PHP 7.3.31 7.4.24 und 8.0.11 Security Release

Vor wenigen Tagen wurde das Security und Bugfix Update für PHP 7.3.31, 7.4.24 und 8.0.11 veröffentlicht.

PHP 8.0.11 Release Notes

Core:
- Fixed bug #81302 (Stream position after stream filter removed).
- Fixed bug #81346 (Non-seekable streams don’t update position after write).
- Fixed bug #73122 (Integer Overflow when concatenating strings).
GD:
- Fixed bug #53580 (During resize gdImageCopyResampled cause colors change).
Opcache:
- Fixed bug #81353 (segfault with preloading and statically bound closure).
Shmop:
- Fixed bug #81407 (shmop_open won’t attach and causes php to crash).
Standard:
- Fixed bug #71542 (disk_total_space does not work with relative paths).
- Fixed bug #81400 (Unterminated string in dns_get_record() results).
SysVMsg:
- Fixed bug #78819 (Heap Overflow in msg_send).
XML:
- Fixed bug #81351 (xml_parse may fail, but has no error code).
Zip:
- Fixed bug #80833 (ZipArchive::getStream doesn’t use setPassword).
- Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination).

Core:
- Fixed bug #81302 (Stream position after stream filter removed).
- Fixed bug #81346 (Non-seekable streams don’t update position after write).
- Fixed bug #73122 (Integer Overflow when concatenating strings).
GD:
- Fixed bug #53580 (During resize gdImageCopyResampled cause colors change).
Opcache:
- Fixed bug #81353 (segfault with preloading and statically bound closure).
Shmop:
- Fixed bug #81407 (shmop_open won’t attach and causes php to crash).
Standard:
- Fixed bug #71542 (disk_total_space does not work with relative paths).
- Fixed bug #81400 (Unterminated string in dns_get_record() results).
SysVMsg:
- Fixed bug #78819 (Heap Overflow in msg_send).
XML:
- Fixed bug #81351 (xml_parse may fail, but has no error code).
Zip:
- Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination). (CVE-2021-21706)

Zip:
- Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination). (CVE-2021-21706)