| PERLDELTA(1) | Perl Programmers Reference Guide | PERLDELTA(1) |
perldelta - what is new for perl v5.42.0
This document describes differences between the 5.42.0 release and the 5.40.0 release.
"chdir" has been added as a subroutine to the "CORE::" namespace.
Previously, code like &CORE::chdir($dir) or my $ref = \&CORE::chdir; $ref->($dir) would throw an error saying "&CORE::chdir cannot be called directly". These cases are now fully supported.
This allows you to declare that the portion of a program for the remainder of the lexical scope of this pragma is encoded either entirely in ASCII (for "use source::encoding 'ascii'") or if UTF-8 is allowed as well (for "use source::encoding 'utf8'"). No other encodings are accepted. The second form is entirely equivalent to "use utf8", and may be used interchangeably with that.
The purpose of this pragma is to catch cases early where you forgot to specify "use utf8".
"use source::encoding 'ascii'" is automatically enabled within the lexical scope of a "use v5.41.0" or higher.
"no source::encoding" turns off all this checking for the remainder of its lexical scope. The meaning of non-ASCII characters is then undefined.
Classes defined using "use feature 'class'" are now able to automatically create writer accessors for scalar fields, by using the ":writer" attribute, similar to the way that ":reader" already creates reader accessors.
class Point {
field $x :reader :writer :param;
field $y :reader :writer :param;
}
my $p = Point->new( x => 20, y => 40 );
$p->set_x(60);
Two new experimental features have been added, which introduce the list-processing operators "any" and "all".
use v5.42;
use feature 'keyword_all';
no warnings 'experimental::keyword_all';
my @numbers = ...
if ( all { $_ % 2 == 0 } @numbers ) {
say "All the numbers are even";
}
These keywords operate similarly to "grep" except that they only ever return true or false, testing if any (or all) of the elements in the list make the testing block yield true. Because of this they can short-circuit, avoiding the need to test any further elements if a given element determines the eventual result.
These are inspired by the same-named functions in the List::Util module, except that they are implemented as direct core operators, and thus perform faster, and do not produce an additional subroutine call stack frame for invoking the code block.
The feature flags enabling those keywords have been named "keyword_any" and "keyword_all" to avoid confusion with the ability of the "feature" module to refer to all of its features by using the ":all" export tag. [GH #23104 <https://github.com/Perl/perl5/issues/23104>]
The related experimental warning flags are consequently named "experimental::keyword_any" and "experimental::keyword_all".
This was deprecated in Perl 5.38 and removed as scheduled in perl 5.41.3, but after some discussion has been reinstated by default.
This can be controlled with the "apostrophe_as_package_separator" feature which is enabled by default, but is disabled from the 5.41 feature bundle onwards.
If you want to disable use within your own code you can explicitly disable the feature:
no feature "apostrophe_as_package_separator";
Note that disabling this feature only prevents use of apostrophe as a package separator within code; symbolic references still treat "'" as "::" with the feature disabled:
my $symref = "My'Module'Var"; # default features my $x = $My'Module'Var; # fine no feature "apostrophe_as_package_separator"; no strict "refs"; my $y = $$symref; # like $My::Module::Var my $z = $My'Module'Var; # syntax error
[GH #22644 <https://github.com/Perl/perl5/issues/22644>]
Like "sub" since Perl version 5.18, "method" can now be prefixed with the "my" keyword. This declares a subroutine that has lexical, rather than package visibility. See perlclass for more detail.
Along with the ability to declare methods lexically, this release also permits invoking a lexical subroutine as if it were a method, bypassing the usual name-based method resolution.
Combined with lexical method declaration, these two new abilities create the effect of having private methods.
The "switch" feature and the smartmatch operator, "~~", were introduced in v5.10. Their behavior was significantly changed in v5.10.1. When the "experiment" system was added in v5.18.0, switch and smartmatch were retroactively declared experimental. Over the years, proposals to fix or supplement the features have come and gone.
They were deprecated in Perl v5.38.0 and scheduled for removal in Perl v5.42.0. After extensive discussion their removal has been indefinitely postponed. Using them no longer produces a deprecation warning.
Switch itself still requires the "switch" feature, which is enabled by default for feature bundles from v5.9.5 through to v5.34. Switch remains disabled in feature bundles 5.35 and later, but can be separately enabled:
# no switch here use v5.10; # switch here use v5.36; # no switch here use feature "switch"; # switch here
Smart match now requires the "smartmatch" feature, which is enabled by default and included in all feature bundles up to 5.40. It is disabled for the 5.41 feature bundle and later, but can be separately enabled:
# smartmatch here use v5.41; # no smartmatch here use feature "smartmatch"; # smartmatch here
[GH #22752 <https://github.com/Perl/perl5/issues/22752>]
Perl now supports Unicode 16.0 <https://www.unicode.org/versions/Unicode16.0.0/> including the changes introduced in 15.1 <https://www.unicode.org/versions/Unicode15.1.0/>.
Perl 5.40.0 introduced the logical medium-precedence exclusive-or operator "^^". It was not noticed at the time that the assigning variant "^^=" was also missing. This is now added.
A heap buffer overflow vulnerability was discovered in Perl.
When there are non-ASCII bytes in the left-hand-side of the "tr" operator, S_do_trans_invmap() can overflow the destination pointer "d".
$ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'
Segmentation fault (core dumped)
It is believed that this vulnerability can enable Denial of Service or Arbitrary Code Execution attacks on platforms that lack sufficient defenses.
This problem was discovered by Nathan Mills and assigned [CVE-2024-56406 <https://lists.security.metacpan.org/cve-announce/msg/28708725/>] by the CPAN Security Group <https://security.metacpan.org/>.
The patch to fix this issue (87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd <https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd>) is applicable to all perls that are vulnerable, including those out-of-support.
Perl thread cloning had a working directory race condition where file operations may target unintended paths. Perl 5.42 will no longer chdir to each handle.
This problem was discovered by Vincent Lefèvre via [GH #23010 <https://github.com/Perl/perl5/issues/23010>] and assigned [CVE-2025-40909 <https://lists.security.metacpan.org/cve-announce/msg/30017499/>] by the CPAN Security Group <https://security.metacpan.org/>.
Fixes were provided via [GH #23019 <https://github.com/Perl/perl5/pull/23019>] and [GH #23361 <https://github.com/Perl/perl5/pull/23361>].
Perl 5.40 reintroduced unconditional references from functions to their containing functions to fix a bug introduced in Perl 5.18 that broke the special behaviour of "eval EXPR" in package "DB" which is used by the debugger.
In some cases this change led to circular reference chains between closures and other existing references, resulting in memory leaks.
This change has been reverted, fixing [GH #22547 <https://github.com/Perl/perl5/issues/22547>] but re-breaking [GH #19370 <https://github.com/Perl/perl5/issues/19370>].
This means the reference loops won't occur, and that lexical variables and functions from enclosing functions may not be visible in the debugger.
Note that calling "eval EXPR" in a function unconditionally causes a function to reference its enclosing functions as it always has.
The following code would previously have allocated eleven string buffers, each containing one million "A"s:
my @scalars; push @scalars, ("A" x 1_000_000) for 0..9;
Now a single buffer is allocated and shared between a CONST OP and the ten scalar elements of @scalars.
Note that any code using this sort of constant to simulate memory leaks (perhaps in test files) must now permute the string in order to trigger a string copy and the allocation of separate buffers. For example, "("A" x 1_000_000).time" might be a suitable small change.
my @array = (...);
foreach my ($idx, $val) (builtin::indexed @array) {
...
}
foreach my ($idx, $val) (builtin::indexed LIST...) {
...
}
In particular, a temporary list twice the size of the original is no longer generated. Instead, the loop iterates down the original array or list in-place directly, in the same way that "foreach (@array)" or "foreach (LIST)" would do.
substr($x, 0, ...)
substr($x, 0, ..., '')
We have attempted to update the documentation to reflect the changes listed in this document. If you find any we have missed, open an issue at <https://github.com/Perl/perl5/issues>.
Additionally, the following selected changes have been made:
perlapi
perldata
perlfunc
perlgov
perlguts
perlop
perlvar
The following additions or changes have been made to diagnostic output, including warnings and fatal error messages. For the complete list of diagnostic messages, see perldiag.
New Errors
(F) This pragma forbids non-ASCII characters within its scope.
(F) The subroutine indicated hasn't been defined, or if it was, it has since been undefined.
