Announce PHP 8.3.29

Author: ericmann

ChangeLog-8.php

@@ -2387,6 +2387,109 @@
 
 <a id="PHP_8_3"></a>
 
+<section class="version" id="8.3.29"><!-- {{{ 8.3.29 -->
+<h3>Version 8.3.29</h3>
+<b><?php release_date('18-Dec-2025'); ?></b>
+<ul><li>Core:
+<ul>
+  <li>Sync all boost.context files with release 1.86.0.</li>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20435); ?> (SensitiveParameter doesn't work for named argument passing to variadic parameter).</li>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20286); ?> (use-after-destroy during userland stream_close()).</li>
+</ul></li>
+<li>Bz2:
+<ul>
+  <li>Fix assertion failures resulting in crashes with stream filter object parameters.</li>
+</ul></li>
+<li>Date:
+<ul>
+  <li>Fix crashes when trying to instantiate uninstantiable classes via date static constructors.</li>
+</ul></li>
+<li>DOM:
+<ul>
+  <li>Fix missing NUL byte check on C14NFile().</li>
+</ul></li>
+<li>Fibers:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20483); ?> (ASAN stack overflow with fiber.stack_size INI small value).</li>
+</ul></li>
+<li>FTP:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20601); ?> (ftp_connect overflow on timeout).</li>
+</ul></li>
+<li>GD:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20511); ?> (imagegammacorrect out of range input/output values).</li>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20602); ?> (imagescale overflow with large height values).</li>
+</ul></li>
+<li>Intl:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20426); ?> (Spoofchecker::setRestrictionLevel() error message suggests missing constants).</li>
+</ul></li>
+<li>LibXML:
+<ul>
+  <li>Fix some deprecations on newer libxml versions regarding input buffer/parser handling.</li>
+</ul></li>
+<li>MbString:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20491); ?> (SLES15 compile error with mbstring oniguruma).</li>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20492); ?> (mbstring compile warning due to non-strings).</li>
+</ul></li>
+<li>MySQLnd:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20528); ?> (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets).</li>
+</ul></li>
+<li>Opcache:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20329); ?> (opcache.file_cache broken with full interned string buffer).</li>
+</ul></li>
+<li>PDO:
+<ul>
+  <li>Fixed <?php githubsecurityl('php/php-src', '8xr5-qppj-gvwj'); ?> (PDO quoting result null deref). (CVE-2025-14180)</li>
+</ul></li>
+<li>Phar:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20442); ?> (Phar does not respect case-insensitiveness of __halt_compiler() when reading stub).</li>
+  <li>Fix broken return value of fflush() for phar file entries.</li>
+  <li>Fix assertion failure when fseeking a phar file out of bounds.</li>
+</ul></li>
+<li>PHPDBG:
+<ul>
+  <li>Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog().</li>
+</ul></li>
+<li>SPL:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20614); ?> (SplFixedArray incorrectly handles references in deserialization).</li>
+</ul></li>
+<li>Standard:
+<ul>
+  <li>Fix memory leak in array_diff() with custom type checks.</li>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20583); ?> (Stack overflow in http_build_query via deep structures).</li>
+  <li>Fixed <?php githubsecurityl('php/php-src', 'www2-q4fc-65wf'); ?> (Null byte termination in dns_get_record()).</li>
+  <li>Fixed <?php githubsecurityl('php/php-src', 'h96m-rvf9-jgm2'); ?> (Heap buffer overflow in array_merge()). (CVE-2025-14178)</li>
+  <li>Fixed <?php githubsecurityl('php/php-src', '3237-qqm7-mfv7'); ?> (Information Leak of Memory in getimagesize). (CVE-2025-14177)</li>
+</ul></li>
+<li>Tidy:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20374); ?> (PHP with tidy and custom-tags).</li>
+</ul></li>
+<li>XML:
+<ul>
+  <li>Fixed bug <?php githubissuel('php/php-src', 20439); ?> (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback).</li>
+</ul></li>
+<li>Zip:
+<ul>
+  <li>Fix crash in property existence test.</li>
+  <li>Don't truncate return value of zip_fread() with user sizes.</li>
+</ul></li>
+<li>Zlib:
+<ul>
+  <li>Fix assertion failures resulting in crashes with stream filter object parameters.</li>
+</ul></li>
+</ul>
+<!-- }}} --></section>
+
+
+
 <section class="version" id="8.3.28"><!-- {{{ 8.3.28 -->
 <h3>Version 8.3.28</h3>
 <b><?php release_date('20-Nov-2025'); ?></b>

archive/archive.xml

@@ -9,6 +9,7 @@
     <uri>http://php.net/contact</uri>
     <email>[email protected]</email>
   </author>
+  <xi:include href="entries/2025-12-18-2.xml"/>
   <xi:include href="entries/2025-12-18-1.xml"/>
   <xi:include href="entries/2025-12-17-1.xml"/>
   <xi:include href="entries/2025-11-30-1.xml"/>

