PHP Logo

PHP 7.4.3 – 7.3.16 und 7.2.29 Security und Bugfix Release

Die freie Skript- / Programmiersprache, PHP, erhielt für die Zweige 7.4, 7.3 und 7.2 Security und Bugfix Updates.

PHP 7.4.3 Release Notes

  • Core:
    • Fixed bug #79146 (cscript can fail to run on some systems).
    • Fixed bug #79155 (Property nullability lost when using multiple property definition).
    • Fixed bug #78323 (Code 0 is returned on invalid options).
    • Fixed bug #78989 (Delayed variance check involving trait segfaults).
    • Fixed bug #79174 (cookie values with spaces fail to round-trip).
    • Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments).
  • COM:
    • Fixed bug #79247 (Garbage collecting variant objects segfaults).
  • CURL:
    • Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()).
  • FFI:
    • Fixed bug #79096 (FFI Struct Segfault).
  • IMAP:
    • Fixed bug #79112 (IMAP extension can’t find OpenSSL libraries at configure time).
  • Intl:
    • Fixed bug #79212 (NumberFormatter::format() may detect wrong type).
  • Libxml:
    • Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()).
  • MBString:
    • Fixed bug #79149 (SEGV in mb_convert_encoding with non-string encodings).
  • MySQLi:
    • Fixed bug #78666 (Properties may emit a warning on var_dump()).
  • MySQLnd:
    • Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
    • Fixed bug #79011 (MySQL caching_sha2_password Access denied for password with more than 20 chars).
  • Opcache:
    • Fixed bug #79114 (Eval class during preload causes class to be only half available).
    • Fixed bug #79128 (Preloading segfaults if preload_user is used).
    • Fixed bug #79193 (Incorrect type inference for self::$field =& $field).
  • OpenSSL:
    • Fixed bug #79145 (openssl memory leak).
  • Phar:
    • Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063)
    • Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061)
    • Fixed bug #76584 (PharFileInfo::decompress not working).
  • Reflection:
    • Fixed bug #79115 (ReflectionClass::isCloneable call reflected class __destruct).
  • Session:
    • Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)
  • Standard:
    • Fixed bug #78902 (Memory leak when using stream_filter_append).
    • Fixed bug #78969 (PASSWORD_DEFAULT should match PASSWORD_BCRYPT instead of being null).
  • Testing:
    • Fixed bug #78090 (bug45161.phpt takes forever to finish).
  • XSL:
    • Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory).
  • Zip:
    • Add ZipArchive::CM_LZMA2 and ZipArchive::CM_XZ constants (since libzip 1.6.0).
    • Add ZipArchive::RDONLY (since libzip 1.0.0).
    • Add ZipArchive::ER_* missing constants.
    • Add ZipArchive::LIBZIP_VERSION constant.
    • Fixed bug #73119 (Wrong return for ZipArchive::addEmptyDir Method).

PHP 7.3.16 Release Notes

  • Core:
    • Fixed bug #63206 (restore_error_handler does not restore previous errors mask).
  • COM:
    • Fixed bug #66322 (COMPersistHelper::SaveToFile can save to wrong location).
    • Fixed bug #79242 (COM error constants don’t match com_exception codes on x86).
    • Fixed bug #79248 (Traversing empty VT_ARRAY throws com_exception).
    • Fixed bug #79299 (com_print_typeinfo prints duplicate variables).
    • Fixed bug #79332 (php_istreams are never freed).
    • Fixed bug #79333 (com_print_typeinfo() leaks memory).
  • DOM:
    • Fixed bug #77569: (Write Access Violation in DomImplementation).
    • Fixed bug #79271 (DOMDocumentType::$childNodes is NULL).
  • Enchant:
    • Fixed bug #79311 (enchant_dict_suggest() fails on big endian architecture).
  • EXIF:
    • Fixed bug #79282 (Use-of-uninitialized-value in exif). (CVE-2020-7064)
  • MBstring:
    • Fixed bug #79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full). (CVE-2020-7065)
  • MySQLi:
    • Fixed bug #64032 (mysqli reports different client_version).
  • PCRE:
    • Fixed bug #79188 (Memory corruption in preg_replace/preg_replace_callback and unicode).
  • PDO_ODBC:
    • Fixed bug #79038 (PDOStatement::nextRowset() leaks column values).
  • Reflection:
    • Fixed bug #79062 (Property with heredoc default value returns false for getDocComment).
  • SQLite3:
    • Fixed bug #79294 (::columnType() may fail after SQLite3Stmt::reset()).
  • Standard:
    • Fixed bug #79329 (get_headers() silently truncates after a null byte). (CVE-2020-7066)
    • Fixed bug #79254 (getenv() w/o arguments not showing changes).
    • Fixed bug #79265 (Improper injection of Host header when using fopen for http requests).

PHP 7.2.29 Release Notes

  • Core:
    • Fixed bug #79329 (get_headers() silently truncates after a null byte) (CVE-2020-7066) (cmb)
  • EXIF:
    • Fixed bug #79282 (Use-of-uninitialized-value in exif) (CVE-2020-7064) (Nikita)

Quelle: https://www.php.net/ChangeLog-7.php

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.