diff --git a/EXTENSIONS b/EXTENSIONS
index f040afcced6e..4f018bfeb2de 100644
--- a/EXTENSIONS
+++ b/EXTENSIONS
@@ -170,29 +170,29 @@ EXTENSION:           dom
 PRIMARY MAINTAINER:  Christian Stocker <chregu@php.net> (2003 - 2011)
                      Rob Richards <rrichards@php.net> (2003 - 2012)
                      Marcus Börger <helly@php.net> (2003 - 2006)
-                     Niels Dossche <nielsdos@php.net> (2023 - 2025)
-MAINTENANCE:         Maintained
+                     Nora Dossche <nielsdos@php.net> (2023 - 2026)
+MAINTENANCE:         Odd fixes
 STATUS:              Working
 SINCE:               5.0
 -------------------------------------------------------------------------------
 EXTENSION:           simplexml
 PRIMARY MAINTAINER:  Marcus Börger <helly@php.net> (2003 - 2008)
-                     Niels Dossche <nielsdos@php.net> (2023 - 2025)
-MAINTENANCE:         Maintained
+                     Nora Dossche <nielsdos@php.net> (2023 - 2026)
+MAINTENANCE:         Odd fixes
 STATUS:              Working
 SINCE:               5.0
 -------------------------------------------------------------------------------
 EXTENSION:           soap
 PRIMARY MAINTAINER:  Dmitry Stogov <dmitry@php.net> (2004 - 2018)
-                     Niels Dossche <nielsdos@php.net> (2024 - 2025)
+                     Nora Dossche <nielsdos@php.net> (2024 - 2026)
 MAINTENANCE:         Odd fixes
 STATUS:              Working
 -------------------------------------------------------------------------------
 EXTENSION:           xml
 PRIMARY MAINTAINER:  Thies C. Arntzen <thies@thieso.net> (1999 - 2002)
                      Rob Richards <rrichards@php.net> (2003 - 2013)
-                     Niels Dossche <nielsdos@php.net> (2023 - 2025)
-MAINTENANCE:         Maintained
+                     Nora Dossche <nielsdos@php.net> (2023 - 2026)
+MAINTENANCE:         Odd fixes
 STATUS:              Working
 -------------------------------------------------------------------------------
 EXTENSION:           lexbor
@@ -205,29 +205,29 @@ SINCE:               8.5
 EXTENSION:           libxml
 PRIMARY MAINTAINER:  Rob Richards <rrichards@php.net> (2003 - 2009)
                      Christian Stocker <chregu@php.net> (2004 - 2011)
-                     Niels Dossche <nielsdos@php.net> (2023 - 2025)
-MAINTENANCE:         Maintained
+                     Nora Dossche <nielsdos@php.net> (2023 - 2026)
+MAINTENANCE:         Odd fixes
 STATUS:              Working
 -------------------------------------------------------------------------------
 EXTENSION:           xmlreader
 PRIMARY MAINTAINER:  Rob Richards <rrichards@php.net> (2004 - 2010)
                      Christian Stocker <chregu@php.net> (2004 - 2004)
-                     Niels Dossche <nielsdos@php.net> (2023 - 2025)
-MAINTENANCE:         Maintained
+                     Nora Dossche <nielsdos@php.net> (2023 - 2026)
+MAINTENANCE:         Odd fixes
 STATUS:              Working
 -------------------------------------------------------------------------------
 EXTENSION:           xmlwriter
 PRIMARY MAINTAINER:  Rob Richards <rrichards@php.net> (2004 - 2010)
                      Pierre-Alain Joye <pajoye@php.net> (2005-2009)
-                     Niels Dossche <nielsdos@php.net> (2023 - 2025)
-MAINTENANCE:         Maintained
+                     Nora Dossche <nielsdos@php.net> (2023 - 2026)
+MAINTENANCE:         Odd fixes
 STATUS:              Working
 -------------------------------------------------------------------------------
 EXTENSION:           xsl
 PRIMARY MAINTAINER:  Christian Stocker <chregu@php.net> (2003 - 2011)
                      Rob Richards <rrichards@php.net> (2003 - 2010)
-                     Niels Dossche <nielsdos@php.net> (2023 - 2025)
-MAINTENANCE:         Maintained
+                     Nora Dossche <nielsdos@php.net> (2023 - 2026)
+MAINTENANCE:         Odd fixes
 STATUS:              Working
 SINCE:               5.0
 -------------------------------------------------------------------------------
@@ -495,8 +495,8 @@ EXTENSION:           tidy
 PRIMARY MAINTAINER:  John Coggeshall <john@php.net> (2003 - 2006)
                      Ilia Alshanetsky <iliaa@php.net> (2003 - 2009)
                      Nuno Lopes <nlopess@php.net> (2006 - 2012)
-                     Niels Dossche <nielsdos@php.net> (2025 - 2025)
-MAINTENANCE:         Maintained
+                     Nora Dossche <nielsdos@php.net> (2025 - 2026)
+MAINTENANCE:         Odd fixes
 STATUS:              Working
 -------------------------------------------------------------------------------
 EXTENSION:           tokenizer
diff --git a/NEWS b/NEWS
index e6688bb6791b..fb7e5cf760b1 100644
--- a/NEWS
+++ b/NEWS
@@ -56,6 +56,8 @@ PHP                                                                        NEWS
   . Added GB18030-2022 to default encoding list for zh-CN. (HeRaNO)
   . Fixed bug GH-20836 (Stack overflow in mb_convert_variables with
     recursive array references). (alexandre-daubois)
+  . Fixed bug GH-21223; mb_guess_encoding no longer crashes when passed huge
+    list of candidate encodings (with 200,000+ entries). (Jordi Kroon)
 
