@@ -52,9 +52,12 @@ Minor Version Number
5252 - Bugfixes
5353 - New features
5454 - Extensions support can be ended (moved to PECL)
55- - Backward compatibility must be kept
56- - API compatibility must be kept (userland)
57- - ABI and API can be broken (internals)
55+ - Backward compatibility must be preserved unless explicitly broken by an
56+ approved RFC.
57+ - API compatibility for user-facing code must be preserved unless an RFC
58+ explicitly allows a breaking change.
59+ - ABI and internal API compatibility may be broken if necessary, without
60+ requiring an RFC.
5861 - Source compatibility should be kept if possible, while breakages are
5962 allowed
6063
@@ -66,13 +69,19 @@ Patch Version Number
6669 - Bug fixes and security patches only
6770 - Extensions support can't be removed (like move them to PECL)
6871 - Backward compatibility must be kept (internals and userland)
69- - ABI and API compatibility must be kept (internals)
72+ - ABI and internal API compatibility must be preserved, except in the case
73+ of HIGH severity security issues where no other option is possible.
7074
7175It is critical to understand the consequences of breaking BC, APIs or ABIs (only
7276internals related). It should not be done for the sake of doing it. RFCs
7377explaining the reasoning behind a breakage and the consequences along with test
7478cases and patch(es) should help.
7579
80+ If a HIGH severity security fix requires breaking the internal ABI or API, a
81+ proper migration path must be provided, and the impact should be minimized as
82+ much as possible. This should also be accompanied by additional communication
83+ during the release.
84+
7685See the following links for explanation about API and ABI:
7786
7887- http://en.wikipedia.org/wiki/Application_programming_interface
@@ -228,19 +237,25 @@ After the general availability release:
228237 - Release only when there is a security issue or regression issue to
229238 address.
230239
231- - Security fix and regression releases SHOULD occur on the same date as
232- bug fix releases for the other branches. Exceptions can be made for
233- high risk security issues or high profile regressions.
240+ - Security fix, compatibility build fix and regression fix releases
241+ SHOULD occur on the same date as bug fix releases for the other
242+ branches. Exceptions can be made for high risk security issues or high
243+ profile regressions.
234244
235245- Until the end of year 4 (e.g., for PHP 8.4: until Dec 31, 2028):
236246
237247 - Security fixes **only **.
238248
239249 - Release only when there is a security issue.
240250
241- - Security fix releases SHOULD occur on the same date as bug fix releases
242- for the other branches. Exceptions can be made for high risk security
243- issues.
251+ - Security fix, compatibility build fix and regression fix releases
252+ SHOULD occur on the same date as bug fix releases for the other
253+ branches. Exceptions can be made for high risk security issues or high
254+ profile regressions.
255+
256+ - Regression fixes should be applied only exceptionally for small
257+ regressions or regressions introduced by security fixes and it
258+ should get RM approval.
244259
245260 - Updates to ABI incompatible versions of dependent libraries on Windows
246261 are **not ** performed.
@@ -256,21 +271,25 @@ is Dec 31, 2026, 24:00 UTC, even if the actual release date slips to Jan 9,
256271 Feature selection and development
257272***********************************
258273
259- RFCs have been introduced many years ago and have been proven as being an
260- amazing way to avoid conflicts while providing a very good way to propose new
261- things to php.net. New features or additions to the core should go through the
262- RFC process. It has been done successfully (as the process went well, but the
263- features were not necessary accepted) already for a dozen of new features or
264- improvements.
274+ RFCs were introduced many years ago and have proven to be an effective way to
275+ avoid conflicts while providing a structured process for proposing changes to
276+ php.net. New features or core additions should go through the RFC process. The
277+ process has been used multiple times for new features and improvements, even if
278+ some proposals were not accepted.
265279
266- Features can use branch(es) if necessary, doing so will minimize the impact of
267- other commits and changes on the development of a specific feature (or the other
268- way 'round). The shorter release cycle also ensures that a given feature can get
269- into the next release, as long as the RFC has been accepted.
280+ New features must be implemented and proposed using a GitHub pull request.
270281
271- The change to what we have now is the voting process. It will not happen anymore
272- on the mailing list but in the RFCs directly, for php.net members, in a public
273- way.
282+ Internal API changes (those that do not affect the user-facing API), as well as
283+ user-facing features in extensions and SAPIs, do not require an RFC unless a
284+ core developer (someone with commit access to php-src) raises an objection or
285+ requests an RFC within one month of the implementation pull request being opened.
286+ A core developer may also request that the feature be shared on the internal
287+ mailing list, in which case an additional two-week period must pass without
288+ objection or RFC request before the feature can be merged.
289+
290+ Pull requests may be merged before the one-month period ends. However, if a core
291+ developer raises an objection or requests an RFC after the merge but within the
292+ one-month window, the feature must be reverted.
274293
275294See also `the voting RFC <https://wiki.php.net/rfc/voting >`_.
276295
@@ -291,8 +310,6 @@ We have voting plugin for dokuwiki (doodle2) that allows voting on the wiki
291310The roles of the release managers are about being a facilitator:
292311
293312- Manage the release process
294- - Start the decisions discussions and vote about the features and change for a
295- given release
296313- Create a roadmap and planing according to this RFC
297314- Package the releases (test and final releases)
298315- Decide which bug fixes can be applied to a release, within the cases defined
@@ -302,10 +319,6 @@ But they are not:
302319
303320- Decide which features, extension or SAPI get in a release or not
304321
305- Discussions or requests for a feature or to apply a given patch must be done on
306- the public internals mailing list or in the security mailing (ideally using the
307- bug tracker)
308-
309322****************************
310323 Release managers selection
311324****************************
0 commit comments