PHP (64-bit)

What's new in this version:

Core:
- Added the #[NoDiscard] attribute to indicate that a function's return value is important and should be consumed.
- Added the (void) cast to indicate that not using a value is intentional.
- Added get_error_handler(), get_exception_handler() functions.
- Added support for casts in constant expressions.
- Added the pipe (|>) operator.
- Added the #[DelayedTargetValidation] attribute to delay target errors for internal attributes from compile time to runtime.
- Added support for `final` with constructor property promotion.
- Added support for configuring the URI parser for the FTP/FTPS as well as the SSL/TLS stream wrappers
- Added PHP_BUILD_PROVIDER constant.
- Added PHP_BUILD_DATE constant.
- Added support for Closures and first class callables in constant expressions.
- Add support for backtraces for fatal errors.
- Add clone-with support to the clone() function.
- Add RFC 3986 and WHATWG URL compliant APIs for URL parsing and manipulation (kocsismate, timwolla)
- Fixed AST printing for immediately invoked Closure.
- Properly handle __debugInfo() returning an array reference.
- Properly handle reference return value from __toString()
- Improved error message of UnhandledMatchError for zend.exception_string_param_max_len=0.
- Fixed bug GH-15753 and GH-16198 (Bind traits before parent class)
- Fixed bug GH-17951 (memory_limit is not always limited by max_memory_limit)
- Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval)
- Fixed bug GH-20113 (Missing new Foo(...) error in constant expressions)
- Fixed bug GH-19844 (Don't bail when closing resources on shutdown)
- Fixed bug GH-20177 (Accessing overridden private property in get_object_vars() triggers assertion error)
- Fix OSS-Fuzz #447521098 (Fatal error during sccp shift eval)
- Fixed bug GH-20002 (Broken build on *BSD with MSAN)
- Fixed bug GH-19352 (Cross-compilation with musl C library)
- Fixed bug GH-19765 (object_properties_load() bypasses readonly property checks)
- Fixed hard_timeout with --enable-zend-max-execution-timers.
- Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array)
- Fixed bug GH-19823 (register_argc_argv deprecation emitted twice when using OPcache)
- Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is configured)
- Fixed bug GH-19719 (Allow empty statements before declare(strict_types))
- Fixed bug GH-19934 (CGI with auto_globals_jit=0 causes uouv)
- Fixed bug GH-19613 (Stale array iterator pointer)
- Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge)
- Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0)
- Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant already defined" warning)
- Fixed bug GH-19476 (pipe operator fails to correctly handle returning by reference)
- Fixed bug GH-19081 (Wrong lineno in property error with constructor property promotion)
- Fixed bug GH-17959 (Relax missing trait fatal error to error exception)
- Fixed bug GH-18033 (NULL-ptr dereference when using register_tick_function in destructor)
- Fixed bug GH-18026 (Improve "expecting token" error for ampersand)
- The report_memleaks INI directive has been deprecated.
- Fixed OSS-Fuzz #439125710 (Pipe cannot be used in write context)
- Fixed bug GH-19548 (Shared memory violation on property inheritance)
- Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap references)
- Fixed bug GH-18373 (Don't substitute self/parent with anonymous class)
- Fix support for non-userland stream notifiers.
- Fixed bug GH-19305 (Operands may be being released during comparison)
- Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator)
- Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes)
- Fix OSS-Fuzz #427814452 (pipe compilation fails with assert)
- Fixed bug GH-16665 (array and callable should not be usable in class_alias)
- Use `clock_gettime_nsec_np()` for high resolution timer on macOS if available.
- Make `clone()` a function.
- Introduced the TAILCALL VM, enabled by default when compiling with Clang>=19 on x86_64 or aarch64.
- Enacted the follow-up phase of the "Path to Saner Increment/Decrement operators" RFC, meaning that incrementing non-numeric strings is now deprecated. (Girgias)
- Various closure binding issues are now deprecated.
- Constant redeclaration has been deprecated.
- Marks the stack as non-executable on Haiku.
- Deriving $_SERVER['argc'] and $_SERVER['argv'] from the query string is now deprecated.
- Using null as an array offset or when calling array_key_exists() is now deprecated.
- The disable_classes INI directive has been removed.
- The locally predefined variable $http_response_header is deprecated.
- Non-canonical cast names (boolean), (integer), (double), and (binary) have been deprecated.
- The $exclude_disabled parameter of the get_defined_functions() function has been deprecated, as it no longer has any effect since PHP 8.0.
- Terminating case statements with a semicolon instead of a colon has been deprecated.
- The backtick operator as an alias for shell_exec() has been deprecated.
- Returning null from __debugInfo() has been deprecated.
- Support #[Override] on properties.
- Destructing non-array values (other than NULL) using [] or list() now emits a warning.
- Casting floats that are not representable as ints now emits a warning.
- Casting NAN to other types now emits a warning.
- Implement GH-15680 (Enhance zend_dump_op_array to properly represent non-printable characters in string literals)
- Fixed bug GH-17442 (Engine UAF with reference assign and dtor)
- Do not use RTLD_DEEPBIND if dlmopen is available.

BCMath:
- Simplify `bc_divide()` code.
- If the result is 0, n_scale is set to 0.
- If size of BC_VECTOR array is within 64 bytes, stack area is now used.
- Fixed bug GH-20006 (Power of 0 of BcMath number causes UB)

Bz2:
- Fixed bug GH-19810 (Broken bzopen() stream mode validation)

CLI:
- Add --ini=diff to print INI settings changed from the builtin default.
- Drop support for -z CLI/CGI flag.
- Fixed GH-17956 - development server 404 page does not adapt to mobiles.
- Fix useless "Failed to poll event" error logs due to EAGAIN in CLI server with PHP_CLI_SERVER_WORKERS.
- Fixed bug GH-19461 (Improve error message on listening error with IPv6 address)

COM:
- Fixed property access of PHP objects wrapped in variant.
- Fixed method calls for PHP objects wrapped in variant.

Curl:
- Added CURLFOLLOW_ALL, CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY values for CURLOPT_FOLLOWLOCATION curl_easy_setopt option.
- Added curl_multi_get_handles()
- Added curl_share_init_persistent()
- Added CURLINFO_USED_PROXY, CURLINFO_HTTPAUTH_USED, and CURLINFO_PROXYAUTH_USED support to curl_getinfo.
- Add support for CURLINFO_CONN_ID in curl_getinfo() (thecaliskan)
- Add support for CURLINFO_QUEUE_TIME_T in curl_getinfo() (thecaliskan)
- Add support for CURLOPT_SSL_SIGNATURE_ALGORITHMS.
- The curl_close() function has been deprecated.
- The curl_share_close() function has been deprecated.
- Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead of the curl_copy_handle() function to clone a CurlHandle.

Date:
- Fix undefined behaviour problems regarding integer overflow in extreme edge cases.
- The DATE_RFC7231 and DateTimeInterface::RFC7231 constants have been deprecated.
- Fixed date_sunrise() and date_sunset() with partial-hour UTC offset.
- Fixed GH-17159: "P" format for ::createFromFormat swallows string literals.
- The __wakeup() magic method of DateTimeInterface, DateTime, DateTimeImmutable, DateTimeZone, DateInterval, and DatePeriod has been deprecated in favour of the __unserialize() magic method.

DOM:
- Added DomElement::$outerHTML
- Added DomElement::insertAdjacentHTML()
- Added $children property to ParentNode implementations
- Make cloning DOM node lists, maps, and collections fail
- Added DomElement::getElementsByClassName()
- Fixed bug GH-18877 (DomHTMLDocument querySelectorAll selecting only the first when using ~ and :has)
- Fix getNamedItemNS() incorrect namespace check

Enchant:
- Added enchant_dict_remove_from_session()
- Added enchant_dict_remove()
- Fix missing empty string checks

EXIF:
- Add OffsetTime* Exif tags.
- Added support to retrieve Exif from HEIF file
- Fix OSS-Fuzz #442954659 (zero-size box in HEIF file causes infinite loop)
- Fix OSS-Fuzz #442954659 (Crash in exif_scan_HEIF_header)
- Various hardening fixes to HEIF parsing

FileInfo:
- The finfo_close() function has been deprecated
- The $context parameter of the finfo_buffer() function has been deprecated as it is ignored.
- Upgrade to file 5.46.
- Change return type of finfo_close() to true

Filter:
- Added support for configuring the URI parser for FILTER_VALIDATE_URL
- Fixed bug GH-16993 (filter_var_array with FILTER_VALIDATE_INT|FILTER_NULL_ON_FAILURE should emit warning for invalid filter usage)

