[PHP-WEBMASTER] [web-php] master: Announce PHP 8.3.29

Eric Mann Thu, 18 Dec 2025 07:59:41 -0800

Author: Eric Mann (ericmann)
Date: 2025-12-18T07:43:21-08:00

Commit: 
https://github.com/php/web-php/commit/8ed610b09c77f65824d75f7eca78fb984aa4bbae
Raw diff: 
https://github.com/php/web-php/commit/8ed610b09c77f65824d75f7eca78fb984aa4bbae.diff


Announce PHP 8.3.29

Changed paths:
  A  archive/entries/2025-12-18-2.xml
  A  releases/8_3_29.php
  M  ChangeLog-8.php
  M  archive/archive.xml
  M  include/release-qa.php
  M  include/releases.inc
  M  include/version.inc


Diff:

diff --git a/ChangeLog-8.php b/ChangeLog-8.php
index 241fc72b45..57131422e5 100644
--- a/ChangeLog-8.php
+++ b/ChangeLog-8.php
@@ -2387,6 +2387,109 @@
 
 <a id="PHP_8_3"></a>
 
+<section class="version" id="8.3.29"><!-- {{{ 8.3.29 -->
+<h3>Version 8.3.29</h3>
+<b><?php release_date('18-Dec-2025'); ?></b>
+<ul><li>Core:
+<ul>
+  <li>Sync all boost.context files with release 1.86.0.</li>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20435); ?> 
(SensitiveParameter doesn't work for named argument passing to variadic 
parameter).</li>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20286); ?> 
(use-after-destroy during userland stream_close()).</li>
+</ul></li>
+<li>Bz2:
+<ul>
+  <li>Fix assertion failures resulting in crashes with stream filter object 
parameters.</li>
+</ul></li>
+<li>Date:
+<ul>
+  <li>Fix crashes when trying to instantiate uninstantiable classes via date 
static constructors.</li>
+</ul></li>
+<li>DOM:
+<ul>
+  <li>Fix missing NUL byte check on C14NFile().</li>
+</ul></li>
+<li>Fibers:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20483); ?> (ASAN stack 
overflow with fiber.stack_size INI small value).</li>
+</ul></li>
+<li>FTP:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20601); ?> (ftp_connect 
overflow on timeout).</li>
+</ul></li>
+<li>GD:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20511); ?> 
(imagegammacorrect out of range input/output values).</li>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20602); ?> (imagescale 
overflow with large height values).</li>
+</ul></li>
+<li>Intl:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20426); ?> 
(Spoofchecker::setRestrictionLevel() error message suggests missing 
constants).</li>
+</ul></li>
+<li>LibXML:
+<ul>
+  <li>Fix some deprecations on newer libxml versions regarding input 
buffer/parser handling.</li>
+</ul></li>
+<li>MbString:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20491); ?> (SLES15 compile 
error with mbstring oniguruma).</li>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20492); ?> (mbstring compile 
warning due to non-strings).</li>
+</ul></li>
+<li>MySQLnd:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20528); ?> (Regression 
breaks mysql connexion using an IPv6 address enclosed in square brackets).</li>
+</ul></li>
+<li>Opcache:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20329); ?> 
(opcache.file_cache broken with full interned string buffer).</li>
+</ul></li>
+<li>PDO:
+<ul>
+  <li>Fixed <?php githubsecurityl('php/php-src', '8xr5-qppj-gvwj'); ?> (PDO 
quoting result null deref). (CVE-2025-14180)</li>
+</ul></li>
+<li>Phar:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20442); ?> (Phar does not 
respect case-insensitiveness of __halt_compiler() when reading stub).</li>
+  <li>Fix broken return value of fflush() for phar file entries.</li>
+  <li>Fix assertion failure when fseeking a phar file out of bounds.</li>
+</ul></li>
+<li>PHPDBG:
+<ul>
+  <li>Fixed ZPP type violation in phpdbg_get_executable() and 
phpdbg_end_oplog().</li>
+</ul></li>
+<li>SPL:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20614); ?> (SplFixedArray 
incorrectly handles references in deserialization).</li>
+</ul></li>
+<li>Standard:
+<ul>
+  <li>Fix memory leak in array_diff() with custom type checks.</li>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20583); ?> (Stack overflow 
in http_build_query via deep structures).</li>
