Core:
    Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)
    Fixed bug #79979 (passing value to by-ref param via CUFA crashes).
    Fixed bug #80037 (Typed property must not be accessed before initialization when __get() declared).
    Fixed bug #80048 (Bug #69100 has not been fixed for Windows).
    Fixed bug #80049 (Memleak when coercing integers to string via variadic argument).
Calendar:
    Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
COM:
    Fixed bug #64130 (COM obj parameters passed by reference are not updated).
OPcache:
    Fixed bug #80002 (calc free space for new interned string is wrong).
    Fixed bug #80046 (FREE for SWITCH_STRING optimized away).
    Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode handlers changed).
OpenSSL:
    Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)
PDO:
    Fixed bug #80027 (Terrible performance using $query->fetch on queries with many bind parameters).
SOAP:
    Fixed bug #47021 (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").
Standard:
    Fixed bug #79986 (str_ireplace bug with diacritics characters).
    Fixed bug #80077 (getmxrr test bug).
    Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
    Fixed bug #80067 (Omitting the port in bindto setting errors).