FPM:
- Fixed bug GH-19817 (Decode SCRIPT_FILENAME issue in php 8.5)
- Fixed bug GH-19989 (PHP 8.5 FPM access log lines also go to STDERR)
- Fixed GH-17645 (FPM with httpd ProxyPass does not decode script path)
- Make FPM access log limit configurable using log_limit
- Fixed failed debug assertion when php_admin_value setting fails
- Fixed GH-8157 (post_max_size evaluates .user.ini too late in php-fpm)

GD:
- Fixed bug #68629 (Transparent artifacts when using imagerotate)
- Fixed bug #64823 (ZTS GD fails to find system TrueType font)
- Fix incorrect comparison with result of php_stream_can_cast()
- The imagedestroy() function has been deprecated.

Iconv:
- Extends the ICONV_CONST preprocessor for illumos/solaris.

Intl:
- Bumped ICU requirement to ICU >= 57.1.
- IntlDateFormatter::setTimeZone()/datefmt_set_timezone() throws an exception with uninitialised classes or clone failure.
- Added DECIMAL_COMPACT_SHORT/DECIMAL_COMPACT_LONG for NumberFormatter class.
- Added Locale::isRightToLeft to check if a locale is written right to left.
- Added null bytes presence in locale inputs for Locale class.
- Added grapheme_levenshtein() function.
- Added Locale::addLikelySubtags/Locale::minimizeSubtags to handle adding/removing likely subtags to a locale.
- Added IntlListFormatter class to format a list of items with a locale, operands types and units.
- Added grapheme_strpos(), grapheme_stripos(), grapheme_strrpos(), grapheme_strripos(), grapheme_substr(), grapheme_strstr(), grapheme_stristr() and grapheme_levenshtein() functions add $locale parameter (Yuya Hamada)
- Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter)
- Fixed bug GH-18566 ([intl] Weird numeric sort in Collator)
- Fix return value on failure for resourcebundle count handler.
- Fixed bug GH-19307 (PGO builds of shared ext-intl are broken)
- Intl's internal error mechanism has been modernized so that it indicates more accurately which call site caused what error. Moreover, some ext/date exceptions have been wrapped inside a IntlException now.
- The intl.error_level INI setting has been deprecated.

LDAP:
- Allow ldap_get_option to retrieve global option by allowing NULL for connection instance ($ldap)

MBstring:
- Updated Unicode data tables to Unicode 17.0.

MySQLi:
- Fixed bugs GH-17900 and GH-8084 (calling mysqli::__construct twice)
- The mysqli_execute() alias function has been deprecated.

MySQLnd:
- Added mysqlnd.collect_memory_statistics to ini quick reference.

ODBC:
- Removed driver-specific build flags and support.
- Remove ODBCVER and assume ODBC 3.5.

Opcache:
- Make OPcache non-optional (Arnaud, timwolla)
- Added opcache.file_cache_read_only.
- Updated default value of opcache.jit_hot_loop.
- Log a warning when opcache lock file permissions could not be changed.
- Fixed bug GH-20012 (heap buffer overflow in jit)
- Partially fixed bug GH-17733 (Avoid calling wrong function when reusing file caches across differing environments)
- Disallow changing opcache.memory_consumption when SHM is already set up.
- Fixed bug GH-15074 (Compiling opcache statically into ZTS PHP fails)
- Fixed bug GH-17422 (OPcache bypasses the user-defined error handler for deprecations)
- Fixed bug GH-19301 (opcache build failure)
- Fixed bug GH-20081 (access to uninitialized vars in preload_load())
- Fixed bug GH-20121 (JIT broken in ZTS builds on MacOS 15)
- Fixed bug GH-19875 (JIT 1205 segfault on large file compiled in subprocess)
- Fixed segfault in function JIT due to NAN to bool warning.
- Fixed bug GH-19984 (Double-free of EG(errors)/persistent_script->warnings on persist of already persisted file)
- Fixed bug GH-19889 (race condition in zend_runtime_jit(), zend_jit_hot_func())
- Fixed bug GH-19669 (assertion failure in zend_jit_trace_type_to_info_ex)
- Fixed bug GH-19831 (function JIT may not deref property value)
- Fixed bug GH-19486 (Incorrect opline after deoptimization)
- Fixed bug GH-19601 (Wrong JIT stack setup on aarch64/clang)
- Fixed bug GH-19388 (Broken opcache.huge_code_pages)
- Fixed bug GH-19657 (Build fails on non-glibc/musl/freebsd/macos/win platforms)
- Fixed ZTS OPcache build on Cygwin.
- Fixed bug GH-19493 (JIT variable not stored before YIELD)

