7.2.02017-11-30stableThe PHP development team announces the immediate availability of PHP 7.2.0. This release marks the second feature update to the PHP 7 series.
PHP 7.2.0 comes with numerous improvements and new features such as
- [Convert numeric keys in object/array casts](https://wiki.php.net/rfc/convert_numeric_keys_in_object_array_casts)
- [Counting of non-countable objects](https://wiki.php.net/rfc/counting_non_countables)
- [Object typehint](https://wiki.php.net/rfc/object-typehint)
- [HashContext as Object](https://wiki.php.net/rfc/hash-context.as-resource)
- [Argon2 in password hash](https://wiki.php.net/rfc/argon2_password_hash)
- [Improve TLS constants to sane values](https://wiki.php.net/rfc/improved-tls-constants)
- [Mcrypt extension removed](https://wiki.php.net/rfc/mcrypt-viking-funeral)
- [New sodium extension](https://wiki.php.net/rfc/libsodium)
The [migration guide](http://php.net/manual/en/migration72.php) is available in the PHP Manual. Please consult it for the detailed list of new features and backward incompatible changes.
Many thanks to all the contributors and supporters!(bcmod truncates fractionals).46564Added ZEND_COUNT, ZEND_GET_CLASS, ZEND_GET_CALLED_CLASS, ZEND_GET_TYPE, ZEND_FUNC_NUM_ARGS, ZEND_FUNC_GET_ARGS instructions, to implement corresponding builtin functions."Countable" interface is moved from SPL to Core.Added ZEND_IN_ARRAY instruction, implementing optimized in_array() builtin function, through hash lookup in flipped array.Removed the sql.safe_mode directive.Removed support for Netware.Renamed ReflectionClass::isIterateable() to ReflectionClass::isIterable() (alias original name for BC).(WSA cleanup executes before MSHUTDOWN).54535Implemented FR [#69791](http://bugs.php.net/69791) (Disallow mail header injections by extra headers) (Yasuo)Implemented FR [#49806](http://bugs.php.net/49806) (proc_nice() for Windows).Fix pthreads detection when cross-compiling (ffontaine)Fixed memory leaks caused by exceptions thrown from destructors. (Bob, Dmitry).(uniqid() should use better random source).73215Implemented FR [#72768](http://bugs.php.net/72768) (Add ENABLE_VIRTUAL_TERMINAL_PROCESSING flag for php.exe).Implemented "Convert numeric keys in object/array casts" RFC, fixes bugs [#53838](http://bugs.php.net/53838), [#61655](http://bugs.php.net/61655), [#66173](http://bugs.php.net/66173), [#70925](http://bugs.php.net/70925), [#72254](http://bugs.php.net/72254), etc.Implemented "Deprecate and Remove Bareword (Unquoted) Strings" RFC.Raised minimum supported Windows versions to Windows 7/Server 2008 R2.Implemented minor optimization in array_keys/array_values().Added PHP_OS_FAMILY constant to determine on which OS we are.(Method compatibility check looks to original definition and not parent).73987(JSON_OBJECT_AS_ARRAY not respected).73991(Corrupted class entries on shutdown when a destructor spawns another object).74053(Filename got limited to MAX_PATH on Win32 when scan directory).73971, bug [#72451](http://bugs.php.net/72451), bug [#73706](http://bugs.php.net/73706), bug [#71115](http://bugs.php.net/71115) and others related to interned strings handling in TS builds.72359Implemented "Trailing Commas In List Syntax" RFC for group use lists only.(It's possible to override trait property with different loosely-equal value).74269(Restraining __construct() access level in subclass gives a fatal error).61970(Cannot override an abstract method with an abstract method).63384(Traits enforce different inheritance rules).74607Fixed misparsing of abstract unix domain socket names.Change PHP_OS_FAMILY value from "OSX" to "Darwin".Allow loading PHP/Zend extensions by name in ini files (extension=<name>).Added object type annotation.(crash with a combination of INI entries at startup).74815(isset on zero-prefixed numeric indexes in array broken).74836Added new VM instuctions ISSET_ISEMPTY_CV and UNSET_CV. Previously they were implemented as ISSET_ISEMPTY_VAR and UNSET_VAR variants with ZEND_QUICK_SET flag.(unserialize() doesn't handle changes in property visibility).49649(extension_dir = "./ext" now use current directory for base).74866Implemented FR [#74963](http://bugs.php.net/74963) (Improved error message on fetching property of non-object).(buildcheck.sh check for autoconf version needs to be updated for v2.64).75142(Data race in ZTS builds).74878("stream_copy_to_stream" doesn't stream anymore).75515(Process is started as interactive shell in PhpStorm).74849(Interactive shell opening instead of script execution with -f flag).74979(Random "Invalid request (unexpected EOF)" using a router script).60471(OpenSSL support not detected).75093Better fix for [#74125](http://bugs.php.net/74125) (use pkg-config instead of curl-config).(Impossible to prototype DateTime::createFromFormat).55407Implemented FR [#71520](http://bugs.php.net/71520) (Adding the DateTime constants to the DateTimeInterface interface).(Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)75055CVE-2017-16642(redefinition of typedefs ttinfo and t1info).75149(DateInterval microseconds property always 0).75222(flatfile: dba_fetch() fails to read replaced entry).72885Implemented FR [#74837](http://bugs.php.net/74837) (Implement Countable for DomNodeList and DOMNamedNodeMap).(exif_read_data() fails to read all data for some images).72682(Type confusion in exif_read_data() leading to heap overflow in debug mode).71534(Exif Header component value check error).68547(Corrupt EXIF header: maximum directory nesting level reached for some cameras).66443Fixed Redhat bug #1362571 (PHP not returning full results for exif_read_data function).Implemented FR [#65187](http://bugs.php.net/65187) (exif_read_data/thumbnail: add support for stream resource).Deprecated the read_exif_data() alias.(exif_read_data(): "Illegal IFD size" warning occurs with correct exif format).74428(EXIF thumbnails not read anymore).72819(php crashes with segfault when exif_read_data called).62523(exif_read_data(): Illegal IFD offset (works fine with other exif readers).50660Upgrade bundled libmagic to 5.31.Configuration to limit fpm slow log trace callers.(php_value acts like php_admin_value).75212Implement MLSD for structured listing of directories.Added ftp_append() function.Implemented imageresolution as getter and setter (Christoph)(gd.h: stdarg.h include missing for va_list use in gdErrorMethod).74744(Memory disclosure or DoS via crafted .bmp image).75111(gmp_fact() silently ignores non-integer input).70896Changed HashContext from resource to object.Disallowed usage of non-cryptographic hash functions with HMAC and PBKDF2.(sha3 is not supported on bigendian machine).75284(imap_mailboxmsginfo() return wrong size).72324(test using Spoofchecker which may be unavailable).63790([REGRESSION] IntlDateFormatter::parse() does not change $position argument).75378Add JSON_INVALID_UTF8_IGNORE and JSON_INVALID_UTF8_SUBSTITUTE options for json_encode and json_decode to ignore or replace invalid UTF-8 byte sequences - it addresses request [#65082](http://bugs.php.net/65082).(Buffer overflow in json_decode() with JSON_INVALID_UTF8_IGNORE or JSON_INVALID).75185(JSON_PARTIAL_OUTPUT_ON_ERROR can result in JSON with null key).68567Implemented FR [#69445](http://bugs.php.net/69445) (Support for LDAP EXOP operations)Fixed support for LDAP_OPT_SERVER_CONTROLS and LDAP_OPT_CLIENT_CONTROLS in ldap_get_optionFixed passing an empty array to ldap_set_option for client or server controls.Implemented FR [#66024](http://bugs.php.net/66024) (mb_chr() and mb_ord()).Implemented FR [#65081](http://bugs.php.net/65081) (mb_scrub()).Implemented FR [#69086](http://bugs.php.net/69086) (enhancement for mb_convert_encoding() that handles multibyte replacement char nicely).Added array input support to mb_convert_encoding().Added array input support to mb_check_encoding().