PHP 8.5 UPGRADE NOTES 1. Backward Incompatible Changes 2. New Features 3. Changes in SAPI modules 4. Deprecated Functionality 5. Changed Functions 6. New Functions 7. New Classes and Interfaces 8. Removed Extensions and SAPIs 9. Other Changes to Extensions 10. New Global Constants 11. Changes to INI File Handling 12. Windows Support 13. Other Changes 14. Performance Improvements ======================================== 1. Backward Incompatible Changes ======================================== - BZ2: . bzcompress() now throws a ValueError when $block_size is not between 1 and 9. . bzcompress() now throws a ValueError when $work_factor is not between 0 and 250. - Core: . It is no longer possible to use "array" and "callable" as class alias names in class_alias(). . Loosely comparing uncomparable objects (e.g. enums, \CurlHandle and other internal classes) to booleans was previously inconsistent. If compared to a boolean literal $object == true, it would behave the same way as (bool) $object. If compared to a statically unknown value $object == $true, it would always return false. This behavior was consolidated to always follow the behavior of (bool) $object. . The return value of gc_collect_cycles() no longer includes strings and resources that were indirectly collected through cycles. . It is now allowed to substitute static with self or the concrete class name in final subclasses. . The tick handlers are now deactivated after all shutdown functions, destructors have run and the output handlers have been cleaned up. This is a consequence of fixing GH-18033. . Traits are now bound before the parent class. This is a subtle behavioral change, but should closer match user expectations, demonstrated by GH-15753 and GH-16198. - FileInfo: . finfo_file() and finfo::file() now throws a ValueError instead of a TypeError when $filename contains nul bytes. This aligns the type of Error thrown to be consistent with the rest of the language. - Intl: . The extension now requires at least ICU 57.1. - LDAP: . ldap_get_option() and ldap_set_option() now throw a ValueError when passing an invalid option. - MySQLi: . Calling the mysqli constructor on an already-constructed object is now no longer possible and throws an Error. - PCNTL: . pcntl_exec() now throws ValueErrors when entries of the $args parameter contain null bytes. . pcntl_exec() now throws ValueErrors when entries or keys of the $env_vars parameter contain null bytes. - PCRE: . The extension is compiled without semi-deprecated PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK compile option. https://github.com/PCRE2Project/pcre2/issues/736#issuecomment-2754024651 - PDO: . The constructor arguments set in conjunction with PDO::FETCH_CLASS now follow the usual CUFA (call_user_func_array) semantics. This means string keys will act like a named argument. Moreover, automatic wrapping for by-value arguments passed to a by-ref parameter has been removed, and the usual E_WARNING about this is now emitted. To pass a variable by-ref to a constructor argument use the general array value reference assignment: $ctor_args = [&$valByRef] . Attempting to call PDOStatement::setFetchMode during a call to PDO::fetch(), PDO::fetchObject(), PDO::fetchAll(), for example using tricks such as passing the statement object as a constructor argument when fetching into an object, will now throw an Error. . The value of the constants PDO::FETCH_GROUP, PDO::FETCH_UNIQUE, PDO::FETCH_CLASSTYPE, PDO::FETCH_PROPS_LATE, and PDO::FETCH_SERIALIZE has changed. . A ValueError is now thrown if PDO::FETCH_PROPS_LATE is used with a fetch mode different than PDO::FETCH_CLASS, consistent with other fetch flags. . A ValueError is now thrown if PDO::FETCH_INTO is used as a fetch mode in PDO::fetchAll(), similar to PDO::FETCH_LAZY. - PDO_FIREBIRD: . A ValueError is now thrown when trying to set a cursor name that is too long on a PDOStatement resulting from the Firebird driver. - SimpleXML: . Passing an XPath expression that returns something other than a node set to SimpleXMLElement::xpath() will now emit a warning and return false, instead of silently failing and returning an empty array. - SPL: . ArrayObject no longer accepts enums, as modifying the $name or $value properties can break engine assumptions. . SplFileObject::fwrite's parameter $length is now nullable. The default value changed from 0 to null. ======================================== 2. New Features ======================================== - Core: . Closure is now a proper subtype of callable . Added support for Closures and first class callables in constant expressions. RFC: https://wiki.php.net/rfc/closures_in_const_expr RFC: https://wiki.php.net/rfc/fcc_in_const_expr . Fatal Errors (such as an exceeded maximum execution time) now