Skip to content

Tags: php/pie

Tags

1.4.5

Toggle 1.4.5's commit message

Verified

This tag was signed with the committer’s verified signature.
asgrim James Titcumb
GPG key ID: 4172BCFABD873AE3
Verified
Learn about vigilant mode 
This release contains vulnerability fixes for the following security …

…advisories:

 - [GHSA-h842-vjwg-pxxx](GHSA-h842-vjwg-pxxx) - Sudo-elevated arbitrary file deletion via `extra.pie-installed-binary` metadata in `UninstallUsingUnlink`
 - [GHSA-pm6p-666q-hvj5](GHSA-pm6p-666q-hvj5) - Sudo-elevated root code execution via TOCTOU between `self-update` verify and write
 - [GHSA-f67f-c344-cqqr](GHSA-f67f-c344-cqqr) - PIE self-update accepts any historically-attested `pie.phar` (rollback gap)
 - [GHSA-vcv4-gmjc-mxvq](GHSA-vcv4-gmjc-mxvq) - php-ext.build-path traversal escapes PIE's vendor extract directory
 - [GHSA-8xmh-xrvp-hwrf](GHSA-8xmh-xrvp-hwrf) - WindowsInstall::copyExtraFile lacks destination containment check (Windows-only path traversal)
 - [GHSA-p4j8-36rr-gjfq](GHSA-p4j8-36rr-gjfq) - Self-update attestation verification is scoped to `--owner=php`, not `--repo=php/pie`

1.3.13

Toggle 1.3.13's commit message

Verified

This tag was signed with the committer’s verified signature.
asgrim James Titcumb
GPG key ID: 4172BCFABD873AE3
Verified
Learn about vigilant mode 
This release contains vulnerability fixes for the following security …

…advisories:

 - [GHSA-h842-vjwg-pxxx](GHSA-h842-vjwg-pxxx) - Sudo-elevated arbitrary file deletion via `extra.pie-installed-binary` metadata in `UninstallUsingUnlink`
 - [GHSA-pm6p-666q-hvj5](GHSA-pm6p-666q-hvj5) - Sudo-elevated root code execution via TOCTOU between `self-update` verify and write
 - [GHSA-f67f-c344-cqqr](GHSA-f67f-c344-cqqr) - PIE self-update accepts any historically-attested `pie.phar` (rollback gap)
 - [GHSA-vcv4-gmjc-mxvq](GHSA-vcv4-gmjc-mxvq) - php-ext.build-path traversal escapes PIE's vendor extract directory
 - [GHSA-8xmh-xrvp-hwrf](GHSA-8xmh-xrvp-hwrf) - WindowsInstall::copyExtraFile lacks destination containment check (Windows-only path traversal)
 - [GHSA-p4j8-36rr-gjfq](GHSA-p4j8-36rr-gjfq) - Self-update attestation verification is scoped to `--owner=php`, not `--repo=php/pie`

1.4.4

Toggle 1.4.4's commit message

Verified

This tag was signed with the committer’s verified signature.
asgrim James Titcumb
GPG key ID: 4172BCFABD873AE3
Verified
Learn about vigilant mode 
1.4.4

=====

- Total issues resolved: **0**
- Total pull requests resolved: **1**
- Total contributors: **1**

dependencies
------------

 - [612: [1.4.x] Update Composer to 2.9.8](#612) thanks to @asgrim

1.3.12

Toggle 1.3.12's commit message

Verified

This tag was signed with the committer’s verified signature.
asgrim James Titcumb
GPG key ID: 4172BCFABD873AE3
Verified
Learn about vigilant mode 
1.3.12

======

- Total issues resolved: **0**
- Total pull requests resolved: **1**
- Total contributors: **1**

dependencies
------------

 - [611: Update Composer to 2.9.8](#611) thanks to @asgrim

1.4.3

Toggle 1.4.3's commit message

Verified

This tag was signed with the committer’s verified signature.
asgrim James Titcumb
GPG key ID: 4172BCFABD873AE3
Verified
Learn about vigilant mode 
1.4.3

=====

- Total issues resolved: **2**
- Total pull requests resolved: **3**
- Total contributors: **2**

bug
---

 - [608: 597: add output check for dnf permission denied](#608) thanks to @asgrim and @hackel
 - [607: 597: don't auto install re2c and bison](#607) thanks to @asgrim and @hackel
 - [606: 596: fix two packages found for same ext in pie show etc](#606) thanks to @asgrim and @hackel

1.4.2

Toggle 1.4.2's commit message

Verified

This tag was signed with the committer’s verified signature.
asgrim James Titcumb
GPG key ID: 4172BCFABD873AE3
Verified
Learn about vigilant mode 
1.4.2

