5 [ this is a template for a new perldelta file. Any text flagged as XXX needs
6 to be processed before release. ]
8 perldelta - what is new for perl v5.39.6
12 This document describes differences between the 5.39.5 release and the 5.39.6
15 If you are upgrading from an earlier release such as 5.39.4, first read
16 L<perl5395delta>, which describes differences between 5.39.4 and 5.39.5.
20 XXX Any important notices here
22 =head1 Core Enhancements
24 XXX New core language features go here. Summarize user-visible core language
25 enhancements. Particularly prominent performance optimisations could go
26 here, but most should go in the L</Performance Enhancements> section.
28 [ List each enhancement as a =head2 entry ]
32 XXX Any security-related notices go here. In particular, any security
33 vulnerabilities closed should be noted here rather than in the
34 L</Selected Bug Fixes> section.
36 [ List each security issue as a =head2 entry ]
38 This release fixes the following security issues.
40 =head2 CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property
42 This vulnerability was reported directly to the Perl security team by
43 Nathan Mills C<the.true.nathan.mills@gmail.com>.
45 A crafted regular expression when compiled by perl 5.30.0 through
46 5.38.0 can cause a one-byte attacker controlled buffer overflow in a
47 heap allocated buffer.
49 =head2 CVE-2023-47039 - Perl for Windows binary hijacking vulnerability
51 This vulnerability was reported to the Intel Product Security Incident
52 Response Team (PSIRT) by GitHub user ycdxsb
53 L<https://github.com/ycdxsb/WindowsPrivilegeEscalation>. PSIRT then
54 reported it to the Perl security team.
56 Perl for Windows relies on the system path environment variable to
57 find the shell (C<cmd.exe>). When running an executable which uses
58 Windows Perl interpreter, Perl attempts to find and execute C<cmd.exe>
59 within the operating system. However, due to path search order issues,
60 Perl initially looks for cmd.exe in the current working directory.
62 An attacker with limited privileges can exploit this behavior by
63 placing C<cmd.exe> in locations with weak permissions, such as
64 C<C:\ProgramData>. By doing so, when an administrator attempts to use
65 this executable from these compromised locations, arbitrary code can
68 =head1 Incompatible Changes
70 XXX For a release on a stable branch, this section aspires to be:
72 There are no changes intentionally incompatible with 5.XXX.XXX
73 If any exist, they are bugs, and we request that you submit a
74 report. See L</Reporting Bugs> below.
76 [ List each incompatible change as a =head2 entry ]
80 XXX Any deprecated features, syntax, modules etc. should be listed here.
82 =head2 Module removals
84 XXX Remove this section if not applicable.
86 The following modules will be removed from the core distribution in a
87 future release, and will at that time need to be installed from CPAN.
88 Distributions on CPAN which require these modules will need to list them as
91 The core versions of these modules will now issue C<"deprecated">-category
92 warnings to alert you to this fact. To silence these deprecation warnings,
93 install the modules in question from CPAN.
95 Note that these are (with rare exceptions) fine modules that you are encouraged
96 to continue to use. Their disinclusion from core primarily hinges on their
97 necessity to bootstrapping a fully functional, CPAN-capable Perl installation,
98 not usually on concerns over their design.
104 XXX Note that deprecated modules should be listed here even if they are listed
105 as an updated module in the L</Modules and Pragmata> section.
109 [ List each other deprecation as a =head2 entry ]
111 =head1 Performance Enhancements
113 XXX Changes which enhance performance without changing behaviour go here.
114 There may well be none in a stable release.
116 [ List each enhancement as an =item entry ]
126 =head1 Modules and Pragmata
128 XXX All changes to installed files in F<cpan/>, F<dist/>, F<ext/> and F<lib/>
129 go here. If Module::CoreList is updated, generate an initial draft of the
130 following sections using F<Porting/corelist-perldelta.pl>. A paragraph summary
131 for important changes should then be added by hand. In an ideal world,
132 dual-life modules would have a F<Changes> file that could be cribbed.
134 The list of new and updated modules is modified automatically as part of
135 preparing a Perl release, so the only reason to manually add entries here is if
136 you're summarising the important changes in the module update. (Also, if the
137 manually-added details don't match the automatically-generated ones, the
138 release manager will have to investigate the situation carefully.)
140 [ Within each section, list entries as an =item entry ]
142 =head2 New Modules and Pragmata
148 XXX Remove this section if Porting/corelist-perldelta.pl did not add any content here.
152 =head2 Updated Modules and Pragmata
158 L<XXX> has been upgraded from version A.xx to B.yy.
160 XXX If there was something important to note about this change, include that here.
164 =head2 Removed Modules and Pragmata
170 XXX Remove this section if Porting/corelist-perldelta.pl did not add any content here.
176 XXX Changes to files in F<pod/> go here. Consider grouping entries by
177 file and be sure to link to the appropriate page, e.g. L<perlfunc>.
179 =head2 New Documentation
181 XXX Changes which create B<new> files in F<pod/> go here.
185 XXX Description of the purpose of the new file here
187 =head2 Changes to Existing Documentation
189 We have attempted to update the documentation to reflect the changes
190 listed in this document. If you find any we have missed, open an issue
191 at L<https://github.com/Perl/perl5/issues>.
193 XXX Changes which significantly change existing files in F<pod/> go here.
194 However, any changes to F<pod/perldiag.pod> should go in the L</Diagnostics>
197 Additionally, the following selected changes have been made:
205 XXX Description of the change here
211 The following additions or changes have been made to diagnostic output,
212 including warnings and fatal error messages. For the complete list of
213 diagnostic messages, see L<perldiag>.
215 XXX New or changed warnings emitted by the core's C<C> code go here. Also
216 include any changes in L<perldiag> that reconcile it to the C<C> code.
218 =head2 New Diagnostics
220 XXX Newly added diagnostic messages go under here, separated into New Errors
229 XXX L<message|perldiag/"message">
239 XXX L<message|perldiag/"message">
243 =head2 Changes to Existing Diagnostics
245 XXX Changes (i.e. rewording) of diagnostic messages go here
251 XXX Describe change here
255 =head1 Utility Changes
257 XXX Changes to installed programs such as F<perldoc> and F<xsubpp> go here.
258 Most of these are built within the directory F<utils>.
260 [ List utility changes as a =head2 entry for each utility and =item
261 entries for each change
262 Use L<XXX> with program names to get proper documentation linking. ]
274 =head1 Configuration and Compilation
276 XXX Changes to F<Configure>, F<installperl>, F<installman>, and analogous tools
277 go here. Any other changes to the Perl build process should be listed here.
278 However, any platform-specific changes should be listed in the
279 L</Platform Support> section, instead.
281 [ List changes as an =item entry ].
293 XXX Any significant changes to the testing of a freshly built perl should be
294 listed here. Changes which create B<new> files in F<t/> go here as do any
295 large changes to the testing harness (e.g. when parallel testing was added).
296 Changes to existing files in F<t/> aren't worth summarizing, although the bugs
297 that they represent may be covered elsewhere.
299 XXX If there were no significant test changes, say this:
301 Tests were added and changed to reflect the other additions and changes
304 XXX If instead there were significant changes, say this:
306 Tests were added and changed to reflect the other additions and
307 changes in this release. Furthermore, these significant changes were
310 [ List each test improvement as an =item entry ]
316 The test F<t/porting/libperl.t> will no longer run in maint releases.
317 This test is sensitive to changes in the output of F<nm> on various
318 platforms, and tarballs aren't updated as we update this test in
323 =head1 Platform Support
325 XXX Any changes to platform support should be listed in the sections below.
327 [ Within the sections, list each platform as an =item entry with specific
328 changes as paragraphs below it. ]
332 XXX List any platforms that this version of perl compiles on, that previous
333 versions did not. These will either be enabled by new files in the F<hints/>
334 directories, or new subdirectories and F<README> files at the top level of the
339 =item XXX-some-platform
345 =head2 Discontinued Platforms
347 XXX List any platforms that this version of perl no longer compiles on.
351 =item XXX-some-platform
357 =head2 Platform-Specific Notes
359 XXX List any changes for specific platforms. This could include configuration
360 and compilation changes or changes in portability/compatibility. However,
361 changes within modules for platforms should generally be listed in the
362 L</Modules and Pragmata> section.
366 =item XXX-some-platform
372 =head1 Internal Changes
374 XXX Changes which affect the interface available to C<XS> code go here. Other
375 significant internal changes for future core maintainers should be noted as
378 [ List each change as an =item entry ]
388 =head1 Selected Bug Fixes
390 XXX Important bug fixes in the core language are summarized here. Bug fixes in
391 files in F<ext/> and F<lib/> are best summarized in L</Modules and Pragmata>.
393 Include references to GitHub issues and PRs as: [GH #12345] and the release
394 manager will later use a regex to expand these into links.
396 [ List each fix as an =item entry ]
402 The tmps (mortal) stack now grows exponentially. Previously it grew
403 linearly, so if it was growing incrementally, such as through many
404 calls to sv_2mortal(), on a system where realloc() is O(size), the
405 performance would be O(n*n). With exponential grows this changes to
406 amortized O(n). [GH #21654]
410 =head1 Known Problems
412 XXX Descriptions of platform agnostic bugs we know we can't fix go here. Any
413 tests that had to be C<TODO>ed for the release would be noted here. Unfixed
414 platform specific bugs also go here.
416 [ List each fix as an =item entry ]
426 =head1 Errata From Previous Releases
432 XXX Add anything here that we forgot to add, or were mistaken about, in
433 the perldelta of a previous release.
439 XXX If any significant core contributor or member of the CPAN community has
440 died, add a short obituary here.
442 =head1 Acknowledgements
444 XXX Generate this with:
446 perl Porting/acknowledgements.pl v5.39.5..HEAD
448 =head1 Reporting Bugs
450 If you find what you think is a bug, you might check the perl bug database
451 at L<https://github.com/Perl/perl5/issues>. There may also be information at
452 L<http://www.perl.org/>, the Perl Home Page.
454 If you believe you have an unreported bug, please open an issue at
455 L<https://github.com/Perl/perl5/issues>. Be sure to trim your bug down to a
456 tiny but sufficient test case.
458 If the bug you are reporting has security implications which make it
459 inappropriate to send to a public issue tracker, then see
460 L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION>
461 for details of how to report the issue.
465 If you wish to thank the Perl 5 Porters for the work we had done in Perl 5,
466 you can do so by running the C<perlthanks> program:
470 This will send an email to the Perl 5 Porters list with your show of thanks.
474 The F<Changes> file for an explanation of how to view exhaustive details on
477 The F<INSTALL> file for how to build Perl.
479 The F<README> file for general stuff.
481 The F<Artistic> and F<Copying> files for copyright information.