archive/entries/2025-12-18-2.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<entry xmlns="http://www.w3.org/2005/Atom">
+  <title>PHP 8.3.29 Released!</title>
+  <id>https://www.php.net/archive/2025.php#2025-12-18-2</id>
+  <published>2025-12-18T15:37:23+00:00</published>
+  <updated>2025-12-18T15:37:23+00:00</updated>
+  <link href="https://www.php.net/index.php#2025-12-18-2" rel="alternate" type="text/html"/>
+  <link href="https://www.php.net/archive/2025.php#2025-12-18-2" rel="via" type="text/html"/>
+  <category term="releases" label="New PHP release"/>
+  <category term="frontpage" label="PHP.net frontpage news"/>
+  <content type="xhtml">
+    <div xmlns="http://www.w3.org/1999/xhtml"><p>The PHP development team announces the immediate availability of PHP 8.3.29. This is a security release.</p>
+
+<p>All PHP 8.3 users are encouraged to upgrade to this version.</p>
+
+<p>For source downloads of PHP 8.3.29 please visit our <a href="https://www.php.net/downloads.php">downloads page</a>,
+Windows source and binaries can be found on <a href="https://windows.php.net/download/">windows.php.net/download/</a>.
+The list of changes is recorded in the <a href="https://www.php.net/ChangeLog-8.php#8.3.29">ChangeLog</a>.
+</p>    </div>
+  </content>
+</entry>

include/release-qa.php

@@ -75,12 +75,12 @@
         'active'  => true,
         'release' => [
             'type'       => 'RC',
-            'number'     => 1,
-            'sha256_bz2' => 'b82bc56afcdd406f2f28611612bb51b21805b7cf222c97d6bfa2fdc1918145b0',
-            'sha256_gz'  => 'c74b7e27b06ec12e8d1e9e04baac084bd5ff1aff41cc640ab431a7a51eac8914',
-            'sha256_xz'  => 'f405920ef2281b47a97bd6972c78917922c9c174e00576791a96f32713696d56',
+            'number'     => 0,
+            'sha256_bz2' => '',
+            'sha256_gz'  => '',
+            'sha256_xz'  => '',
             'date'       => '04 Dec 2025',
-            'baseurl'    => 'https://downloads.php.net/~eric/',
+            'baseurl'    => 'https://downloads.php.net/',
         ],
     ],
 

include/releases.inc

@@ -2,6 +2,42 @@
 $OLDRELEASES = array (
   8 => 
   array (
+    '8.3.28' => 
+    array (
+      'announcement' => 
+      array (
+        'English' => '/releases/8_3_28.php',
+      ),
+      'tags' => 
+      array (
+      ),
+      'date' => '20 Nov 2025',
+      'source' => 
+      array (
+        0 => 
+        array (
+          'filename' => 'php-8.3.28.tar.gz',
+          'name' => 'PHP 8.3.28 (tar.gz)',
+          'sha256' => '2f7dda35bbef2842ec61510aaefe52c78361a61f9cfabd99a7789204d6383d9f',
+          'date' => '20 Nov 2025',
+        ),
+        1 => 
+        array (
+          'filename' => 'php-8.3.28.tar.bz2',
+          'name' => 'PHP 8.3.28 (tar.bz2)',
+          'sha256' => 'd5b385ee351ec463c85d47eeb53b51156f3483eaf3ff43a7ad5080c2b6d4c557',
+          'date' => '20 Nov 2025',
+        ),
+        2 => 
+        array (
+          'filename' => 'php-8.3.28.tar.xz',
+          'name' => 'PHP 8.3.28 (tar.xz)',
+          'sha256' => '25e3860f30198a386242891c0bf9e2955931f7b666b96c3e3103d36a2a322326',
+          'date' => '20 Nov 2025',
+        ),
+      ),
+      'museum' => false,
+    ),
     '8.5.0' => 
     array (
       'announcement' => 

include/version.inc

@@ -46,13 +46,13 @@ $RELEASES = (function () {
 
     /* PHP 8.3 Release */
     $data['8.3'] = [
-        'version' => '8.3.28',
-        'date' => '20 Nov 2025',
-        'tags' => [], // Set to ['security'] for security releases.
+        'version' => '8.3.29',
+        'date' => '18 Dec 2025',
+        'tags' => ['security'], // Set to ['security'] for security releases.
         'sha256' => [
-            'tar.gz' => '2f7dda35bbef2842ec61510aaefe52c78361a61f9cfabd99a7789204d6383d9f',
-            'tar.bz2' => 'd5b385ee351ec463c85d47eeb53b51156f3483eaf3ff43a7ad5080c2b6d4c557',
-            'tar.xz' => '25e3860f30198a386242891c0bf9e2955931f7b666b96c3e3103d36a2a322326',
+            'tar.gz' => '8565fa8733c640b60da5ab4944bf2d4081f859915b39e29b3af26cf23443ed97',
+            'tar.bz2' => 'c7337212e655325d499ea8108fa76f69ddde2fff7cb0fad36aa63eed540cb8a5',
+            'tar.xz' => 'f7950ca034b15a78f5de9f1b22f4d9bad1dd497114d175cb1672a4ca78077af5',
         ]
     ];
 

releases/8_3_29.php

@@ -0,0 +1,16 @@
+<?php
+$_SERVER['BASE_PAGE'] = 'releases/8_3_29.php';
+include_once __DIR__ . '/../include/prepend.inc';
+site_header('PHP 8.3.29 Release Announcement');
+?>
+<h1>PHP 8.3.29 Release Announcement</h1>
+
+<p>The PHP development team announces the immediate availability of PHP 8.3.29. This is a security release.</p>
+
+<p>All PHP 8.3 users are encouraged to upgrade to this version.</p>
+
+<p>For source downloads of PHP 8.3.29 please visit our <a href="https://www.php.net/downloads.php">downloads page</a>,
+Windows source and binaries can be found on <a href="https://windows.php.net/download/">windows.php.net/download/</a>.
+The list of changes is recorded in the <a href="https://www.php.net/ChangeLog-8.php#8.3.29">ChangeLog</a>.
+</p>
+<?php site_footer();