+  <li>Fixed <?php githubsecurityl('php/php-src', 'www2-q4fc-65wf'); ?> (Null 
byte termination in dns_get_record()).</li>
+  <li>Fixed <?php githubsecurityl('php/php-src', 'h96m-rvf9-jgm2'); ?> (Heap 
buffer overflow in array_merge()). (CVE-2025-14178)</li>
+  <li>Fixed <?php githubsecurityl('php/php-src', '3237-qqm7-mfv7'); ?> 
(Information Leak of Memory in getimagesize). (CVE-2025-14177)</li>
+</ul></li>
+<li>Tidy:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20374); ?> (PHP with tidy 
and custom-tags).</li>
+</ul></li>
+<li>XML:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20439); ?> 
(xml_set_default_handler() does not properly handle special characters in 
attributes when passing data to callback).</li>
+</ul></li>
+<li>Zip:
+<ul>
+  <li>Fix crash in property existence test.</li>
+  <li>Don't truncate return value of zip_fread() with user sizes.</li>
+</ul></li>
+<li>Zlib:
+<ul>
+  <li>Fix assertion failures resulting in crashes with stream filter object 
parameters.</li>
+</ul></li>
+</ul>
+<!-- }}} --></section>
+
+
+
 <section class="version" id="8.3.28"><!-- {{{ 8.3.28 -->
 <h3>Version 8.3.28</h3>
 <b><?php release_date('20-Nov-2025'); ?></b>
diff --git a/archive/archive.xml b/archive/archive.xml
index 6ff52cc24b..6a2d269ca2 100644
--- a/archive/archive.xml
+++ b/archive/archive.xml
@@ -9,6 +9,7 @@
     <uri>http://php.net/contact</uri>
     <email>[email protected]</email>
   </author>
+  <xi:include href="entries/2025-12-18-2.xml"/>
   <xi:include href="entries/2025-12-18-1.xml"/>
   <xi:include href="entries/2025-12-17-1.xml"/>
   <xi:include href="entries/2025-11-30-1.xml"/>
diff --git a/archive/entries/2025-12-18-2.xml b/archive/entries/2025-12-18-2.xml
new file mode 100644
index 0000000000..c83e126df3
--- /dev/null
+++ b/archive/entries/2025-12-18-2.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<entry xmlns="http://www.w3.org/2005/Atom";>
+  <title>PHP 8.3.29 Released!</title>
+  <id>https://www.php.net/archive/2025.php#2025-12-18-2</id>
+  <published>2025-12-18T15:37:23+00:00</published>
+  <updated>2025-12-18T15:37:23+00:00</updated>
+  <link href="https://www.php.net/index.php#2025-12-18-2"; rel="alternate" 
type="text/html"/>
+  <link href="https://www.php.net/archive/2025.php#2025-12-18-2"; rel="via" 
type="text/html"/>
+  <category term="releases" label="New PHP release"/>
+  <category term="frontpage" label="PHP.net frontpage news"/>
+  <content type="xhtml">
+    <div xmlns="http://www.w3.org/1999/xhtml";><p>The PHP development team 
announces the immediate availability of PHP 8.3.29. This is a security 
release.</p>
+
+<p>All PHP 8.3 users are encouraged to upgrade to this version.</p>
+
+<p>For source downloads of PHP 8.3.29 please visit our <a 
href="https://www.php.net/downloads.php";>downloads page</a>,
+Windows source and binaries can be found on <a 
href="https://windows.php.net/download/";>windows.php.net/download/</a>.
+The list of changes is recorded in the <a 
href="https://www.php.net/ChangeLog-8.php#8.3.29";>ChangeLog</a>.
+</p>    </div>
+  </content>
+</entry>
diff --git a/include/release-qa.php b/include/release-qa.php
index 193047b689..f781064798 100644
--- a/include/release-qa.php
+++ b/include/release-qa.php
@@ -75,12 +75,12 @@
         'active'  => true,
         'release' => [
             'type'       => 'RC',
-            'number'     => 1,
-            'sha256_bz2' => 
'b82bc56afcdd406f2f28611612bb51b21805b7cf222c97d6bfa2fdc1918145b0',
-            'sha256_gz'  => 
'c74b7e27b06ec12e8d1e9e04baac084bd5ff1aff41cc640ab431a7a51eac8914',
-            'sha256_xz'  => 
'f405920ef2281b47a97bd6972c78917922c9c174e00576791a96f32713696d56',
+            'number'     => 0,
+            'sha256_bz2' => '',
+            'sha256_gz'  => '',
+            'sha256_xz'  => '',
             'date'       => '04 Dec 2025',
-            'baseurl'    => 'https://downloads.php.net/~eric/',
+            'baseurl'    => 'https://downloads.php.net/',
         ],
     ],
 
