PHP 8.6.0alpha1: Downloads, Changelog, News

Release Information

Release
8.6.0alpha1
PHP Version
PHP 8.6
Release Date
Release Type
Bug Fix Release
Release Status
QA Release Latest
Branch Status
Upcoming Release

PHP 8.6 is a development version, and is not recommended for production use. This is the latest QA release in the series.

Downloads

Source Code

Git Clone
Use Git to clone the 8.6.0alpha1 tag from the PHP Git repository.
git clone https://github.com/php/php-src.git --depth 1 --branch php-8.6.0alpha1
How to compile PHP
PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Docker/Podman Containers

PHP CLI
PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.6.0alpha1-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.
docker pull php:8.6.0alpha1-cli
PHP CLI + Web Server Integration
These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.
docker pull php:8.6.0alpha1-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.
docker pull php:8.6.0alpha1-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.
docker pull php:8.6.0alpha1-fpm

ChangeLog

Core

  • Added first-class callable cache to share instances for the duration of the request.
  • It is now possible to use reference assign on WeakMap without the key needing to be present beforehand.
  • Added clamp().
  • Fix OSS-Fuzz #429429090 (Failed assertion on unset() with uninitialized container).
  • Fixed GH-20564 (Don't call autoloaders with pending exception).
  • Fix deprecation now showing when accessing null key of an array with JIT.
  • Fixed bug GH-20174 (Assertion failure in ReflectionProperty::skipLazyInitialization after failed LazyProxy initialization).
  • Enabled the TAILCALL VM on Windows when compiling with Clang >= 19 x86_64.
  • Deprecate specifying a nullable return type for __debugInfo().
  • Fixed bug GH-22142 (Assertion failure in zendi_try_get_long() on IS_UNDEF).
  • Fixed bug GH-22046 (The unserialize function can lead to segfault when non-Serializable internal classes are serialized back with the C format).
  • Fixed bug GH-22292 (AST pretty printing does not correctly handle invalid variable names).
  • Fixed bug GH-22291 (AST pretty printing does not correctly handle braces in string interpolation).
  • Fixed bug GH-22373 (AST pretty-printing drops meaningful parentheses surrounding property access).
  • Fixed GH-22422 (zend_arena layout mismatch leaked memory in separately built extensions under AddressSanitizer).
  • TSRM: use local-exec TLS in PIE executables.
  • perf: make all static extensions use TSRMG_STATIC.
  • Fixed bug GH-22257 (type confusion in Exception::getTraceAsString()).
  • TSRM: make CG, EG, SCNG and AG compile-time offsets.
  • Deprecate returning values from __construct() and __destruct().

BCMath

  • Added NUL-byte validation to BCMath functions.

BZ2

  • Reject oversized input in bzdecompress().

Curl

  • Add support for CURLINFO_SIZE_DELIVERED (libcurl >= 8.20.0).

Date

  • Update timelib to 2022.16.

DOM

  • Removed LIBXML_XINCLUDE from valid options for XMLDocument, as it was a no-op.
  • Readonly DOM properties are now declared with asymmetric visibility (public private(set)). ReflectionProperty::isWritable() reports them correctly, and external writes raise "Cannot modify private(set) property" instead of the previous readonly modification error.
  • Fixed Dom\Notation nodes missing tree connection, so that ownerDocument, parentNode, isConnected and baseURI now return correct values, and textContent returns NULL per the DOM specification.

EXIF

  • Added support for reading EXIF metadata from WebP images (GH-19904).

Fileinfo

  • Fixed bug GH-20679 (finfo_file() doesn't work on remote resources).
  • Fixed bug #66095 (Hide libmagic dynamic symbols).

GD

  • imagesetstyle()/imagefilter()/imagecrop() check array argument entries types.

GMP

  • gmp_fact() reject values larger than unsigned long.
  • gmp_pow/binomial/root/rootrem and shift/pow operators reject values larger than unsigned long.
  • GMP exponentiation and shift operators now emit a deprecation warning when converting a float right operand to int loses precision.

Hash

  • Upgrade xxHash to 0.8.2.