include a backtrace. RFC: https://wiki.php.net/rfc/error_backtraces_v2 . Added the #[\NoDiscard] attribute to indicate that a function's return value is important and should be consumed. RFC: https://wiki.php.net/rfc/marking_return_value_as_important . Added the (void) cast to indicate that not using a value is intentional. The (void) cast has no effect on the program's execution by itself, but it can be used to suppress warnings emitted by #[\NoDiscard] and possibly also diagnostics emitted by external IDEs or static analysis tools. RFC: https://wiki.php.net/rfc/marking_return_value_as_important . Added asymmetric visibility support for static properties. RFC: https://wiki.php.net/rfc/static-aviz . Added support for casts in constant expressions. . Added support for attributes on compile-time non-class constants. RFC: https://wiki.php.net/rfc/attributes-on-constants . The #[\Deprecated] attribute can now be used on constants. RFC: https://wiki.php.net/rfc/attributes-on-constants - Curl: . Added support for share handles that are persisted across multiple PHP requests, safely allowing for more effective connection reuse. RFC: https://wiki.php.net/rfc/curl_share_persistence_improvement . Added support for CURLINFO_USED_PROXY (libcurl >= 8.7.0), CURLINFO_HTTPAUTH_USED, and CURLINFO_PROXYAUTH_USED (libcurl >= 8.12.0) to the curl_getinfo() function. When curl_getinfo() returns an array, the same information is available as "used_proxy", "httpauth_used", and "proxyauth_used" keys. CURLINFO_USED_PROXY gets zero set if no proxy was used in the previous transfer or a non-zero value if a proxy was used. CURLINFO_HTTPAUTH_USED and CURLINFO_PROXYAUTH_USED get bitmasks indicating the http and proxy authentication methods that were used in the previous request. See CURLAUTH_* constants for possible values. . Added CURLOPT_INFILESIZE_LARGE Curl option, which is a safe replacement for CURLOPT_INFILESIZE. On certain systems, CURLOPT_INFILESIZE only accepts a 32-bit signed integer as the file size (2.0 GiB) even on 64-bit systems. CURLOPT_INFILESIZE_LARGE accepts the largest integer value the system can handle. . Added CURLFOLLOW_OBEYCODE, CURLFOLLOW_FIRSTONLY and CURLFOLLOW_ALL values for CURLOPT_FOLLOWLOCATION curl_easy_setopt option. CURLFOLLOW_OBEYCODE to follow more strictly in regard of redirect if they are allowed. CURLFOLLOW_FIRSTONLY to follow only the first redirect thus if there any follow up redirect, it won't go any further. CURLFOLLOW_ALL is equivalent to set CURLOPT_FOLLOWLOCATION to true. - DOM: . Added Dom\Element::$outerHTML. - EXIF: . Add OffsetTime* Exif tags. - Intl: . Added class constants NumberFormatter::CURRENCY_ISO, NumberFormatter::CURRENCY_PLURAL, NumberFormatter::CASH_CURRENCY, and NumberFormatter::CURRENCY_STANDARD for various currency-related number formats. - XSL: . The $namespace argument of XSLTProcessor::getParameter(), XSLTProcessor::setParameter() and XSLTProcessor::removeParameter() now actually works instead of being treated as empty. This only works if the $name argument does not use Clark notation and is not a QName because in those cases the namespace is taken from the namespace href or prefix respectively. - Zlib: . flock() is now supported on zlib streams. Previously, this always failed to perform any locking action. ======================================== 3. Changes in SAPI modules ======================================== - CLI: . Trying to set a process title that is too long with cli_set_process_title() will now fail instead of silently truncating the given title. . Added a new --ini=diff option to print INI settings changed from the builtin default. - FPM: . FPM with httpd ProxyPass decodes the full script path. Added fastcgi.script_path_encoded INI setting to prevent this new behavior. ======================================== 4. Deprecated Functionality ======================================== - Hash: . The MHASH_* constants have been deprecated. These have been overlooked when the mhash*() function family has been deprecated per https://wiki.php.net/rfc/deprecations_php_8_1#mhash_function_family ======================================== 5. Changed Functions ======================================== - Intl: . IntlDateFormatter::setTimeZone()/datefmt_set_timezone() throws an IntlException on uninitialised classes/clone failures. . grapheme_extract() properly assigns $next value when skipping over invalid starting bytes. Previously there were cases where it would point to the start of the grapheme boundary instead of the end. . Locale:: methods throw a ValueError when locale inputs contain null bytes. - libxml: . libxml_set_external_entity_loader() now has a formal return type of true. - PCNTL: . pcntl_exec() now has a formal return type of false. - PDO_PGSQL: . PDO::pgsqlCopyFromArray also supports inputs as Iterable. . Pdo\Pgsql::setAttribute and Pdo\Pgsql::prepare supports PDO::ATTR_PREFETCH sets to 0 which set to lazy fetch mode. In this mode, statements cannot be run parallely. - PDO_SQLITE: . SQLite PDO::quote() will now throw an exception or emit a warning, depending on the error mode, if the string contains a null byte. - PGSQL: . pg_copy_from also supports inputs as Iterable. . pg_connect checks if the connection_string argument contains any null byte. . pg_close_stmt checks if the statement_name argument contains any null byte. - POSIX: . posix_ttyname sets last_error to EBADF when encountering an invalid file descriptor. . posix_isatty raises an E_WARNING message when encountering an invalid file descriptor. . posix_fpathconf checks invalid file descriptors and sets last_error to EBADF and raises an E_WARNING message. - Reflection: . The output of ReflectionClass::toString() for enums has changed to better indicate that the class is an enum, and that the enum cases are enum cases rather than normal class constants. - Session: . session_start is stricter in regard of the option argument. It throws a ValueError if the whole is not a hashmap or a TypeError if read_on_close value is not a valid type compatible with int. - SNMP: . snmpget, snmpset, snmp_get2, snmp_set2, snmp_get3, snmp_set3 and SNMP::__construct() throw a ValueError when the hostname is too large, contains any null byte or if the port is given when negative or greater than 65535, timeout and retries values are lower than -1 or too large. - Sockets: . socket_create_listen, socket_bind and socket_sendto throw a ValueError if the port is lower than 0 or greater than 65535, also if any of the hints array entry is indexes numerically. . socket_addrinfo_lookup throws a TypeError if any of the hints values cannot be cast to a int and can throw a ValueError if any of these values overflow. . socket_set_option with MCAST_LEAVE_GROUP/MCAST_LEAVE_SOURCE_GROUP options will throw an exception if the value isn't a valid object or array. . socket_create/socket_bind can create AF_PACKET family sockets. . socket_getsockname gets the interface index and its string representation with AF_PACKET socket. - Zlib: . The "use_include_path" argument for the gzfile, gzopen and readgzfile functions had been changed from int to boolean. . gzfile, gzopen and readgzfile functions now respect the default stream context. ======================================== 6. New Functions ======================================== - Core: . get_error_handler() allows retrieving the current user-defined error handler function. RFC: https://wiki.php.net/rfc/get-error-exception-handler . get_exception_handler() allows retrieving the current user-defined exception handler function. RFC: https://wiki.php.net/rfc/get-error-exception-handler - Curl: . curl_multi_get_handles() allows retrieving all CurlHandles current attached to a CurlMultiHandle. This includes both handles added using curl_multi_add_handle() and handles accepted by CURLMOPT_PUSHFUNCTION. . curl_share_init_persistent() allows creating a share handle that is persisted across multiple PHP requests. RFC: https://wiki.php.net/rfc/curl_share_persistence_improvement - DOM: . Added Dom\Element::insertAdjacentHTML(). - Enchant: . Added enchant_dict_remove_from_session() to remove a word added to the spellcheck session via enchant_dict_add_to_session(). . Added enchant_dict_remove() to put a word on the exclusion list and remove it from the session dictionary. - Intl: . Added locale_is_right_to_left/Locale::isRightToLeft, returns true if the locale is written right to left (after its enrichment with likely subtags). . Added grapheme_levenshtein() function. RFC: https://wiki.php.net/rfc/grapheme_levenshtein - Pdo\Sqlite: . Added support for Pdo\Sqlite::setAuthorizer(), which is the equivalent of SQLite3::setAuthorizer(). The only interface difference is that the pdo version returns void. - PGSQL: . pg_close_stmt offers an alternative way to close a prepared statement from the DEALLOCATE sql command in that we can reuse its name afterwards. . pg_service returns the ongoing service name of the connection. - Reflection: . ReflectionConstant::getFileName() was introduced. . ReflectionConstant::getExtension() and ReflectionConstant::getExtensionName() were introduced. . ReflectionConstant::getAttributes() was introduced. RFC: https://wiki.php.net/rfc/attributes-on-constants ======================================== 7. New Classes and Interfaces ======================================== - Curl: . CurlSharePersistentHandle representing a share handle that is persisted across multiple PHP requests. RFC: https://wiki.php.net/rfc/curl_share_persistence_improvement ======================================== 