=====

- Total issues resolved: **0**
- Total pull requests resolved: **1**
- Total contributors: **1**

bug
---

 - [593: 590: prevent pre-packaged-binary from being used when configure options are passed](#593) thanks to @asgrim

1.4.1

Toggle 1.4.1's commit message

Verified

This tag was signed with the committer’s verified signature.
asgrim James Titcumb
GPG key ID: 4172BCFABD873AE3
Verified
Learn about vigilant mode 
1.4.1

=====

- Total issues resolved: **0**
- Total pull requests resolved: **1**
- Total contributors: **1**

dependencies,php
----------------

 - [582: [1.4.x] Update Composer to 2.9.7](#582) thanks to @asgrim

1.3.11

Toggle 1.3.11's commit message

Verified

This tag was signed with the committer’s verified signature.
asgrim James Titcumb
GPG key ID: 4172BCFABD873AE3
Verified
Learn about vigilant mode 
1.3.11

======

- Total issues resolved: **0**
- Total pull requests resolved: **1**
- Total contributors: **1**

dependencies,php
----------------

 - [581: [1.3.x] Update Composer to 2.9.7](#581) thanks to @asgrim

1.4.0

Toggle 1.4.0's commit message

Verified

This tag was signed with the committer’s verified signature.
asgrim James Titcumb
GPG key ID: 4172BCFABD873AE3
Verified
Learn about vigilant mode 
1.4.0

=====

- Total issues resolved: **14**
- Total pull requests resolved: **58**
- Total contributors: **14**

documentation
-------------

 - [577: Review and update docs ready for 1.4.0 release](#577) thanks to @asgrim
 - [574: Removed `gh attestation` suggestion for EPEL repo](#574) thanks to @asgrim
 - [559: Add LZF as supported](#559) thanks to @remicollet
 - [558: add installation instructions for RPM packages](#558) thanks to @remicollet
 - [540: 539: Add bsn4/grpc as PIE-supported alternative for ext-grpc](#540) thanks to @BSN4
 - [518: Add new PHP extensions to supported list](#518) thanks to @macintoshplus
 - [516: Contributing templates](#516) thanks to @asgrim and @GhostPirateBob
 - [508: Fix broken anchor link for php-windows-builder examples](#508) thanks to @asgrim
 - [507: Removed xdebug from pre-packaged-binary example docs to avoid confusion](#507) thanks to @asgrim
 - [503: Docs fix](#503) thanks to @SecondeJK
 - [450: Add docs translations for Chinese and Japanese](#450) thanks to @VinchanGit
 - [449: Reorganise and enhance the README for first time visitors feedback](#449) thanks to @asgrim
 - [427: Add `relay` extension to supported extensions list](#427) thanks to @tillkruss

dependencies,github_actions
---------------------------

 - [573: Bump docker/setup-buildx-action from 3 to 4](#573) thanks to @dependabot[bot] and @asgrim
 - [572: Bump docker/build-push-action from 6 to 7](#572) thanks to @dependabot[bot]
 - [570: Bump docker/setup-qemu-action from 3 to 4](#570) thanks to @dependabot[bot]
 - [569: Bump ramsey/composer-install from 3 to 4](#569) thanks to @dependabot[bot]
 - [568: Bump docker/login-action from 3 to 4](#568) thanks to @dependabot[bot]
 - [472: Bump actions/upload-artifact from 5 to 6](#472) thanks to @dependabot[bot]
 - [469: Bump actions/download-artifact from 5 to 7](#469) thanks to @dependabot[bot]
 - [428: Bump actions/checkout from 4 to 6](#428) thanks to @dependabot[bot]

dependencies,php
----------------

 - [571: Bump phpstan/phpstan from 2.1.40 to 2.1.46](#571) thanks to @dependabot[bot]
 - [471: Bump phpstan/phpstan from 2.1.32 to 2.1.33](#471) thanks to @dependabot[bot]
 - [470: Bump behat/behat from 3.27.0 to 3.29.0](#470) thanks to @dependabot[bot]
 - [468: Bump composer/composer from 2.9.2 to 2.9.3](#468) thanks to @dependabot[bot]

bug
---

 - [562: 557: use suffix directive for Docker tags](#562) thanks to @asgrim
 - [552: 538: fix phpize build tool finder api verison check test](#552) thanks to @asgrim and @mbeccati
 - [550: Merge up 1.4.x - fixes for architecture parsing and PHP 8.5 warnings](#550) thanks to @asgrim
 - [536: Fix `-dev` php versions issues](#536) thanks to @asgrim
 - [534: Ensure the build tool finder checks PHP API version in phpize](#534) thanks to @asgrim
 - [527: Re-enable Windows pie executable build](#527) thanks to @asgrim and @GhostPirateBob
 - [524: Merge up 1.4.x - fix for `pie install` non-interactivity](#524) thanks to @asgrim
 - [510: Fix checking for phpize when --with-phpize-path option given](#510) thanks to @asgrim
 - [499: 1.4.x - Update with draft release bug fix and example-pie-extension 2.0.8 update](#499) thanks to @asgrim
 - [496: 492: fix finding libtoolize on OSX](#496) thanks to @asgrim
 - [486: Merge up bug fixes for PHP version parsing and OS family to 1.3.6](#486) thanks to @asgrim
 - [477: Merge up 1.3.x to 1.4.x for PHP Binary whitespace fix](#477) thanks to @asgrim
 - [474: Merge up 1.3.x to 1.4.x to fix aarch64 parsing](#474) thanks to @asgrim
 - [464: Merge up 1.3.x into 1.4.x - fix intermittent package not being found](#464) thanks to @asgrim
 - [458: 455: fix trunk actions not running for nightly builds](#458) thanks to @asgrim
 - [457: Merge up 1.3.x to 1.4.x - fix windows relative extension path bug](#457) thanks to @asgrim
 - [440: Fix self-verify to use latest attestation library](#440) thanks to @asgrim

dependencies
------------

 - [560: 551: update box version to require 4.7.x](#560) thanks to @asgrim
 - [501: Merge up 1.3.x to 1.4.x - Use example-pie-extension 2.0.9](#501) thanks to @asgrim

enhancement
-----------

 - [553: Add mutation testing with Infection](#553) thanks to @asgrim
 - [545: Allow distribution of musl + glibc binaries](#545) thanks to @cataphract and @asgrim
 - [533: Improve the exception_dir exception message with more details](#533) thanks to @asgrim
 - [526: 435: prompt to install missing system deps](#526) thanks to @asgrim
 - [509: Prefix INSTALL_ROOT env var for UnixInstall](#509) thanks to @asgrim and @Ninos
 - [493: 437: add build provider warning for Homebrew](#493) thanks to @asgrim
 - [490: Merge up 1.3 to 1.4 - forwards compat for download-url-method lists](#490) thanks to @asgrim
 - [489: 436: pre-packaged binary exts](#489) thanks to @asgrim
 - [452: Prompt to install build tools if they're missing](#452) thanks to @asgrim
 - [443: Experimentally provide executable version of PIE](#443) thanks to @asgrim

documentation,enhancement
-------------------------

 - [547: Add `--no-cache` to Docker instructions](#547) thanks to @TimWolla
 - [546: Improve Docker instructions in docs/usage.md](#546) thanks to @TimWolla

enhancement,maintainer investigating
------------------------------------

 - [529: Oneliner to install pie](#529) thanks to @pronskiy

dependencies,github_actions,php
-------------------------------

 - [528: Dependency updates](#528) thanks to @asgrim

 - [442: Merge up 1.3.x to 1.4.x](#442) thanks to @asgrim

1.4.0-rc.1

Toggle 1.4.0-rc.1's commit message

Verified

This tag was signed with the committer’s verified signature.
asgrim James Titcumb
GPG key ID: 4172BCFABD873AE3
Verified
Learn about vigilant mode 
1.4.0

=====

- Total issues resolved: **13**
- Total pull requests resolved: **57**
- Total contributors: **13**

documentation
-------------

 - [574: Removed `gh attestation` suggestion for EPEL repo](#574) thanks to @asgrim
 - [559: Add LZF as supported](#559) thanks to @remicollet
 - [558: add installation instructions for RPM packages](#558) thanks to @remicollet
 - [540: 539: Add bsn4/grpc as PIE-supported alternative for ext-grpc](#540) thanks to @BSN4
 - [518: Add new PHP extensions to supported list](#518) thanks to @macintoshplus
 - [516: Contributing templates](#516) thanks to @asgrim and @GhostPirateBob
 - [508: Fix broken anchor link for php-windows-builder examples](#508) thanks to @asgrim
 - [507: Removed xdebug from pre-packaged-binary example docs to avoid confusion](#507) thanks to @asgrim
 - [503: Docs fix](#503) thanks to @SecondeJK
 - [450: Add docs translations for Chinese and Japanese](#450) thanks to @VinchanGit
 - [449: Reorganise and enhance the README for first time visitors feedback](#449) thanks to @asgrim
 - [427: Add `relay` extension to supported extensions list](#427) thanks to @tillkruss

