1.8.0

The first stable release in over six years. Requires PHP 7.1+.

Breaking Changes

• PHP 7.1 minimum -- dropped support for PHP 5.3, 5.4, 5.5, 5.6, and 7.0.
• List separation by marker type -- lists using different markers (*, +, -, or switching between . and ) for ordered lists) are now treated as separate lists, matching the CommonMark spec.
• Lazy blockquotes -- consecutive blockquotes separated by a blank line are no longer merged into one, per CommonMark.
• Sparse HTML blocks -- blank lines inside block-level HTML are now wrapped in <p> tags instead of being preserved as-is.
• Empty ATX headings -- # and ## on their own now produce <h1></h1> and <h2></h2> instead of being treated as paragraphs.
• Extensions accessing block internals may need to update: the element structure uses element instead of text in some places (e.g. $Block['element']['element']['text'] instead of $Block['element']['text']['text']).

Security

• Regex patterns throughout the parser now use possessive quantifiers (*+, ++) to prevent catastrophic backtracking (ReDoS). This addresses denial-of-service vectors where malformed emphasis markers or other adversarial input could cause memory exhaustion or hangs.
• Safe mode now sanitizes nested elements correctly via recursive AST traversal. Previously, sanitization only applied at the top level.
• Extensions can mark self-produced HTML as trusted using allowRawHtmlInSafeMode so it isn't escaped in safe mode, while untrusted input remains escaped.

PHP Compatibility

• Fixed implicit nullable parameter deprecations for PHP 8.4+.
• Updated PHPUnit dependency and test infrastructure for modern PHP.
• CI moved from Travis CI to GitHub Actions.

CommonMark Compliance

• Setext headings now handle leading/trailing spaces correctly.
• ATX heading closing # sequences are trimmed properly (e.g. # # of levels # # renders as <h1># of levels #</h1>).
• Ordered lists support ) as a marker in addition to ..
• Ordered lists starting with a number other than 1 no longer interrupt paragraphs.
• One-column tables are now supported.
• Fenced code blocks require the closing fence to have at least as many backticks/tildes as the opening fence.
• HTML comments follow the CommonMark spec more closely.
• Email autolinks validate against the CommonMark email definition.
• Escaped tilde characters (\~\~) are no longer treated as strikethrough.

New Features

• Strict mode (setStrictMode(true)) -- requires a space after # in ATX headings (CommonMark-compliant behavior).

Bug Fixes

• Fixed "Uninitialized string offset" errors on certain inputs.
• Fixed adjacent blockquotes being incorrectly merged.
• Fixed line-break standardization when using the line() method directly.
• Fixed table header validation (headers containing newlines are no longer accepted).
• Fixed spaces in fenced code block class names.

2.0.0 Beta 1

This is an initial beta of the planned changes for v2.0.0.

Documentation is still being worked on for general usage. Some initial "extensions focused" documentation is available in: 2.0.x/docs/Migrating-Extensions-v2.0.md.

1.7.4

Introduce rawHtml concept from beta 1.8 that extensions may optionally utilise. In 1.8 beta versions this feature is utilised internally and might have compatibility issues with extensions, this release does not use this feature internally so no such issues will be present.

Version 1.8.0-beta-6

This is a pre-release.

To see what's changed from 1.7.1, please refer to the draft release notes in #601.

Any testing, bug-reports, or bug-fixes are very welcome.

---

This beta increment is a security release and resolves an issue which would allow a user to add arbitrary classes to fenced code blocks. This might have security consequences, see #699 for more detail.

1.7.3

1.7.3

1.7.2

This is a security release and resolves an issue which would allow a user to add arbitrary classes to fenced code blocks. This might have security consequences, see #699 for more detail.

Version 1.8.0-beta-5

This is a pre-release.

To see what's changed from 1.7.1, please refer to the draft release notes in #601.

Any testing, bug-reports, or bug-fixes are very welcome.

---

This beta release restores the existence of some previously deleted protected interface endpoints.

Version 1.8.0-beta-4

This is a pre-release.

To see what's changed from 1.7.1, please refer to the draft release notes in #601.

Any testing, bug-reports, or bug-fixes are very welcome.

---

Some minor bug-fixes have been resolved since beta-3.

Version 1.8.0-beta-3

This is a pre-release.

To see what's changed from 1.7.1, please refer to the draft release notes in #601.

Any testing, bug-reports, or bug-fixes are very welcome.

---

Essentially this is the second beta but I forgot to bump the class version number before tagging, and I'm not a fan of deleting version tags – hence number 3.

Version 1.8.0-beta-1

This is a pre-release.

To see what's changed from 1.7.1, please refer to the draft release notes in #601.

Any testing, bug-reports, or bug-fixes are very welcome.