8. Removed Extensions and SAPIs ======================================== ======================================== 9. Other Changes to Extensions ======================================== - Curl: . curl_easy_setopt with CURLOPT_FOLLOWLOCATION option's value no longer is treated as boolean but integer to handle CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY. - Fileinfo: . Upgraded to file 5.46. . The return type of finfo_close() has been changed to true, rather than bool. - PCRE: . Upgraded to pcre2lib from 10.44 to 10.45. - Readline: . The return types of readline_add_history(), readline_clear_history(), and readline_callback_handler_install() have been changed to true, rather than bool. ======================================== 10. New Global Constants ======================================== - Core: . PHP_BUILD_DATE. - Curl: . CURLINFO_USED_PROXY. . CURLINFO_HTTPAUTH_USED. . CURLINFO_PROXYAUTH_USED. . CURLOPT_INFILESIZE_LARGE. . CURLFOLLOW_ALL. . CURLFOLLOW_OBEYCODE. . CURLFOLLOW_FIRSTONLY. - Intl: . DECIMAL_COMPACT_SHORT. . DECIMAL_COMPACT_LONG. - POSIX: . POSIX_SC_OPEN_MAX. - Sockets: . IPPROTO_ICMP/IPPROTO_ICMPV6. . TCP_FUNCTION_BLK (FreeBSD only). . TCP_FUNCTION_ALIAS (FreeBSD only). . TCP_REUSPORT_LB_NUMA (FreeBSD only). . TCP_REUSPORT_LB_NUMA_NODOM (FreeBSD only). . TCP_REUSPORT_LB_NUMA_CURDOM (FreeBSD only). . TCP_BBR_ALGORITHM (FreeBSD only). . AF_PACKET (Linux only). . IP_BINDANY (FreeBSD/NetBSD/OpenBSD only). . SO_BUSY_POLL (Linux only). ======================================== 11. Changes to INI File Handling ======================================== - Core: . Added fatal_error_backtraces to control whether fatal errors should include a backtrace. RFC: https://wiki.php.net/rfc/error_backtraces_v2 - Opcache: . Added opcache.file_cache_read_only to support a read-only opcache.file_cache directory, for use with read-only file systems (e.g. read-only Docker containers). Best used with opcache.validate_timestamps=0, opcache.enable_file_override=1, and opcache.file_cache_consistency_checks=0. Note: A cache generated with a different build of PHP, a different file path, or different settings (including which extensions are loaded), may be ignored. ======================================== 12. Windows Support ======================================== * The configuration variables PHP_VERSION, PHP_MINOR_VERSION, and PHP_RELEASE_VERSION are now always numbers. Previously, they have been strings for buildconf builds. * phpize builds now reflect the source tree in the build dir (like that already worked for in-tree builds); some extension builds (especially when using Makefile.frag.w32) may need adjustments. * --enable-sanitzer is now supported for MSVC builds. This enables ASan and debug assertions, and is supported as of MSVC 16.10 and Windows 10. * The --with-uncritical-warn-choke configuration option for clang builds is no longer supported. Select warnings to suppress via CFLAGS instead. * COM: . The extension is now build shared by default; previously it defaulted to a static extension, although the official Windows binaries built a shared extension. * FFI: . It is no longer necessary to specify the library when using FFI::cdef() and FFI::load(). However, this convenience feature should not be used in production. * Streams: . If only pipe streams are contained in the $read array, and the $write and $except arrays are empty, stream_select() now behaves similar to POSIX systems, i.e. the function only returns if at least one pipe is ready to be read, or after the timeout expires. Previously, stream_select() returned immediately, reporting all streams as ready to read. ======================================== 13. Other Changes ======================================== - Core: . The high resolution timer (`hrtime()`) on macOS now uses the recommended `clock_gettime_nsec_np(CLOCK_UPTIME_RAW)` API instead of `mach_absolute_time()`. - CLI/CGI: . The `-z` or `--zend-extension` option has been removed as it was non-functional. Use `-d zend_extension=` instead. ======================================== 14. Performance Improvements ======================================== - Core: . Remove OPcodes for identity comparisons against booleans, particularly for the match(true) pattern. - ReflectionProperty: . Improved performance of the following methods: getValue(), getRawValue(), isInitialized(), setValue(), setRawValue(). - SPL: . Improved performance of dimension accessors and methods of SplFixedArray. - Standard: . Improved performance of array functions with callbacks (array_find, array_filter, array_map, usort, ...). . Improved performance of urlencode() and rawurlencode(). - XMLReader: . Improved property access performance. - XMLWriter: . Improved performance and reduce memory consumption.