This error could also indicate a mistyped package separator, when a single colon was typed instead of two colons. For example, Foo:bar() would be parsed as the label "Foo" followed by an unqualified function name: "foo: bar()". [GH #22860 <https://github.com/Perl/perl5/issues/22860>]
New Warnings
(S experimental::class) This warning is emitted if you use the "__CLASS__" keyword of "use feature 'class'". This keyword is currently experimental and its behaviour may change in future releases of Perl.
(W io) You called readdir(), telldir(), seekdir(), rewinddir() or closedir() on a handle that was opened with open(). If you want to use these functions to traverse the contents of a directory, you need to open the handle with opendir().
[GH #22394 <https://github.com/Perl/perl5/issues/22394>]
(W precedence) You wrote something like
!$x < $y # parsed as: (!$x) < $y
!$x eq $y # parsed as: (!$x) eq $y
!$x =~ /regex/ # parsed as: (!$x) =~ /regex/
!$obj isa Some::Class # parsed as: (!$obj) isa Some::Class
but because "!" has higher precedence than comparison operators, "=~", and "isa", this is interpreted as comparing/matching the logical negation of the first operand, instead of negating the result of the comparison/match.
To disambiguate, either use a negated comparison/binding operator:
$x >= $y
$x ne $y
$x !~ /regex/
... or parentheses:
!($x < $y)
!($x eq $y)
!($x =~ /regex/)
!($obj isa Some::Class)
... or the low-precedence "not" operator:
not $x < $y
not $x eq $y
not $x =~ /regex/
not $obj isa Some::Class
(If you did mean to compare the boolean result of negating the first operand, parenthesize as "(!$x) < $y", "(!$x) eq $y", etc.)
Note: this warning does not trigger for code like "!!$x == $y", i.e. where double negation ("!!") is used as a convert-to-boolean operator.
This was consolidated from separate messages for readdir(), telldir(), seekdir(), rewinddir() and closedir() as part of refactoring for [GH #22394 <https://github.com/Perl/perl5/issues/22394>].
This warning now triggers for use of a chained comparison like "0 < $x < 1". [GH #22969 <https://github.com/Perl/perl5/issues/22969>]
Prevent this warning when accessing a function parameter in @_ that is an lvalue reference to an untied hash element where the key was undefined. This warning is still produced at the point of call. [GH #22423 <https://github.com/Perl/perl5/issues/22423>]
("PERL_STRICT_CR" was originally introduced in perl 5.005 to optionally restore backward compatibility with perl 5.004, which had made CR in source files an error. Before that, CR was accepted, but retained literally in quoted multi-line constructs such as here-documents, even at the end of a line.)
Tests were added and changed to reflect the other additions and changes in this release. Furthermore, these significant changes were made:
Supply an explicit base address for "cygperl*.dll" that cannot conflict with those generated by "--enable-auto-image-base". [GH #22695 <https://github.com/Perl/perl5/issues/22695>][GH #22104 <https://github.com/Perl/perl5/issues/22104>]
If earlier versions are also experiencing issues (such as failures in locale.t), you can explicitly disable locale collation by adding the "-Accflags=-DNO_LOCALE_COLLATE" option to your invocation of "./Configure", or just "-DNO_LOCALE_COLLATE" to the "ccflags" and "cppflags" variables in config.sh.
While this has been entirely tested by normal Perl CI testing, there may still be some corner-cases where these constraints are violated in otherwise-valid calls. These may require further investigation if they are found, and specific code to be adjusted to account for it.
""utf8_to_uv"" in perlapi and ""utf8_to_uv_or_die"" in perlapi replace ""utf8_to_uvchr"" in perlapi (which is retained for backwards compatibility), but you should convert to use the new forms, as likely you aren't using the old one safely.
To convert in the opposite direction, you can now use ""uv_to_utf8"" in perlapi. This is not a new function, but a new synonym for ""uvchr_to_utf8"" in perlapi. It is added so you don't have to learn two sets of names.
There are also two new functions, ""strict_utf8_to_uv"" in perlapi and ""c9strict_utf8_to_uv"" in perlapi which do the same thing except when the input string represents a code point that Unicode doesn't accept as legal for interchange, using either the strict original definition ("strict_utf8_to_uv"), or the looser one given by Unicode Corrigendum #9 <https://www.unicode.org/versions/corrigendum9.html> ("c9strict_utf8_to_uv"). When the input string represents one of the restricted code points, these functions return the Unicode "REPLACEMENT CHARACTER" instead.
Also ""extended_utf8_to_uv"" in perlapi is a synonym for "utf8_to_uv", for use when you want to emphasize that the entire range of Perl extended UTF-8 is acceptable.
There are also replacement functions for the three more specialized conversion functions that you are unlikely to need to use. Again, the old forms are kept for backwards compatibility, but you should convert to use the new forms.
""utf8_to_uv_flags"" in perlapi replaces ""utf8n_to_uvchr"" in perlapi.
""utf8_to_uv_errors"" in perlapi replaces ""utf8n_to_uvchr_error"" in perlapi.
""utf8_to_uv_msgs"" in perlapi replaces ""utf8n_to_uvchr_msgs"" in perlapi.
Also added are the inverse functions ""uv_to_utf8_flags"" in perlapi and ""uv_to_utf8_msgs"" in perlapi, which are synonyms for the existing functions, ""uvchr_to_utf8_flags"" in perlapi and ""uvchr_to_utf8_flags_msgs"" in perlapi respectively. These are provided only so you don't have to learn two sets of names.
The latter two functions are designed to replace ""bytes_from_utf8"" in perlapi which creates memory unnecessarily, or unnecessarily large.
Previously, when parsing individual signature parameters, the parser would accumulate an "OP_ARGELEM" optree fragment for each parameter on the parser stack, collecting them in an "OP_LIST" sequence, before finally building the complete argument handling optree itself, in a large action block defined directly in perly.y.
In the new approach, all the optree generation is handled by newly-defined functions in op.c which are called by the action blocks in the parser. These do not keep state on the parser stack, but instead in a dedicated memory structure referenced by the main "PL_parser" structure. This is intended to be largely opaque to other code, and accessed only via the new functions.
This new arrangement is intended to allow more flexible code generation and additional features to be developed in the future.
A new API macro has been added, which is used to obtain the second string buffer out of a "vstring" SV, in a manner similar to the "SvPV" macro which obtains the regular string buffer out of a regular SV.
STRLEN len;
const char *vstr_pv = SvVSTRING(sv, vstr_len);
See ""SvVSTRING"" in perlapi.
[GH #22365 <https://github.com/Perl/perl5/issues/22365>]
($x &= $y) += $z;
# Equivalent to:
# $x &= $y;
# $x += $z;
However, the separate numeric/string bitwise operators provided by the "bitwise" feature, "&= ^= |= &.= ^.= |.=", did not return such lvalues:
use feature qw(bitwise);
($x &= $y) += $z;
# Used to die:
# Can't modify numeric bitwise and (&) in addition (+) at ...
This has been corrected. [GH #22412 <https://github.com/Perl/perl5/issues/22412>]
Now "strftime" stringifies its first argument, as before. [GH #22498 <https://github.com/Perl/perl5/issues/22498>]
Also, fix POSIX::strftime() [GH #22369 <https://github.com/Perl/perl5/issues/22369>].
Note: this does not make "pack("p",... )" safe, if the SV is magical then any writes to the buffer will likely be discarded on the next read. [GH #22380 <https://github.com/Perl/perl5/issues/22380>]
For example:
my $r = qr/... (?{ foo() if ... }) .../;
sub foo { $string =~ $r }
foo()
Code such as the following would stop running the contents of the "defer" block once the inner exception in the inner "try"/"catch" block was caught. This has now been fixed, and runs as expected. ([GH #23064 <https://github.com/Perl/perl5/issues/23064>]).
defer {
try { die "It breaks\n"; }
catch ($e) { warn $e }
say "This line would never run";
}
open(my $fh, "+>", undef) or die ...
This is supposed to work only when the undefined value is the one returned by the "undef" function.
In perls before 5.41.3, this caused a problem due to the fact that the same undefined value can be generated by lookups of non-existent hash keys or array elements, which can lead to bugs in user-level code (reported as [GH #22385 <https://github.com/Perl/perl5/issues/22385>]).
In 5.41.3, additional checks based on the syntax tree of the call site were added, which fixed this issue for some number of common cases, though not all of them, at the cost of breaking the ability of APIs that wrap "open" to expose its anonymous file mode. A notable example of such an API is autodie.
This release reverts to the old problem in preference to the new one for the time being.
Abe Timmerman (ABELTJE) passed away on August 15, 2024.
