Max Pronko

PHP 8.5.4 Released: Stability Improvements and Important Fixes

PHP 8.5.4 Released: Stability Improvements and Important Fixes

On March 12, 2026, the PHP team released PHP 8.5.4, a maintenance update for the PHP 8.5 branch.

This release does not introduce new language features. Instead, it focuses on stability improvements, bug fixes, and internal engine reliability. While these releases often receive less attention than major versions, they are extremely important for production environments.

If you’re running PHP 8.5 in production, upgrading to 8.5.4 is recommended.

Let’s take a closer look at what changed.

What’s Included in PHP 8.5

Before diving into the fixes, it’s worth recalling that PHP 8.5 itself is a significant language update. Some of the most notable features include:

• A new URI extension for working with URLs according to RFC 3986 and WHATWG standards
• The new pipe operator (|>) for chaining function calls
Clone with syntax for updating properties during object cloning
• The #[\NoDiscard] attribute for safer APIs
Closures in constant expressions
Persistent cURL share handles
• New helper functions like array_first() and array_last()

These improvements make PHP code cleaner, safer, and easier to reason about, especially in modern applications.

Now let’s look at the changes in 8.5.4.

Core Engine Fixes

Several important issues in the Zend engine were addressed.

One particularly notable fix resolves a heap corruption issue on Aarch64 builds when using LTO. These kinds of low-level bugs are rare but critical, especially for teams deploying PHP on ARM-based infrastructure.

Another fix resolves a segmentation fault triggered when preloading constant AST closures. Preloading is widely used in high-performance environments (including large Magento installations), so stability improvements here are important.

Additional fixes address crashes involving:

• constant expressions with (unset) casts
• JIT behavior when accessing null array keys
• lazy object reflection interactions
• property guards on Reflection LazyProxy objects

These are edge cases, but they affect advanced runtime behavior and tooling.

Improvements in Extensions

Several PHP extensions received fixes in this release.

cURL

A bug was fixed where length values could be truncated, potentially affecting certain requests. While this does not affect most applications directly, it’s important for systems that rely heavily on cURL integrations.

Date

The DatePeriod::__set_state() method could not correctly handle a null start value. This behavior has now been corrected.

Another fix improves timezone offset precision, ensuring that offsets with seconds do not lose accuracy.

DOM

Two issues were fixed where accessing certain Dom\Node properties could incorrectly trigger TypeError exceptions.

These fixes improve the reliability of the DOM extension when working with structured document parsing.

LDAP

The ldap_modify() function previously enforced overly strict validation on control arguments, making it impossible to unset attributes in certain cases. The validation logic has now been corrected.

MBString

One particularly interesting bug involved mb_guess_encoding() crashing when provided with extremely large lists of candidate encodings (200,000+ entries).

While most applications will never hit this limit, the fix improves the robustness of the extension.

Opcache

A fix addresses an “Insufficient shared memory” error when using JIT on Solaris.

There was also a correction related to constant propagation optimization (SCCP) involving arrays containing partially initialized objects.

OpenSSL

Several memory leaks and error propagation issues were resolved. These types of fixes are essential for long-running PHP processes.

Windows

Compilation with clang on Windows was fixed by adding the missing intrin.h include.

Build System Improvements

Two build-related issues were addressed:

• Build failures when compiling with -std= flags
• Incorrect installation of libtool wrappers when using slibtool

These improvements mainly affect developers compiling PHP from source.

Why These Releases Matter

Maintenance releases like PHP 8.5.4 rarely include flashy features, but they play an important role in the stability of the PHP ecosystem.

For production systems, these updates often fix:

• rare crashes
• edge-case runtime bugs
• memory leaks
• platform-specific issues

In large systems — especially high-traffic e-commerce platforms — even small engine fixes can improve overall platform stability.

Should You Upgrade?

If you are already running PHP 8.5, upgrading to 8.5.4 is recommended.

The update includes:

• engine stability fixes
• extension improvements
• better runtime reliability

As always, test the upgrade in staging environments before deploying to production.

Final Thoughts

PHP continues to evolve in a very pragmatic direction: modern language features combined with a strong focus on runtime stability.

With features like the pipe operator, the URI extension, and improvements to cloning and attributes, PHP 8.5 pushes the language further toward a clean, expressive, and developer-friendly future.

At the same time, maintenance releases like 8.5.4 ensure that these features remain stable and reliable in real-world applications.

And that reliability is exactly what production systems depend on.

Posted

in

,

by

Max Pronko

Tags: