances should not be serializable). serialize()/
unserialize()now throw unless a subclass overrides__serialize()/__unserialize(). - Fixed ZipArchive callback being called after executor has shut down.
- Support minimum version for libzip dependency updated to 1.0.0.
- Added
ZipArchive::openString()method.
Zlib
deflate_init()now raises a TypeError when the value for option "level", "memory", "window", or "strategy" is not of type int.inflate_init()now raises a TypeError when the value for option "window" is not of type int.