OpenSSL:
- Added openssl.libctx INI that allows to select the OpenSSL library context type and convert various parts of the extension to use the custom libctx.
- Add $digest_algo parameter to openssl_public_encrypt() and openssl_private_decrypt() functions.
- Implement #81724 (openssl_cms_encrypt only allows specific ciphers)
- Implement #80495 (Enable to set padding in openssl_(sign|verify)
- Implement #47728 (openssl_pkcs7_sign ignores new openssl flags)
- Fixed bug GH-19994 (openssl_get_cipher_methods inconsistent with fetching)
- Fixed build when --with-openssl-legacy-provider set.
- Fixed bug GH-19369 (8.5 | Regression in openssl_sign() - support for alias algorithms appears to be broken)
- The $key_length parameter for openssl_pkey_derive() has been deprecated.

Output:
- Fixed calculation of aligned buffer size.

PCNTL:
- Extend pcntl_waitid with rusage parameter.

PCRE:
- Remove PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK from pcre compile options.

PDO:
- Fixed bug GH-20095 (Incorrect class name in deprecation message for PDO mixins)
- Driver specific methods and constants in the PDO class are now deprecated.
- The "uri:" DSN scheme has been deprecated due to security concerns with DSNs coming from remote URIs.

PDO_ODBC:
- Fetch larger block sizes and better handle SQL_NO_TOTAL when calling SQLGetData.

PDO_PGSQL:
- Added Iterable support for PDO::pgsqlCopyFromArray.
- Implement GH-15387 PdoPgsql::setAttribute(PDO::ATTR_PREFETCH, 0) or PdoPgsql::prepare(…, [ PDO::ATTR_PREFETCH => 0 ]) make fetch() lazy instead of storing the whole result set in memory (Guillaume Outters)

PDO_SQLITE:
- Add PDOSqlite::ATTR_TRANSACTION_MODE connection attribute.
- Implement GH-17321: Add setAuthorizer to PdoSqlite.
- PDO::sqliteCreateCollation now throws a TypeError if the callback has a wrong return type.
- Added Pdo_Sqlite::ATTR_BUSY_STATEMENT constant to check if a statement is currently executing.
- Added Pdo_Sqlite::ATTR_EXPLAIN_STATEMENT constant to set a statement in either EXPLAIN_MODE_PREPARED, EXPLAIN_MODE_EXPLAIN, EXPLAIN_MODE_EXPLAIN_QUERY_PLAN modes.
- Fix bug GH-13952 (sqlite PDO::quote silently corrupts strings with null bytes) by throwing on null bytes.

PGSQL:
- Added pg_close_stmt to close a prepared statement while allowing its name to be reused.
- Added Iterable support for pgsql_copy_from.
- pg_connect checks if connection_string contains any null byte, pg_close_stmt check if the statement contains any null byte.
- Added pg_service to get the connection current service identifier.
- Fix segfaults when attempting to fetch row into a non-instantiable class name.

Phar:
- Fix potential buffer length truncation due to usage of type int instead of type size_t.
- Fixed memory leaks when verifying OpenSSL signature.

POSIX:
- Added POSIX_SC_OPEN_MAX constant to get the number of file descriptors a process can handle.
- posix_ttyname() sets last_error to EBADF on invalid file descriptors, posix_isatty() raises E_WARNING on invalid file descriptors, posix_fpathconf checks invalid file descriptors.
- posix_kill and posix_setpgid throws a ValueError on invalid process_id.
- posix_setpgid throws a ValueError on invalid process_group_id, posix_setrlimit throws a ValueError on invalid soft_limit and hard_limit arguments.

Random:
- Moves from /dev/urandom usage to arc4random_buf on Haiku.