dependencies,github_actions
---------------------------

 - [573: Bump docker/setup-buildx-action from 3 to 4](#573) thanks to @dependabot[bot] and @asgrim
 - [572: Bump docker/build-push-action from 6 to 7](#572) thanks to @dependabot[bot]
 - [570: Bump docker/setup-qemu-action from 3 to 4](#570) thanks to @dependabot[bot]
 - [569: Bump ramsey/composer-install from 3 to 4](#569) thanks to @dependabot[bot]
 - [568: Bump docker/login-action from 3 to 4](#568) thanks to @dependabot[bot]
 - [472: Bump actions/upload-artifact from 5 to 6](#472) thanks to @dependabot[bot]
 - [469: Bump actions/download-artifact from 5 to 7](#469) thanks to @dependabot[bot]
 - [428: Bump actions/checkout from 4 to 6](#428) thanks to @dependabot[bot]

dependencies,php
----------------

 - [571: Bump phpstan/phpstan from 2.1.40 to 2.1.46](#571) thanks to @dependabot[bot]
 - [471: Bump phpstan/phpstan from 2.1.32 to 2.1.33](#471) thanks to @dependabot[bot]
 - [470: Bump behat/behat from 3.27.0 to 3.29.0](#470) thanks to @dependabot[bot]
 - [468: Bump composer/composer from 2.9.2 to 2.9.3](#468) thanks to @dependabot[bot]

bug
---

 - [562: 557: use suffix directive for Docker tags](#562) thanks to @asgrim
 - [552: 538: fix phpize build tool finder api verison check test](#552) thanks to @asgrim and @mbeccati
 - [550: Merge up 1.4.x - fixes for architecture parsing and PHP 8.5 warnings](#550) thanks to @asgrim
 - [536: Fix `-dev` php versions issues](#536) thanks to @asgrim
 - [534: Ensure the build tool finder checks PHP API version in phpize](#534) thanks to @asgrim
 - [527: Re-enable Windows pie executable build](#527) thanks to @asgrim and @GhostPirateBob
 - [524: Merge up 1.4.x - fix for `pie install` non-interactivity](#524) thanks to @asgrim
 - [510: Fix checking for phpize when --with-phpize-path option given](#510) thanks to @asgrim
 - [499: 1.4.x - Update with draft release bug fix and example-pie-extension 2.0.8 update](#499) thanks to @asgrim
 - [496: 492: fix finding libtoolize on OSX](#496) thanks to @asgrim
 - [486: Merge up bug fixes for PHP version parsing and OS family to 1.3.6](#486) thanks to @asgrim
 - [477: Merge up 1.3.x to 1.4.x for PHP Binary whitespace fix](#477) thanks to @asgrim
 - [474: Merge up 1.3.x to 1.4.x to fix aarch64 parsing](#474) thanks to @asgrim
 - [464: Merge up 1.3.x into 1.4.x - fix intermittent package not being found](#464) thanks to @asgrim
 - [458: 455: fix trunk actions not running for nightly builds](#458) thanks to @asgrim
 - [457: Merge up 1.3.x to 1.4.x - fix windows relative extension path bug](#457) thanks to @asgrim
 - [440: Fix self-verify to use latest attestation library](#440) thanks to @asgrim

dependencies
------------

 - [560: 551: update box version to require 4.7.x](#560) thanks to @asgrim
 - [501: Merge up 1.3.x to 1.4.x - Use example-pie-extension 2.0.9](#501) thanks to @asgrim

enhancement
-----------

 - [553: Add mutation testing with Infection](#553) thanks to @asgrim
 - [545: Allow distribution of musl + glibc binaries](#545) thanks to @cataphract and @asgrim
 - [533: Improve the exception_dir exception message with more details](#533) thanks to @asgrim
 - [526: 435: prompt to install missing system deps](#526) thanks to @asgrim
 - [509: Prefix INSTALL_ROOT env var for UnixInstall](#509) thanks to @asgrim and @Ninos
 - [493: 437: add build provider warning for Homebrew](#493) thanks to @asgrim
 - [490: Merge up 1.3 to 1.4 - forwards compat for download-url-method lists](#490) thanks to @asgrim
 - [489: 436: pre-packaged binary exts](#489) thanks to @asgrim
 - [452: Prompt to install build tools if they're missing](#452) thanks to @asgrim
 - [443: Experimentally provide executable version of PIE](#443) thanks to @asgrim

documentation,enhancement
-------------------------

 - [547: Add `--no-cache` to Docker instructions](#547) thanks to @TimWolla
 - [546: Improve Docker instructions in docs/usage.md](#546) thanks to @TimWolla

dependencies,github_actions,php
-------------------------------

 - [528: Dependency updates](#528) thanks to @asgrim

 - [442: Merge up 1.3.x to 1.4.x](#442) thanks to @asgrim