 - Opcache:
   . Fixed bug GH-20051 (apache2 shutdowns when restart is requested during
@@ -80,8 +82,6 @@ PHP                                                                        NEWS
 
 - Posix:
   . Added validity check to the flags argument for posix_access(). (arshidkv12)
-  . Added validity check to the permissions argument for posix_mkfifo().
-    (arshidkv12)
 
 - Reflection:
   . Fixed bug GH-20217 (ReflectionClass::isIterable() incorrectly returns true
diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
index baacbed32a86..95b624ef1d2d 100644
--- a/ext/mbstring/mbstring.c
+++ b/ext/mbstring/mbstring.c
@@ -3414,8 +3414,9 @@ MBSTRING_API const mbfl_encoding* mb_guess_encoding_for_strings(const unsigned c
 		return *elist;
 	}
 
-	/* Allocate on stack; when we return, this array is automatically freed */
-	struct candidate *array = alloca(elist_size * sizeof(struct candidate));
+	/* Allocate on stack or heap */
+	ALLOCA_FLAG(use_heap)
+	struct candidate *array = do_alloca(elist_size * sizeof(struct candidate), use_heap);
 	elist_size = init_candidate_array(array, elist_size, elist, strings, str_lengths, n, strict, order_significant);
 
 	while (n--) {
@@ -3423,6 +3424,7 @@ MBSTRING_API const mbfl_encoding* mb_guess_encoding_for_strings(const unsigned c
 		elist_size = count_demerits(array, elist_size, strict);
 		if (elist_size == 0) {
 			/* All candidates were eliminated */
+			free_alloca(array, use_heap);
 			return NULL;
 		}
 	}
@@ -3434,7 +3436,10 @@ MBSTRING_API const mbfl_encoding* mb_guess_encoding_for_strings(const unsigned c
 			best = i;
 		}
 	}
-	return array[best].enc;
+
+	const mbfl_encoding *result = array[best].enc;
+	free_alloca(array, use_heap);
+	return result;
 }
 
 /* When doing 'strict' detection, any string which is invalid in the candidate encoding
diff --git a/ext/mbstring/tests/gh21223.phpt b/ext/mbstring/tests/gh21223.phpt
new file mode 100644
index 000000000000..7138868af169
--- /dev/null
+++ b/ext/mbstring/tests/gh21223.phpt
@@ -0,0 +1,19 @@
+--TEST--
+GH-21223 (Stack overflow in mb_guess_encoding called via mb_detect_encoding)
+--EXTENSIONS--
+mbstring
+--FILE--
+<?php
+$str = "hello";
+
+$list = [];
+for ($i = 0; $i < 500000; $i++) {
+    $list[] = "UTF-8";
+}
+
+var_dump(mb_detect_encoding($str, $list, false));
+echo "Done";
+?>
+--EXPECT--
+string(5) "UTF-8"
+Done
diff --git a/ext/posix/posix.c b/ext/posix/posix.c
index a81372349fd4..76e14f6ecb0c 100644
--- a/ext/posix/posix.c
+++ b/ext/posix/posix.c
@@ -621,11 +621,6 @@ PHP_FUNCTION(posix_mkfifo)
 		RETURN_FALSE;
 	}
 
-	if (mode < 0 || (mode & ~07777)) {
-		zend_argument_value_error(2, "must be between 0 and 0o7777");
-		RETURN_THROWS();
-	}
-
 	result = mkfifo(ZSTR_VAL(path), mode);
 	if (result < 0) {
 		POSIX_G(last_error) = errno;
diff --git a/ext/posix/tests/posix_mkfifo_invalid_mode.phpt b/ext/posix/tests/posix_mkfifo_invalid_mode.phpt
deleted file mode 100644
index 5c9f251adfca..000000000000
--- a/ext/posix/tests/posix_mkfifo_invalid_mode.phpt
+++ /dev/null
@@ -1,36 +0,0 @@
---TEST--
-posix_mkfifo(): invalid mode argument
---SKIPIF--
-<?php
-if (!function_exists("posix_mkfifo")) {
-    die("skip no posix_mkfifo()");
-}
-?>
---FILE--
-<?php
-
-// Negative mode
-try {
-    posix_mkfifo(__DIR__ . "/testfifo1", -1);
-} catch (ValueError $e) {
-    echo $e->getMessage(), "\n";
-}
-
-// Too large mode
-try {
-    posix_mkfifo(__DIR__ . "/testfifo2", 010000); // > 07777
-} catch (ValueError $e) {
-    echo $e->getMessage(), "\n";
-}
-
-// Garbage bits
-try {
-    posix_mkfifo(__DIR__ . "/testfifo3", 020000); // S_IFCHR bit
-} catch (ValueError $e) {
-    echo $e->getMessage(), "\n";
-}
-?>
---EXPECTF--
-posix_mkfifo(): Argument #2 ($permissions) must be between 0 and 0o7777
-posix_mkfifo(): Argument #2 ($permissions) must be between 0 and 0o7777
-posix_mkfifo(): Argument #2 ($permissions) must be between 0 and 0o7777