Reflection:
- Added ReflectionConstant::getExtension() and ::getExtensionName()
- Added ReflectionProperty::getMangledName() method.
- ReflectionConstant is no longer final.
- The setAccessible() methods of various Reflection objects have been deprecated, as those no longer have an effect.
- ReflectionClass::getConstant() for constants that do not exist has been deprecated.
- ReflectionProperty::getDefaultValue() for properties without default values has been deprecated.
- Fixed bug GH-12856 (ReflectionClass::getStaticPropertyValue() returns UNDEF zval for uninitialized typed properties)
- Fixed bug GH-15766 (ReflectionClass::__toString() should have better output for enums)
- Fix GH-19691 (getModifierNames() not reporting asymmetric visibility)
- Fixed bug GH-17927 (Reflection: have some indication of property hooks in `_property_string()`)
- Fixed bug GH-19187 (ReflectionNamedType::getName() prints nullable type when retrieved from ReflectionProperty::getSettableType())
- Fixed bug GH-20217 (ReflectionClass::isIterable() incorrectly returns true for classes with property hooks)

SAPI:
- Fixed bug GH-18582 and #81451: http_response_code() does not override the status code generated by header()

Session:
- session_start() throws a ValueError on option argument if not a hashmap or a TypeError if read_and_close value is not compatible with int.
- Added support for partitioned cookies.
- Fix RC violation of session SID constant deprecation attribute.
- Fixed GH-19197: build broken with ZEND_STRL usage with memcpy when implemented as macro.

SimpleXML:
- Fixed bug GH-12231 (SimpleXML xpath should warn when returning other return types than node lists)

SNMP:
- snmpget, snmpset, snmp_get2, snmp_set2, snmp_get3, snmp_set3 and SNMP::__construct() throw an exception on invalid hostname, community timeout and retries arguments.

SOAP:
- Added support for configuring the URI parser for SoapClient::__doRequest()
- Implement request #55503 (Extend __getTypes to support enumerations)
- Implement request #61105 (Support Soap 1.2 SoapFault Reason Text lang attribute)
- Fixed bug #49169 (SoapServer calls wrong function, although "SOAP action" header is correct)
- Fix namespace handling of WSDL and XML schema in SOAP, fixing at least GH-16320 and bug #68576.
- Fixed bug #70951 (Segmentation fault on invalid WSDL cache)
- Fixed bug GH-19773 (SIGSEGV due to uninitialized soap_globals->lang_en)
- Fixed bug GH-19226 (Segfault when spawning new thread in soap extension)

Sockets:
- Added IPPROTO_ICMP/IPPROTO_ICMPV6 to create raw socket for ICMP usage.
- Added TCP_FUNCTION_BLK to change the TCP stack algorithm on FreeBSD.
- Added IP_BINDANY for a socket to bind to any address.
- Added SO_BUSY_POOL to reduce packets poll latency.
- Added UDP_SEGMENT support to optimise multiple large datagrams over UDP if the kernel and hardware supports it.
- Added SHUT_RD, SHUT_WR and SHUT_RDWR constants for socket_shutdown()
- Added TCP_FUNCTION_ALIAS, TCP_REUSPORT_LB_NUMA, TCP_REUSPORT_LB_NUMA_NODOM, TCP_REUSPORT_LB_CURDOM, TCP_BBR_ALGORITHM constants.
- socket_set_option() catches possible overflow with SO_RCVTIMEO/SO_SNDTIMEO with timeout setting on windows.
- socket_create_listen() throws an exception on invalid port value.
- socket_bind() throws an exception on invalid port value.
- socket_sendto() throws an exception on invalid port value.
- socket_addrinfo_lookup throws an exception on invalid hints value types.
- socket_addrinfo_lookup throws an exception if any of the hints value overflows.
- socket_addrinfo_lookup throws an exception if one or more hints entries has an index as numeric.
- socket_set_option with the options MCAST_LEAVE_GROUP/MCAST_LEAVE_SOURCE_GROUP will throw an exception if its value is not a valid array/object.
- socket_getsockname/socket_create/socket_bind handled AF_PACKET family socket.
- socket_set_option for multicast context throws a ValueError when the socket family is not of AF_INET/AF_INET6 family.

Sodium:
- Fix overall theoretical overflows on zend_string buffer allocations.

