PHP 7.2.0 Released

Version 7.2.0 of the PHP language is out. It includes a number of new features, including "counting of non-countable objects" (which turns out to be issuing a warning when such a count is attempted) and the integration of the libsodium crypto library.

From:		Remi Collet <remi-AT-php.net>
To:		PHP Internals <internals-AT-lists.php.net>
Subject:		[PHP-DEV] PHP 7.2.0 Released
Date:		Thu, 30 Nov 2017 11:59:42 +0100
Message-ID:		<a64088a5-e93b-3450-fe8c-8ba6ac9d851a@php.net>

The PHP development team announces the immediate availability of PHP
7.2.0. This release marks the second feature update to the PHP 7 series.

PHP 7.2.0 comes with numerous improvements and new features such as

- Convert numeric keys in object/array casts
- Counting of non-countable objects
- Object typehint
- HashContext as Object
- Argon2 in password hash
- Improve TLS constants to sane values
- Mcrypt extension removed
- New sodium extension

For source downloads of PHP 7.2.0 please visit our downloads page
Windows binaries can be found on the PHP for Windows site. The list of
changes is recorded in the ChangeLog.

The migration guide is available in the PHP Manual. Please consult it
for the detailed list of new features and backward incompatible changes.


Release Announcement: http://php.net/releases/7_2_0.php
Downloads:            http://www.php.net/downloads
Windows downloads:    http://windows.php.net/download
Changelog:            http://www.php.net/ChangeLog-7.php#7.2.0
Migration guide:      http://php.net/manual/en/migration72.php


Many thanks to all the contributors and supporters!

Sara Golemon, Remi Collet

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

PHP 7.2.0 Released

Posted Dec 1, 2017 1:05 UTC (Fri) by flussence (guest, #85566) [Link] (2 responses)

A sane crypto library, long long overdue.

When I was young and clueless, some time around PHP 5.0 or .1, I tried using mcrypt. In true PHP fashion the online manual contained 100% accurate and complete autogenerated phpdoc API documentation, and then didn't spare a single word explaining the “why” of any of it — it definitely didn't have the required Do Not Roll Your Own Crypto warning back then. I struggled to understand all this jargon about IVs and why my data came back with a bunch of nulls appended, eventually gave up, and left that password field in the DB as plaintext…

Okay, it was just a toy webapp with no users, so no harm done, but how many people over the years have built something like that and gone on to amass a dangerous amount of badly secured data?

PHP 7.2.0 Released

Posted Dec 1, 2017 8:58 UTC (Fri) by oldtomas (guest, #72579) [Link] (1 responses)

Heh. I'd extend that to most of those auto-generated docs from (often copy and pasted) source comments (Doxygen, I'm looking at you!).

I've come to call that anti-pattern "illiterate programming".

(And no, it's not the tool, but the culture that tends to grow around it).

PHP 7.2.0 Released

Posted Dec 4, 2017 8:38 UTC (Mon) by Sesse (subscriber, #53779) [Link]

The biggest problem is that all the boilerplate _looks_ useful on the surface (I mean, it took a lot of effort to write all those “@param width The width.”, so surely it has to be good for something?), precluding actual useful documentation.

PHP 7.2.0 Released

Posted Dec 4, 2017 11:22 UTC (Mon) by biergaizi (guest, #92498) [Link]

libsodium integration? Argon2 in password hash? Hooray!