Intl

  • Fixed malformed ResourceBundle::get() error message when fallback is disabled.
  • Added Locale::getDisplayKeyword() and Locale::getDisplayKeywordValue(), with the alias of locale_get_display_keyword() and locale_get_display_keyword_value() respectively.
  • Fix incorrect argument positions for invalid start/end arguments in transliterator_transliterate().
  • Fixed IntlTimeZone::getDisplayName() to synchronize object error state for invalid display types.
  • Fixed Locale::lookup() and locale_lookup() to return NULL instead of the fallback locale when a language tag cannot be canonicalized.
  • Added IntlNumberRangeFormatter class to format an interval of two numbers with a given skeleton, locale, collapse type and identity fallback.
  • Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants).
  • Added grapheme_strrev
  • Passing a non-stringable object as a time zone to Intl time zone argument handling now raises TypeError instead of Error.
  • IntlBreakIterator::getLocale() now raises ValueError for invalid locale types.
  • Fixed MessageFormatter::parse() and parseMessage() returning PHP_INT_MIN as float rather than int on 64-bit platforms.
  • Fixed UConverter::transcode() silently truncating from_subst and to_subst option lengths greater than 127 bytes.
  • Fixed IntlIterator::current() to return NULL instead of an undefined value when the iterator is not positioned on a valid element.

IO

  • Added new polling API.

JSON

  • Enriched JSON last error / exception message with error location.

Fibers

  • Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value).

Mail

  • Fixed bug GH-20862 (null pointer dereference in php_mail_detect_multiple_crlf via error_log

Mbstring

  • ini_set() with mbstring.detect_order changes the order of mb_detect_order as intended, since mbstring.detect_order is an INI_ALL setting.
  • Added GB18030-2022 to default encoding list for zh-CN.
  • Fixed bug GH-20836 (Stack overflow in mb_convert_variables with recursive array references).
  • Fixed bug GH-21223; mb_guess_encoding no longer crashes when passed huge list of candidate encodings (with 200,000+ entries).
  • mbregex has been deprecated.

Mysqli

  • Added mysqli_quote_string() and mysqli::quote_string().

Opcache

  • Fixed bug GH-20051 (apache2 shutdowns when restart is requested during preloading).

OpenSSL

  • Added AES-SIV support.
  • Implemented GH-20310 (No critical extension indication in openssl_x509_parse() output).
  • Added TLS session resumption support for streams with new context options and Openssl\Session class.
  • Added TLS external PSK support for streams with new context options and Openssl\Psk class.
  • Added stream crypto status for exposing OpenSSL WANT_READ / WANT_WRITE.

PCNTL

  • pcntl_exec() now throws a ValueError if the $args array is not a list array.

PDO_DBLIB

  • Added dblib_handle_check_liveness handler.

PDO_PGSQL

  • Clear session-local state disconnect-equivalent processing.

PGSQL

  • Enabled 64 bits support for pg_lo_truncate()/pg_lo_tell() if the server supports it.
  • pg_fetch_object() now surfaces non-instantiable class errors before fetching, resolves the constructor via the get_constructor handler, and reports the empty-constructor ValueError on the $constructor_args argument.

Phar

  • Support reference values in Phar::mungServer().
  • Invalid values now throw in Phar::mungServer() instead of being silently ignored.
  • Fixed a bypass of the magic ".phar" directory protection in Phar::addEmptyDir() for paths starting with "/.phar".
  • Fixed an integer underflow when parsing ZIP extra fields.
  • Phar::addEmptyDir() now allows non-magic directory names that merely share the ".phar" prefix.
  • Support overridden methods in SplFileInfo for getMTime() and getPathname() when building a phar.
  • Mark Phar::buildFromIterator() base directory argument as a path.

Posix

  • Added validity check to the flags argument for posix_access().

Reflection

  • Fixed bug GH-20217 (ReflectionClass::isIterable() incorrectly returns true for classes with property hooks).
  • Added ReflectionConstant::inNamespace().
  • Added ReflectionProperty::isReadable() and ::isWritable().
  • Fixed bug GH-21362 (ReflectionMethod::invoke/invokeArgs() did not verify Closure instance identity for Closure::__invoke()).
  • Added ReflectionParameter::getDocComment().

Session

  • Fixed bug 71162 (updateTimestamp never called when session data is empty).
  • Null bytes in session.cookie_path, session.cookie_domain, and session.cache_limiter are now rejected with a warning.
  • session.cookie_samesite now rejects invalid values with a warning; only "Strict", "Lax", "None", or "" are accepted.
  • session.cookie_lifetime now rejects non-integer and out-of-range values with a warning.
  • Session file GC now recursively cleans nested subdirectories when session.save_path uses the dirdepth prefix.
  • Changed defaults of session.use_strict_mode (now 1), session.cookie_httponly (now 1) and session.cookie_samesite (now "Lax").

Shmop

  • Fixed bug GH-9945 (shmop_open() silently truncates keys outside the key_t range).

Soap

  • Soap::__setCookie() when cookie name is a digit is now not stored and represented as a string anymore but a int.
  • Fixed bug GH-21421 (SoapClient typemap property breaks engine assumptions).
  • WSDL/XML Schema parsing now rejects out-of-range integer values for occurrence constraints and integer restriction facets. Negative minOccurs and maxOccurs values are rejected as well.