Since 2002, Abe built and maintained the Test::Smoke project: "a set of scripts and modules that try to run the Perl core tests on as many configurations as possible and combine the results into an easy to read report". Smoking Perl on as many platforms and configurations as possible has been instrumental in finding bugs and developing patches for those bugs.
Abe was a regular attendee of the Perl Toolchain Summit (née Perl QA Hackathon), the Dutch Perl Workshop and the Amsterdam.pm user group meetings. With his kindness, his smile and his laugh, he helped make Perl and its community better.
Abeltje's memorial card said "Grab every opportunity to have a drink of bubbly. This is an opportunity". We'll miss you Abe, and we'll have a drink of bubbly in your honor.
Andrew Main (ZEFRAM) passed away on March 10, 2025.
Zefram was a brilliant person, seemingly knowledgeable in everything and happy to impart his knowledge and share his striking insights with a gentle, technical demeanor that often failed to convey the genuine care with which he communicated.
It would be impossible to overstate the impact that Zefram has had on both the language and culture of Perl over the years. From his countless contributions to the code-base, to his often quirky but always distinctive appearances at conferences and gatherings, his influence and memory are sure to endure long into the future.
Zefram wished to have no designated memorial location in meatspace. His designated memorial location in cyberspace is <http://www.fysh.org/~zefram/personal/>.
Perl 5.42.0 represents approximately 13 months of development since Perl 5.40.0 and contains approximately 280,000 lines of changes across 1,600 files from 65 authors.
Excluding auto-generated files, documentation and release tools, there were approximately 94,000 lines of changes to 860 .pm, .t, .c and .h files.
Perl continues to flourish into its fourth decade thanks to a vibrant community of users and developers. The following people are known to have contributed the improvements that became Perl 5.42.0:
Aaron Dill, Andrei Horodniceanu, Andrew Ruthven, Antanas Vaitkus, Aristotle Pagaltzis, Branislav Zahradník, brian d foy, Chad Granum, Chris 'BinGOs' Williams, Craig A. Berry, Dabrien 'Dabe' Murphy, Dagfinn Ilmari Mannsåker, Dan Book, Daniel Dragan, Dan Jacobson, David Cantrell, David Mitchell, E. Choroba, Ed J, Ed Sabol, Elvin Aslanov, Eric Herman, Erik Huelsmann, Gianni Ceccarelli, Graham Knop, hbmaclean, H.Merijn Brand, iabyn, James E Keenan, James Raspass, Johan Vromans, Karen Etheridge, Karl Williamson, Leon Timmermans, Lukas Mai, Marek Rouchal, Marin Tsanov, Mark Fowler, Masahiro Honma, Max Maischein, Paul Evans, Paul Johnson, Paul Marquess, Peter Eisentraut, Peter John Acklam, Philippe Bruhat (BooK), pyrrhlin, Reini Urban, Richard Leach, Robert Rothenberg, Robin Ragged, Russ Allbery, Scott Baker, Sergei Zhmylev, Sevan Janiyan, Sisyphus, Štěpán Němec, Steve Hay, TAKAI Kousuke, Thibault Duponchelle, Todd Rinaldo, Tony Cook, Unicode Consortium, Vladimír Marek, Yves Orton.
The list above is almost certainly incomplete as it is automatically generated from version control history. In particular, it does not include the names of the (very much appreciated) contributors who reported issues to the Perl bug tracker.
Many of the changes included in this version originated in the CPAN modules included in Perl's core. We're grateful to the entire CPAN community for helping Perl to flourish.
For a more complete list of all of Perl's historical contributors, please see the AUTHORS file in the Perl source distribution.
If you find what you think is a bug, you might check the perl bug database at <https://github.com/Perl/perl5/issues>. There may also be information at <https://www.perl.org/>, the Perl Home Page.
If you believe you have an unreported bug, please open an issue at <https://github.com/Perl/perl5/issues>. Be sure to trim your bug down to a tiny but sufficient test case.
If the bug you are reporting has security implications which make it inappropriate to send to a public issue tracker, then see "SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec for details of how to report the issue.
If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, you can do so by running the "perlthanks" program:
perlthanks
This will send an email to the Perl 5 Porters list with your show of thanks.
The Changes file for an explanation of how to view exhaustive details on what changed.
The INSTALL file for how to build Perl.
The README file for general stuff.
The Artistic and Copying files for copyright information.
| 2025-07-02 | perl v5.42.0 |