Software 42835 Published by

PHP 7.1.0 Beta 1 has been released



The PHP development team announces the immediate availability of PHP 7.1.0 Beta 1. This release is the first beta for 7.1.0. All users of PHP are encouraged to test this version carefully, and report any bugs and incompatibilities in the bug tracking system.

THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION!

PHP 7.1.0 Beta 1 builds on previous releases with:
Asynchronous Signal Handling (without ticks) in ext/pcntl.
Additional Context in pcntl_signal Handler
For more information on the new features and other changes, you can read the NEWS file, or the UPGRADING file for a complete list of upgrading notes. These files can also be found in the release archive.

For source downloads of PHP 7.1.0 Beta 1 please visit the download page, Windows sources and binaries can be found on windows.php.net/qa/.

The second beta will be released on the 8th of August. You can also read the full list of planned releases on our wiki.

Thank you for helping us make PHP better.

Change log:
21 Jul 2016, PHP 7.1.0beta1

- Core:
. Fixed bug #72629 (Caught exception assignment to variables ignores
references). (Laruence)
. Fixed bug #72594 (Calling an earlier instance of an included anonymous
class fatals). (Laruence)
. Fixed bug #72581 (previous property undefined in Exception after
deserialization). (Laruence)
. Fixed bug #72543 (Different references behavior comparing to PHP 5)
(Laruence, Dmitry, Nikita)
. Fixed bug #72347 (VERIFY_RETURN type casts visible in finally). (Dmitry)
. Fixed bug #72216 (Return by reference with finally is not memory safe).
(Dmitry)
. Fixed bug #72215 (Wrong return value if var modified in finally). (Dmitry)
. Fixed bug #71818 (Memory leak when array altered in destructor). (Dmitry)
. Fixed bug #71539 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes)
(Dmitry, Nikita)
. Added new constant PHP_FD_SETSIZE. (cmb)
. Added optind parameter to getopt(). (as)
. Added PHP to SAPI error severity mapping for logs. (Martin Vobruba)
. Fixed bug #71911 (Unable to set --enable-debug on building extensions by
phpize on Windows). (Yuji Uchiyama)
. Fixed bug #29368 (The destructor is called when an exception is thrown from
the constructor). (Dmitry)
. Implemented RFC: RNG Fixes. (Leigh)
. Implemented email validation as per RFC 6531. (Leo Feyer, Anatol)
. Fixed bug #72513 (Stack-based buffer overflow vulnerability in
virtual_file_ex). (Stas)
. Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries
and applications). (Stas)

- bz2:
. Fixed bug #72613 (Inadequate error handling in bzread()). (Stas)

- COM:
. Fixed bug #72569 (DOTNET/COM array parameters broke in PHP7). (Anatol)

- Curl:
. Fixed bug #72541 (size_t overflow lead to heap corruption). (Stas)

- Date:
. Fixed bug #66836 (DateTime::createFromFormat 'U' with pre 1970 dates fails
parsing). (derick)

- DOM:
. Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb)

- Exif:
. Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
(Stas)
. Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
(Stas)

- Filter:
. Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8
range). (bugs dot php dot net at majkl578 dot cz)

- FPM:
. Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
(gooh)

- GD:
. Fixed bug #72596 (imagetypes function won't advertise WEBP support). (cmb)
. Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb)
. Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb)
. Fixed bug #43828 (broken transparency of imagearc for truecolor in
blendingmode). (cmb)
. Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read
access). (Pierre)
. Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre)
. Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
(Pierre)
. Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine
overflow). (Pierre)
. Fixed bug #72494 (imagecropauto out-of-bounds access). (Pierre)

- Intl:
. Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain
names). (cmb)
. Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas)

- Mbstring:
. Deprecated mb_ereg_replace() eval option. (Rouven Weßling, cmb)
. Fixed bug #69151 (mb_ereg should reject ill-formed byte sequence).
(Masaki Kagaya)

- MCrypt:
. Deprecated ext/mcrypt. (Scott Arciszewski, cmb)
. Fixed bug #72551, bug #72552 (In correct casting from size_t to int lead to
heap overflow in mdecrypt_generic). (Stas)

- Opcache:
. Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
(Keyur)

- OpenSSL:
. Fixed bug #72360 (ext/openssl build failure with OpenSSL 1.1.0).
(Jakub Zelenka)
. Bumped a minimal version to 1.0.1. (Jakub Zelenka)
. Dropped support for SSL2. (Remi)

- PDO_pgsql:
. Fixed bug #70313 (PDO statement fails to throw exception). (Matteo)
. Fixed bug #72570 (Segmentation fault when binding parameters on a query
without placeholders). (Matteo)