(enhancement for mb_substitute_character).69079Update to oniguruma version 6.3.0.(mb_strtolower fails on titlecase characters).69267The deprecated mcrypt extension has been moved to PECL.Added global optimisation passes based on data flow analysis using Single Static Assignment (SSA) form: Sparse Conditional Constant Propagation (SCCP), Dead Code Elimination (DCE), and removal of unused local variables (Nikita, Dmitry)Fixed incorect constant conditional jump elimination.(Invalid opcode 49/1/8 using opcache).75230Fixed bug (assertion fails with extended info generated).Fixed bug (Phi sources removel).(Webserver hangs on valid PHP text).75370(segfault loading WordPress wp-admin).75357Use TLS_ANY for default ssl:// and tls:// negotiation.Fix leak in openssl_spki_new().Added openssl_pkcs7_read() and pk7 parameter to openssl_pkcs7_verify().Add ssl security_level stream option to support OpenSSL security levels. (Jakub Zelenka).Allow setting SNI cert and private key in separate files.(openssl_pkcs7_encrypt() uses different EOL than before).74903Automatically load OpenSSL configuration file.Added support for PCRE JIT fast path API.(Inconsistent PCRE captures in match results).61780(Minor BC break: PCRE_JIT changes output of preg_match()).74873(preg_grep() is not reporting PREG_BAD_UTF8_ERROR after first input string).75089(PCRE JIT broken in 7.2).75223(Broken build when system libpcre don't have jit support).75285(phar does not correctly handle names containing dots).74196(Emulated statements let value dictate parameter type).73234Add "Sent SQL" to debug dump for emulated prepares.Add parameter types for national character set strings.(bigint columns are returned as strings).73396Expose DB-Library version as \PDO::DBLIB_ATTR_VERSION attribute on \PDO instance.Add test coverage for bug [#72969](http://bugs.php.net/72969).(Align --with-pdo-oci configure option with --with-oci8 syntax).74537Switch to sqlite3_prepare_v2() and sqlite3_close_v2() functions (rasmus)Added extended_value to opcode dump output.(Prohibit session save handler recursion).73461PR #2233 Removed register_globals related code and "!" can be used as $_SESSION key name.Improved bug [#73100](http://bugs.php.net/73100) fix. 'user' save handler can only be set by session_set_save_handler()(5 session functions incorrectly warn when calling in read-only/getter mode).74514(session_cache_expire/cache_limiter/save_path() trigger a warning in read mode).74936(session fails to start after having headers sent).74941New cryptographic extensionAdded missing bindings for libsodium > 1.0.13.(Incorrect arginfo for ArrayIterator::__construct).71412Added spl_object_id().Implement writing to blobs.Update to Sqlite 3.20.1.(closing of fd incorrect when PTS enabled).69442(unserialize accepts two plus/minus signs for float number exponent part).74300Compatibility with libargon2 versions 20161029 and 20160821.(mysqli_get_client_info reflection info).74737Add support for extension name as argument to dl().(uniqid() without more_entropy performs badly).74851(heap-use-after-free when unserializing invalid array size). (CVE-2017-12932)74103CVE-2017-12932(A Denial of Service Vulnerability was found when performing deserialization).75054(mt_rand() bias on 64-bit machines).75170(Argon2i always throws NUL at the end).75221Default ssl/single_dh_use and ssl/honor_cipher_order to true.Moved utf8_encode() and utf8_decode() to the Standard extension.Use Zend MM for allocation in bundled libxmlrpc (Joe)Add support for encrypted archives.Use of bundled libzip is deprecated, --with-libzip option is recommended.(Reflection of ZipArchive does not show public properties).73803ZipArchive implements countable, added ZipArchive::count() method.Fix segfault in php_stream_context_get_option call.(new method setEncryptionName() seems not to exist in ZipArchive).75143Expose inflate_get_status() and inflate_get_read_len() functions.