SPL:
- Fixed bug GH-20101 (SplHeap/SplPriorityQueue serialization exposes INDIRECTs)
- Improve __unserialize() hardening for SplHeap/SplPriorityQueue.
- Deprecate ArrayObject and ArrayIterator with objects.
- Unregistering all autoloaders by passing the spl_autoload_call() function as a callback argument to spl_autoload_unregister() has been deprecated. Instead if this is needed, one should iterate over the return value of spl_autoload_functions() and call spl_autoload_unregister() on each value.
- The SplObjectStorage::contains(), SplObjectStorage::attach(), and SplObjectStorage::detach() methods have been deprecated in favour of SplObjectStorage::offsetExists(), SplObjectStorage::offsetSet(), and SplObjectStorage::offsetUnset() respectively.

Sqlite:
- Added Sqlite3Stmt::busy to check if a statement is still being executed.
- Added Sqlite3Stmt::explain to produce an explain query plan from the statement.
- Added Sqlite3Result::fetchAll to return all results at once from a query.

Standard:
- Add HEIF/HEIC support to getimagesize.
- Added support for partitioned cookies.
- Implement #71517 (Implement SVG support for getimagesize() and friends)
- Implement GH-19188: Add support for new INI mail.cr_lf_mode.
- Optimized PHP html_entity_decode function.
- Minor optimization to array_chunk()
- Optimized pack()
- Fixed crypt() tests on musl when using --with-external-libcrypt (Michael Orlitzky)
- Fixed bug GH-18062 (is_callable(func(...), callable_name: $name) for first class callables returns wrong name)
- Added array_first() and array_last()
- Fixed bug GH-18823 (setlocale's 2nd and 3rd argument ignores strict_types)
- Fixed exit code handling of sendmail cmd and added warnings.
- Fixed bug GH-18897 (printf: empty precision is interpreted as precision 6, not as precision 0)
- Fixed bug GH-20257 (mail() heap overflow with an empty message in lf mode)
- Fixed bug GH-20201 (AVIF images misdetected as HEIF after introducing HEIF support in getimagesize())
- Fixed bug GH-19926 (reset internal pointer earlier while splicing array while COW violation flag is still set)
- Fixed bug GH-19801 (leaks in var_dump() and debug_zval_dump())
- Fixed GH-14402 (SplPriorityQueue, SplMinHeap, and SplMaxHeap lost their data on serialize())
- Fixed GH-19610 (Deprecation warnings in functions taking as argument)
- Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator)
- Fixed bug GH-19153 (#[Attribute] validation should error on trait/interface/enum/abstract class)
- Fixed bug GH-19070 (setlocale($type, NULL) should not be deprecated)
- Fixed bug GH-16649 (UAF during array_splice)
- Passing strings which are not one byte long to ord() is now deprecated.
- Passing integers outside the interval [0, 255] to chr() is now deprecated.
- The socket_set_timeout() alias function has been deprecated.
- Passing null to readdir(), rewinddir(), and closedir() to use the last opened directory has been deprecated.

Streams:
- Fixed bug GH-16889 (stream_select() timeout useless for pipes on Windows)
- Fixed bug GH-19798: XP_SOCKET XP_SSL (Socket stream modules): Incorrect condition for Win32/Win64.
- Fixed bug GH-14506 (Closing a userspace stream inside a userspace handler causes heap corruption)
- Avoid double conversion to string in php_userstreamop_readdir()

Tests:
- Allow to shuffle tests even in non-parallel mode.

Tidy:
- tidy::__construct/parseFile/parseString methods throw an exception if the configuration argument is invalid.
- Fixed GH-19021 (improved tidyOptGetCategory detection)

Tokenizer:
- Fixed bug GH-19507 (Corrupted result after recursive tokenization during token_get_all())

URI:
- Add new URI extension

Windows:
- Fixed bug GH-10992 (Improper long path support for relative paths)
- Fixed bug GH-16843 (Windows phpize builds ignore source subfolders)
- Fix GH-19722 (_get_osfhandle asserts in debug mode when given a socket)

XML:
- The xml_parser_free() function has been deprecated
- XMLWriter:
- Improved performance and reduce memory consumption

XSL:
- Implement request #30622 (make $namespace parameter functional)

Zlib:
- gzfile, gzopen and readgzfile, their "use_include_path" argument is now a boolean
- Fixed bug GH-16883 (gzopen() does not use the default stream context when opening HTTP URLs)
- Implemented GH-17668 (zlib streams should support locking)

Zip:
- Fixed missing zend_release_fcall_info_cache on the following methods ZipArchive::registerProgressCallback() and ZipArchive::registerCancelCallback() on failure