- Pcntl
. Implemented asynchronous signal handling without TICKS. (Dmitry)
. Added pcntl_signal_get_handler() that returns the current signal handler
for a particular signal. Addresses FR #72409. (David Walker)
. Add signinfo to pcntl_signal() handler args (Bishop Bettini, David Walker)

- Reflection:
. Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
(Nikita Nefedov)

- SimpleXML:
. Fixed bug #72588 (Using global var doesn't work while accessing SimpleXML
element). (Laruence)

- Standard:
. Fixed bug #72622 (array_walk + array_replace_recursive create references
from nothing). (Laruence)

- Tidy:
. Implemented support for libtidy 5.0.0 and above. (Michael Orlitzky, Anatol)

- Wddx:
. Fixed bug #72564 (boolean always deserialized as "true") (Remi)

- XMLRPC:
. Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn
simplestring.c). (Stas)

- Zip:
. Fixed bug #72520 (Stack-based buffer overflow vulnerability in
php_stream_zip_opener). (Stas)

07 Jul 2016, PHP 7.1.0alpha3

- Core:
. Implemented RFC: Iterable. (Aaron Piotrowski)
. Fixed bug #72523 (dtrace issue with reflection (failed test)). (Laruence)
. Fixed bug #72508 (strange references after recursive function call and
"switch" statement). (Laruence)
. Implemented RFC: Closure::fromCallable (Danack)

- COM:
. Fixed bug #72498 (variant_date_from_timestamp null dereference). (Anatol)

- CURL:
. Add curl_multi_errno(), curl_share_errno() and curl_share_strerror()
functions. (Pierrick)
. Add support for HTTP/2 Server Push (davey)

- Date:
. Invalid serialization data for a DateTime or DatePeriod object will now
throw an instance of Error from __wakeup() or __set_state() instead of
resulting in a fatal error. (Aaron Piotrowski)
. Timezone initialization failure from serialized data will now throw an
instance of Error from __wakeup() or __set_state() instead of resulting in
a fatal error. (Aaron Piotrowski)
. Export date_get_interface_ce() for extension use. (Jeremy Mikola)

- DBA:
. Data modification functions (e.g.: dba_insert()) now throw an instance of
Error instead of triggering a catchable fatal error if the key is does not
contain exactly two elements. (Aaron Piotrowski)

- DOM:
. Invalid schema or RelaxNG validation contexts will throw an instance of
Error instead of resulting in a fatal error. (Aaron Piotrowski)
. Attempting to register a node class that does not extend the appropriate
base class will now throw an instance of Error instead of resulting in a
fatal error. (Aaron Piotrowski)
. Attempting to read an invalid or write to a readonly property will throw
an instance of Error instead of resulting in a fatal error. (Aaron
Piotrowski)

- GD:
. Fixed bug #72404 (imagecreatefromjpeg fails on selfie). (cmb)

- IMAP:
. An email address longer than 16385 bytes will throw an instance of Error
instead of resulting in a fatal error. (Aaron Piotrowski)

- Intl:
. Failure to call the parent constructor in a class extending Collator
before invoking the parent methods will throw an instance of Error
instead of resulting in a recoverable fatal error. (Aaron Piotrowski)
. Cloning a Transliterator object may will now throw an instance of Error
instead of resulting in a fatal error if cloning the internal
transliterator fails. (Aaron Piotrowski)

- LDAP:
. Providing an unknown modification type to ldap_batch_modify() will now
throw an instance of Error instead of resulting in a fatal error.
(Aaron Piotrowski)

- Mbstring:
. mb_ereg() and mb_eregi() will now throw an instance of ParseError if an
invalid PHP expression is provided and the 'e' option is used. (Aaron
Piotrowski)

- Mcrypt:
. mcrypt_encrypt() and mcrypt_decrypt() will throw an instance of Error
instead of resulting in a fatal error if mcrypt cannot be initialized.
(Aaron Piotrowski)

- Mysqli:
. Attempting to read an invalid or write to a readonly property will throw
an instance of Error instead of resulting in a fatal error. (Aaron
Piotrowski)

- OpenSSL:
. Implemented FR #61204 (Add elliptic curve support for OpenSSL).
(Dominic Luechinger)

- PCRE:
. Fixed bug #72476 (Memleak in jit_stack). (Laruence)
. Fixed bug #72463 (mail fails with invalid argument). (Anatol)

- Readline:
. Fixed bug #72538 (readline_redisplay crashes php). (Laruence)

- Reflection:
. Failure to retrieve a reflection object or retrieve an object property
will now throw an instance of Error instead of resulting in a fatal error.
(Aaron Piotrowski)

- SQLite3:
. Fixed bug #70628 (Clearing bindings on an SQLite3 statement doesn't work).
(cmb)

- Session:
. Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow). (Laruence)
. Custom session handlers that do not return strings for session IDs will
now throw an instance of Error instead of resulting in a fatal error
when a function is called that must generate a session ID.
(Aaron Piotrowski)
. An invalid setting for session.hash_function will throw an instance of
Error instead of resulting in a fatal error when a session ID is created.
(Aaron Piotrowski)
. Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session
Deserialization). (Stas)

- SimpleXML:
. Creating an unnamed or duplicate attribute will throw an instance of Error
instead of resulting in a fatal error. (Aaron Piotrowski)

- SNMP:
. Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and
unserialize()). (Stas)

- SPL:
. Attempting to clone an SplDirectory object will throw an instance of Error
instead of resulting in a fatal error. (Aaron Piotrowski)
. Calling ArrayIterator::append() when iterating over an object will throw an
instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
. Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VĂLCIU)

- Standard:
. Implemented RFC: More precise float values. (Jakub Zelenka, Yasuo)
. array_multisort now uses zend_sort instead zend_qsort. (Laruence)
. Fixed bug #72505 (readfile() mangles files larger than 2G). (Cschneid)
. assert() will throw a ParseError when evaluating a string given as the first
argument if the PHP code is invalid instead of resulting in a catchable
fatal error. (Aaron Piotrowski)
. Calling forward_static_call() outside of a class scope will now throw an
instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)

- Streams:
. Fixed bug #72534 (stream_socket_get_name crashes). (Anatol)

- Tidy:
. Creating a tidyNode manually will now throw an instance of Error instead of
resulting in a fatal error. (Aaron Piotrowski)

- WDDX:
. A circular reference when serializing will now throw an instance of Error
instead of resulting in a fatal error. (Aaron Piotrowski)

- XML-RPC:
. A circular reference when serializing will now throw an instance of Error
instead of resulting in a fatal error. (Aaron Piotrowski)

- Zip:
. ZipArchive::addGlob() will throw an instance of Error instead of resulting
in a fatal error if glob support is not available. (Aaron Piotrowski)

23 Jun 2016, PHP 7.1.0alpha2

- Core:
. Implemented RFC: Replace "Missing argument" warning with "Too few
arguments" exception. (Dmitry)
. Implemented RFC: Fix inconsistent behavior of $this variable. (Dmitry)
. Fixed bug #72441 (Segmentation fault: RFC list_keys). (Laruence)
. Fixed bug #72395 (list() regression). (Laruence)
. Fixed bug #72373 (TypeError after Generator function w/declared return type
finishes). (Nikita)
. Fixed bug #69489 (tempnam() should raise notice if falling back to temp dir).
(Laruence, Anatol)
. Fixed UTF-8 and long path support on Windows. (Anatol)

- Date:
. Fixed bug #63740 (strtotime seems to use both sunday and monday as start of
week). (Derick)

- GD:
. Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb)
. Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb)
. Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb)

- JSON
. Implemented FR #46600 ("_empty_" key in objects). (Jakub Zelenka)

- Mbstring:
. Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) -
oob read access). (Laruence)
. Fixed bug #72399 (Use-After-Free in MBString (search_re)). (Laruence)

- OpenSSL:
. Implemented FR #67304 (Added AEAD support [CCM and GCM modes] to
openssl_encrypt and openssl_decrypt). (Jakub Zelenka)
. Implemented error storing to the global queue and cleaning up the OpenSSL
error queue (resolves bugs #68276 and #69882). (Jakub Zelenka)

- PCRE:
. Upgraded to PCRE 8.39. (Anatol)

- Sqlite3:
. Implemented FR #72385 (Update SQLite bundle lib(3.13.0)). (Laruence)

- Standard:
. Added is_iterable() function. (Aaron Piotrowski)
. Fixed bug #72306 (Heap overflow through proc_open and $env parameter).
(Laruence)

- Streams:
. Fixed bug #72439 (Stream socket with remote address leads to a segmentation
fault). (Laruence)