diff --git a/include/releases.inc b/include/releases.inc
index 39e730cf62..215c71eab6 100644
--- a/include/releases.inc
+++ b/include/releases.inc
@@ -2,6 +2,42 @@
 $OLDRELEASES = array (
   8 => 
   array (
+    '8.3.28' => 
+    array (
+      'announcement' => 
+      array (
+        'English' => '/releases/8_3_28.php',
+      ),
+      'tags' => 
+      array (
+      ),
+      'date' => '20 Nov 2025',
+      'source' => 
+      array (
+        0 => 
+        array (
+          'filename' => 'php-8.3.28.tar.gz',
+          'name' => 'PHP 8.3.28 (tar.gz)',
+          'sha256' => 
'2f7dda35bbef2842ec61510aaefe52c78361a61f9cfabd99a7789204d6383d9f',
+          'date' => '20 Nov 2025',
+        ),
+        1 => 
+        array (
+          'filename' => 'php-8.3.28.tar.bz2',
+          'name' => 'PHP 8.3.28 (tar.bz2)',
+          'sha256' => 
'd5b385ee351ec463c85d47eeb53b51156f3483eaf3ff43a7ad5080c2b6d4c557',
+          'date' => '20 Nov 2025',
+        ),
+        2 => 
+        array (
+          'filename' => 'php-8.3.28.tar.xz',
+          'name' => 'PHP 8.3.28 (tar.xz)',
+          'sha256' => 
'25e3860f30198a386242891c0bf9e2955931f7b666b96c3e3103d36a2a322326',
+          'date' => '20 Nov 2025',
+        ),
+      ),
+      'museum' => false,
+    ),
     '8.5.0' => 
     array (
       'announcement' => 
diff --git a/include/version.inc b/include/version.inc
index ec358f16a8..c01b287608 100644
--- a/include/version.inc
+++ b/include/version.inc
@@ -46,13 +46,13 @@ $RELEASES = (function () {
 
     /* PHP 8.3 Release */
     $data['8.3'] = [
-        'version' => '8.3.28',
-        'date' => '20 Nov 2025',
-        'tags' => [], // Set to ['security'] for security releases.
+        'version' => '8.3.29',
+        'date' => '18 Dec 2025',
+        'tags' => ['security'], // Set to ['security'] for security releases.
         'sha256' => [
-            'tar.gz' => 
'2f7dda35bbef2842ec61510aaefe52c78361a61f9cfabd99a7789204d6383d9f',
-            'tar.bz2' => 
'd5b385ee351ec463c85d47eeb53b51156f3483eaf3ff43a7ad5080c2b6d4c557',
-            'tar.xz' => 
'25e3860f30198a386242891c0bf9e2955931f7b666b96c3e3103d36a2a322326',
+            'tar.gz' => 
'8565fa8733c640b60da5ab4944bf2d4081f859915b39e29b3af26cf23443ed97',
+            'tar.bz2' => 
'c7337212e655325d499ea8108fa76f69ddde2fff7cb0fad36aa63eed540cb8a5',
+            'tar.xz' => 
'f7950ca034b15a78f5de9f1b22f4d9bad1dd497114d175cb1672a4ca78077af5',
         ]
     ];
 
diff --git a/releases/8_3_29.php b/releases/8_3_29.php
new file mode 100644
index 0000000000..ce3f8c66ac
--- /dev/null
+++ b/releases/8_3_29.php
@@ -0,0 +1,16 @@
+<?php
+$_SERVER['BASE_PAGE'] = 'releases/8_3_29.php';
+include_once __DIR__ . '/../include/prepend.inc';
+site_header('PHP 8.3.29 Release Announcement');
+?>
+<h1>PHP 8.3.29 Release Announcement</h1>
+
+<p>The PHP development team announces the immediate availability of PHP 
8.3.29. This is a security release.</p>
+
+<p>All PHP 8.3 users are encouraged to upgrade to this version.</p>
+
+<p>For source downloads of PHP 8.3.29 please visit our <a 
href="https://www.php.net/downloads.php";>downloads page</a>,
+Windows source and binaries can be found on <a 
href="https://windows.php.net/download/";>windows.php.net/download/</a>.
+The list of changes is recorded in the <a 
href="https://www.php.net/ChangeLog-8.php#8.3.29";>ChangeLog</a>.
+</p>
+<?php site_footer();

[PHP-WEBMASTER] [web-php] master: Announce PHP 8.3.29

Reply via email to