From 8db314629a12bac94ddb198cedc9568b3fa399d7 Mon Sep 17 00:00:00 2001 From: Daniel Scherzer Date: Mon, 27 Apr 2026 19:17:32 -0700 Subject: [PATCH 1/2] Update NEWS for URI cherry-pick to 8.5.6 --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index 42cbe1c875cd..c5edd0657347 100644 --- a/NEWS +++ b/NEWS @@ -85,6 +85,10 @@ PHP NEWS . Fixed bug GH-21468 (Segfault in file_get_contents w/ a https URL and a proxy set). (ndossche) +- URI: + . Fixed CVE-2026-42371 (uriparser before 1.0.1 has numeric truncation in + text range comparison). (CVE-2026-42371) (Joshua W. Windle) + 26 Mar 2026, PHP 8.5.5 - Core: From dcf653339c245e25ea319248d0fc071a9405d688 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= Date: Tue, 28 Apr 2026 09:26:25 +0200 Subject: [PATCH 2/2] NEWS/UPGRADING for #21490 --- NEWS | 1 + UPGRADING | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/NEWS b/NEWS index 5be5ffd18ac4..45f40a076078 100644 --- a/NEWS +++ b/NEWS @@ -83,6 +83,7 @@ PHP NEWS recursive array references). (alexandre-daubois) . Fixed bug GH-21223; mb_guess_encoding no longer crashes when passed huge list of candidate encodings (with 200,000+ entries). (Jordi Kroon) + . mbregex has been deprecated. (youkidearitai) - Mysqli: . Added mysqli_quote_string() and mysqli::quote_string(). (Kamil Tekiela) diff --git a/UPGRADING b/UPGRADING index 6c6115ebcc84..df81eb889699 100644 --- a/UPGRADING +++ b/UPGRADING @@ -154,6 +154,11 @@ PHP 8.6 UPGRADE NOTES 4. Deprecated Functionality ======================================== +- Mbstring: + . Mbregex has been deprecated, because the underlying Oniguruma library + is no longer maintained. + RFC: https://wiki.php.net/rfc/eol-oniguruma + ======================================== 5. Changed Functions ========================================