09 Jun 2016, PHP 7.1.0alpha1

- Core:
. Added nullable types. (Levi, Dmitry)
. Added DFA optimization framework based on e-SSA form. (Dmitry, Nikita)
. Added specialized opcode handlers (e.g. ZEND_ADD_LONG_NO_OVERFLOW).
(Dmitry)
. Change statement and fcall extension handlers to accept frame. (Joe)
. Implemented safe execution timeout handling, that prevents random crashes
after "Maximum execution time exceeded" error. (Dmitry)
. Fixed bug #53432 (Assignment via string index access on an empty string
converts to array). (Nikita)
. Fixed bug #62210 (Exceptions can leak temporary variables). (Dmitry, Bob)
. Fixed bug #62814 (It is possible to stiffen child class members visibility).
(Nikita)
. Fixed bug #69989 (Generators don't participate in cycle GC). (Nikita)
. Fixed bug #70228 (Memleak if return in finally block). (Dmitry)
. Fixed bug #71266 (Missing separation of properties HT in foreach etc).
(Dmitry)
. Fixed bug #71604 (Aborted Generators continue after nested finally).
(Nikita)
. Fixed bug #71572 (String offset assignment from an empty string inserts
null byte). (Francois)
. Fixed bug #71897 (ASCII 0x7F Delete control character permitted in
identifiers). (Andrea)
. Fixed bug #72188 (Nested try/finally blocks losing return value). (Dmitry)
. Fixed bug #72213 (Finally leaks on nested exceptions). (Dmitry, Nikita)
. Implemented the RFC `Support Class Constant Visibility`. (Sean DuBois,
Reeze Xia, Dmitry)
. Added void return type. (Andrea)
. Added support for negative string offsets in string offset syntax and
various string functions. (Francois)
. Added a form of the list() construct where keys can be specified. (Andrea)
. Number operators taking numeric strings now emit E_NOTICEs or E_WARNINGs
when given malformed numeric strings. (Andrea)
. (int), intval() where $base is 10 or unspecified, settype(), decbin(),
decoct(), dechex(), integer operators and other conversions now always
respect scientific notation in numeric strings. (Andrea)
. Implemented the RFC `Catching multiple exception types`. (Bronislaw Bialek,
Pierrick)
. Raise a compile-time warning on octal escape sequence overflow. (Sara)
. Added [] = as alternative construct to list() =. (Bob)
. Implemented logging to syslog with dynamic error levels. (Jani Ollikainen)
. Fixed bug #47517 (php-cgi.exe missing UAC manifest).
(maxdax15801 at users noreply github com)

- Apache2handler:
. Enable per-module logging in Apache 2.4+. (Martin Vobruba)

- CLI Server:
. Fixed bug #71276 (Built-in webserver does not send Date header).
(see at seos fr)

- FTP:
. Implemented FR #55651 (Option to ignore the returned FTP PASV address).
(abrender at elitehosts dot com)

- Intl:
. Added IntlTimeZone::getWindowsID() and
IntlTimeZone::getIDForWindowsID(). (Sara)
. Fixed bug #69374 (IntlDateFormatter formatObject returns wrong utf8 value).
(lenhatanh86 at gmail com)
. Fixed bug #69398 (IntlDateFormatter formatObject returns wrong value when
time style is NONE). (lenhatanh86 at gmail com)

- Hash:
. Added SHA3 fixed mode algorithms (224, 256, 384, and 512 bit). (Sara)
. Added SHA512/256 and SHA512/224 algorithms. (Sara)

- JSON:
. Exported JSON parser API including json_parser_method that can be used
for implementing custom logic when parsing JSON. (Jakub Zelenka)
. Escaped U+2028 and U+2029 when JSON_UNESCAPED_UNICODE is supplied as
json_encode options and added JSON_UNESCAPED_LINE_TERMINATORS to restore
the previous behaviour. (Eddie Kohler)

- PDO_Firebird:
. Fixed bug #60052 (Integer returned as a 64bit integer on X86_64). (Mariuz)

- Pgsql:
. Implemented FR #31021 (pg_last_notice() is needed to get all notice
messages). (Yasuo)
. Implemented FR #48532 (Allow pg_fetch_all() to index numerically). (Yasuo)

- Reflection:
. Fix #72209 (ReflectionProperty::getValue() doesn't fail if object doesn't match type). (Joe)

- Session:
. Improved fix for bug #68063 (Empty session IDs do still start sessions).
(Yasuo)
. Fixed bug #71038 (session_start() returns TRUE on failure).
Session save handlers must return 'string' always for successful read.
i.e. Non-existing session read must return empty string. PHP 7.0 is made
not to tolerate buggy return value. (Yasuo)
. Fixed bug #71394 (session_regenerate_id() must close opened session on
errors). (Yasuo)

- SQLite3:
. Implemented FR #71159 (Upgraded bundled SQLite lib to 3.9.2). (Laruence)

- Standard:
. Fixed bug #71100 (long2ip() doesn't accept integers in strict mode).
(Laruence)
. Implemented FR #55716 (Add an option to pass a custom stream context to
get_headers()). (Ferenc)
. Additional validation for parse_url() for login/pass components).
(Ilia) (Julien)
. Implemented FR #69359 (Provide a way to fetch the current environment
variables). (Ferenc)
. unpack() function accepts an additional optional argument $offset. (Dmitry)
. Implemented #51879 stream context socket option tcp_nodelay (Joe)
  PHP 7.1.0 Beta 1 Released