Close

01.12.2017

What’s new in PHP 7.2: better security, code handling

The first feature update to PHP 7 since December 2015 has arrived

PHP 7.2, the latest version of the popular server-side web development language, has numerous features and fixes.

The November 30, 2017, release is the second feature update to the PHP 7 series. PHP 7.0 debuted in December 2015 to much fanfare, with the upgrade offering double the performance of previous PHP iterations.

New security features in PHP 7.2

The PHP 7.2 release offers multiple security improvements:

  • The Argon2 algorithm for securely hashing passwords addresses downsides of current algorithms in that it was designed for the highest memory filling rate.
  • The Libsodium cryptography library, for authenticated encryption, is now a core extension. The library also offers high-speed elliptic cryptography.
  • SSL/TLS (Secure Sockets Layer/Transport Layer Security) constants have been improved.
  • The Mcrypt cryptography library extension has been removed. PHP’s developers have said Mcrypt has inhibited the growth of the PHP language and serves as “abandonware.”

Improved programming features in PHP 7.2

PHP 7.2 has several new and enhanced programming capabilities:

  • Conversion of numeric keys in object/array casts addresses an issue with the Zend Engine, which powers PHP 7. The engine has had cases where array hash tables can contain numeric strings while object hash tables can have integer keys. In such cases, PHP code can’t find the keys. With the fix in PHP 7.2, keys of arrays or object hash tables are converted as appropriate, so numeric string property names in objects become integer array keys and vice versa, solving the issue of inaccessible properties.
  • Object typehints fix a situation in which a developer can’t declare a function that needs to be passed an object as a parameter or declare that a function should return an object. The fix uses object as a parameter type and as a return type.
  • HashContext as Object migrates the hash extension to use an object extension for hash contexts instead of using resources.
  • A new warning has been added when calling the count () function with a parameter that is a scalar, a parameter that is null, or an object that does not implement the Countable interface.

Where to download PHP 7.2

You can download PHP 7.2 from the php.net website.