Release Information
- Release Type
- Security Update
- Release Status
- QA Release Latest
- Branch Status
- Upcoming Release
PHP 8.6 is a development version, and is not recommended for production use. This is the latest QA release in the series.
ChangeLog
Core
- Sync Boost.Context assembly with 1.91.0.
- Fixed bug GH-22387 (AST pretty-printing drops meaningful parentheses around RHS of instanceof).
- Fixed bug GH-15672 and GH-15911 (Stack overflow when an internal function recurses through
zend_call_function, such as a self-attached SPL iterator). - Lock unmodified readonly properties for modification after clone-with.
abort()instead ofexit()on hard OOM.- perf: ZTS: move AG and SCNG into native
__threadstorage.
Calendar
- Fixed bug GH-22602 (
gregoriantojd()andjuliantojd()integer overflow with INT_MAX year).
Curl
- Added
CURLOPT_SEEKFUNCTIONand the CURL_SEEKFUNC_OK,CURL_SEEKFUNC_FAILandCURL_SEEKFUNC_CANTSEEKconstants, letting libcurl rewind a streamed request body to resend it on a redirect, multi-pass authentication or a retried reused connection.
Date
- Update timelib to 2022.17.
- Fixed bug GH-19803 (Parsing a string with a single white space does create an error).
- Fixed Unix timestamps in February of the year 0 are misparsed with @-notation.
- Fixed bug GH-11368 (
idate()doesn't work for the year -1). - Fixed bug GH-11310 (
__debugInfodoes nothing on userland classes extending Date classes).
DBA
- Fixed OOB read on malformed length field in dba flatfile handler.
DOM
- Fixed bug GH-22570 (Stack overflow when serializing a deeply nested Dom\XMLDocument).
- Fixed Dom\DtdNamedNodeMap integer dimension access so negative indexes return NULL and indexes outside the int range throw ValueError instead of returning the first entity or notation.
- Fixed bug GH-22623 (use after free with namespace nodes from
XSLTProcessor::registerFunctions())/ - Fixed bug GH-22554 (use-after-free with XPath callback returning a node from a foreign document).
Exif
- Fixed bug GH-11020 (
exif_read_data()emits a spurious "Illegal IFD size" warning when an IFD is not followed by a next-IFD offset).
GMP
- Fixed bug GH-22549 (Assertion failure / UB on a compound GMP power or shift assignment with a negative exponent).
Intl
- Fixed
NumberFormatter::parse()andNumberFormatter::parseCurrency()to reject offset values outside the 32-bit range instead of silently truncating them. - IntlDateFormatter::parse()/
datefmt_parse()and IntlDateFormatter::localtime()/datefmt_localtime()now raise TypeError when the offset argument is not of type int.
JSON
- Report unterminated JSON strings as syntax errors.
- Improve performance error position tracking during JSON decoding.
- Fixed bug GH-22514 (Incorrect error column in PHP 8.6 JSON parser).
Opcache
- Fixed bug GH-21770 (Infinite recursion in property hook getter in opcache preloaded trait).
OpenSSL
- Fixed timeout for supplemental read at end of a blocking stream in SSL stream wrapper.
- Fixed
stream_socket_get_crypto_status()after supplemental read.
PDO_ODBC
- Fixed bug GH-20726 (Crash with ODBC connection pooling when the DSN carries no credentials).
PHPDBG
- Fixed fleaked lowercased lookup keys in phpdbg_resolve_opline_break.
- Fixed off-by-one in
phpdbg_safe_class_lookup()causing class lookups to always fail during phpdbg's signal-safe interruption path.
Reflection
- Fixed bug GH-22683 (Reflection(Class)
Constant::__toString()should not warn on NAN conversions). - Fixed bug GH-22681 (Reflection*::__toString() truncates on null bytes).
Session
- Fixed bug GH-21314 (Different session garbage collector behavior between PHP 8.3 and PHP 8.5).
SOAP
- Fixed bug GH-22585 (OOM on bailout with uninitialized
do_request()parameters). - Fixed xsd:hexBinary decoding to reject odd-length values instead of silently truncating the last nibble.
- Made SOAP encoding errors report the affected type or failing operation instead of the generic "Violation of encoding rules" message.
Standard
- Fixed
sleep()andusleep()to reject values that overflow the underlying unsigned int timeout. - Fixed bug GH-22671 (assert.bail aborts the process when the assert callback throws an exception whose reporting re-throws).
- Fixed bug GH-22678 (Use-after-free in
array_multisort()when the comparator mutates the array being sorted).
Streams
- Fixed bug GH-21468 (Segfault in file_get_contents w/ a https URL and a proxy set). (CVE-2026-12184)
URI
- Fixed bug GH-22628 (Percent-encoding of caret in WHATWG URL paths is not performed).
- Fixed bug GH-22629 (WHATWG Validation error incorrect with empty host and non-empty userinfo).
Zip
- Fixed bug GH-22649 (
ZipArchive::setCommentName()and setCommentIndex() could crash after overwriting an entry and resetting its inherited unchanged comment). - Fixed bug GH-21705 (
ZipArchive::getFromIndex()ignoresZipArchive::FL_UNCHANGEDfor deleted entries). - Fixed bug GH-22176 (memory leak with
ZipArchive::registerCancelBack()is used with reference returning function during shutdown). ZipArchive::addGlob()andZipArchive::addPattern()now raise a TypeError for invalid "remove_all_path", "comp_method", "comp_flags", and "enc_method" options instead of emitting a warning.