Sockets

  • Added the TCP_USER_TIMEOUT constant for Linux to set the maximum time in milliseconds transmitted data can remain unacknowledged.
  • Added AF_UNSPEC support for sock_addrinfo_lookup() as a sole umbrella for AF_INET* family only.
  • Fixed GH-20532 (socket_addrinfo_lookup gives the error code with a new optional parameter).
  • Added AF_PACKET support completion for socket_sendto()/socket_recvfrom().

Sodium

  • Added support for libsodium 1.0.21 IPcrypt and XOF APIs.
  • pwhash argument-validation errors now throw ValueError instead of SodiumException.

SPL

  • DirectoryIterator key can now work better with filesystem supporting larger directory indexing.
  • Fixed bug GH-21831 (SplObjectStorage::removeAllExcept() use-after-free with re-entrant getHash()).
  • Fix bugs GH-8561, GH-8562, GH-8563, and GH-8564 (Fixing various SplFileObject iterator desync bugs).
  • Fix bug GH-22062 (SplDoublyLinkedList iterator UAF via destructor releasing next node).

Sysvshm

  • Fixed shm_attach() to throw ValueError for keys outside the key_t range.

Sqlite3

  • Fix NUL byte truncation in sqlite3 TEXT column handling.

Standard

  • Fixed bug GH-19926 (reset internal pointer earlier while splicing array while COW violation flag is still set).
  • Added form feed (\f) in the default trimmed characters of trim(), rtrim() and ltrim().
  • Invalid mode values now throw in array_filter() instead of being silently defaulted to 0.
  • Fixed bug GH-21058 (error_log() crashes with message_type 3 and null destination).
  • Fixed bug GH-13204 (glob() fails if square bracket is in current directory).
  • Add array size maximum to array_diff().
  • Add enum SortDirection.
  • pathinfo() raises a ValueError with an invalid $flags argument.
  • Passing an invalid flag value to the second argument of scandir() will now throw a ValueError.
  • array_change_key_case() now raises a ValueError when an invalid $case argument value is passed.
  • linkinfo() now raises a ValueError when the argument is an empty string.
  • getenv() and putenv() now raises a ValueError when the first argument contains NUL bytes.
  • dl() now raises a ValueError when the $extension_filename argument contains NUL bytes.
  • openlog() now raises a ValueError when the $prefix argument contains NUL bytes.
  • parse_str() now raises a ValueError when the $string argument contains NUL bytes.
  • proc_open() now raises a ValueError when the $cwd argument contains NUL bytes.
  • ini_get_all() now includes the built-in default value in the details.
  • Fixed bug GH-22171 (Invalid auth header generation in http(s) stream wrapper).
  • Fixed bug GH-17384 (number_format() may exhaust memory with decimals outside the range from -2147483648 to 2147483647).

Streams

  • Added new stream errors API including new StreamException, StreamError classes, StreamErrorStore, StreamErrorMode, StreamErrorCode enums, stream_last_errors() and stream_clear_errors() functions, error_mode, error_store and error_handler stream context options and extending some stream functions with context param.
  • Added so_keepalive, tcp_keepidle, tcp_keepintvl and tcp_keepcnt stream socket context options.
  • Added so_reuseaddr streams context socket option that allows disabling address reuse.
  • Fixed bug GH-20370 (User stream filters could violate typed property constraints).
  • Allowed filtered streams to be casted as fd for select.
  • Fixed bug GH-21221 (Prevent closing of innerstream of php://temp stream).
  • Improved stream_socket_server() bind failure error reporting.
  • Fixed bug #49874 (ftell() and fseek() inconsistency when using stream filters).

URI

  • Added Uri\Rfc3986\Uri::getUriType() and Uri\WhatWg\Url::isSpecialScheme().
  • Added Uri\Rfc3986\Uri::getHostType() and Uri\WhatWg\Url::getHostType().
  • Added Uri\Rfc3986\UriBuilder.

Zip

  • Fixed bug GH-21682 (ZipArchive instances should not be serializable). serialize()/unserialize() now throw unless a subclass overrides __serialize()/__unserialize().
  • Fixed ZipArchive callback being called after executor has shut down.
  • Support minimum version for libzip dependency updated to 1.0.0.
  • Added ZipArchive::openString() method.

Zlib

  • deflate_init() now raises a TypeError when the value for option "level", "memory", "window", or "strategy" is not of type int.
  • inflate_init() now raises a TypeError when the value for option "window" is not of type int.
Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.