diff --git a/build/php.m4 b/build/php.m4
index bdc02573ac95a..1059d7f2f4d1f 100644
--- a/build/php.m4
+++ b/build/php.m4
@@ -2010,7 +2010,7 @@ dnl
 dnl Common setup macro for libxml.
 dnl
 AC_DEFUN([PHP_SETUP_LIBXML], [
-  PKG_CHECK_MODULES([LIBXML], [libxml-2.0 >= 2.7.6])
+  PKG_CHECK_MODULES([LIBXML], [libxml-2.0 >= 2.9.0])
 
   PHP_EVAL_INCLINE($LIBXML_CFLAGS)
   PHP_EVAL_LIBLINE($LIBXML_LIBS, $1)
diff --git a/ext/libxml/libxml.stub.php b/ext/libxml/libxml.stub.php
index 74a15e916994e..12685bd8ceea6 100644
--- a/ext/libxml/libxml.stub.php
+++ b/ext/libxml/libxml.stub.php
@@ -13,6 +13,7 @@ function libxml_get_errors(): array {}
 
 function libxml_clear_errors(): void {}
 
+/** @deprecated */
 function libxml_disable_entity_loader(bool $disable = true): bool {}
 
 function libxml_set_external_entity_loader(?callable $resolver_function): bool {}
diff --git a/ext/libxml/libxml_arginfo.h b/ext/libxml/libxml_arginfo.h
index bf4bc2c01dd3c..217bff288bfae 100644
--- a/ext/libxml/libxml_arginfo.h
+++ b/ext/libxml/libxml_arginfo.h
@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: 2d793e5134ea8633c432f03d20c1d8b80a05795b */
+ * Stub hash: ded229511dc2bc3912d35b8055c0fd69420baff0 */
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_libxml_set_streams_context, 0, 1, IS_VOID, 0)
 	ZEND_ARG_INFO(0, context)
@@ -42,7 +42,7 @@ static const zend_function_entry ext_functions[] = {
 	ZEND_FE(libxml_get_last_error, arginfo_libxml_get_last_error)
 	ZEND_FE(libxml_get_errors, arginfo_libxml_get_errors)
 	ZEND_FE(libxml_clear_errors, arginfo_libxml_clear_errors)
-	ZEND_FE(libxml_disable_entity_loader, arginfo_libxml_disable_entity_loader)
+	ZEND_DEP_FE(libxml_disable_entity_loader, arginfo_libxml_disable_entity_loader)
 	ZEND_FE(libxml_set_external_entity_loader, arginfo_libxml_set_external_entity_loader)
 	ZEND_FE_END
 };
diff --git a/ext/libxml/tests/bug54138_1.phpt b/ext/libxml/tests/bug54138_1.phpt
deleted file mode 100644
index f0a8a04698e85..0000000000000
--- a/ext/libxml/tests/bug54138_1.phpt
+++ /dev/null
@@ -1,24 +0,0 @@
---TEST--
-Bug #54138 - DOMNode::getLineNo() doesn't return line number higher than 65535
---SKIPIF--
-<?php
-if (!extension_loaded('dom')) die('skip dom extension not available');
-if (LIBXML_VERSION >= 20900) die('skip this test is for libxml < 2.9.0 only');
-?>
---FILE--
-<?php
-define('LIBXML_BIGLINES', 1<<22);
-$foos = str_repeat('<foo/>' . PHP_EOL, 65535);
-$xml = <<<XML
-<?xml version="1.0" encoding="UTF-8"?>
-<root>
-$foos
-<bar/>
-</root>
-XML;
-$dom = new DOMDocument();
-$dom->loadXML($xml, LIBXML_BIGLINES);
-var_dump($dom->getElementsByTagName('bar')->item(0)->getLineNo());
-?>
---EXPECT--
-int(65535)
diff --git a/ext/libxml/tests/libxml_disable_entity_loader.phpt b/ext/libxml/tests/libxml_disable_entity_loader.phpt
index 790a98db16035..d72a9b21d6837 100644
--- a/ext/libxml/tests/libxml_disable_entity_loader.phpt
+++ b/ext/libxml/tests/libxml_disable_entity_loader.phpt
@@ -33,6 +33,8 @@ echo "Done\n";
 ?>
 --EXPECTF--
 bool(true)
+
+Deprecated: Function libxml_disable_entity_loader() is deprecated in %s on line %d
 bool(false)
 
 Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "%s" in %s on line %d
diff --git a/ext/libxml/tests/libxml_entity_loading_disabled_by_default.phpt b/ext/libxml/tests/libxml_entity_loading_disabled_by_default.phpt
new file mode 100644
index 0000000000000..9540f349692bc
--- /dev/null
+++ b/ext/libxml/tests/libxml_entity_loading_disabled_by_default.phpt
@@ -0,0 +1,53 @@
+--TEST--
+libxml_disable_entity_loader()
+--SKIPIF--
+<?php
+if (!extension_loaded('libxml')) die('skip libxml extension not available');
+if (!extension_loaded('dom')) die('skip dom extension not available');
+--FILE--
+<?php
+
+$xml = <<<EOT
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [<!ENTITY xxe SYSTEM "XXE_URI">]>
+<foo>&xxe;</foo>
+EOT;
+
+$dir = str_replace('\\', '/', __DIR__);
+$xml = str_replace('XXE_URI', $dir . '/libxml_disable_entity_loader_payload.txt', $xml);
+
+function parseXML1($xml) {
+  $doc = new DOMDocument();
+  $doc->loadXML($xml, 0);
+  return $doc->saveXML();
+}
+
+function parseXML2($xml) {
+  return simplexml_load_string($xml);
+}
+
+function parseXML3($xml) {
+  $p = xml_parser_create();
+  xml_parse_into_struct($p, $xml, $vals, $index);
+  xml_parser_free($p);
+  return var_export($vals, true);
+}
+
+function parseXML4($xml) {
+  // This is the only time we enable external entity loading.
+  return simplexml_load_string($xml, 'SimpleXMLElement', LIBXML_NOENT);
+}
+
+var_dump(strpos(parseXML1($xml), 'SECRET_DATA') === false);
+var_dump(strpos(parseXML2($xml), 'SECRET_DATA') === false);
+var_dump(strpos(parseXML3($xml), 'SECRET_DATA') === false);
+var_dump(strpos(parseXML4($xml), 'SECRET_DATA') === false);
+
+echo "Done\n";
+?>
+--EXPECTF--
+bool(true)
+bool(true)
+bool(true)
+bool(false)
+Done