PHP Logo

PHP 7.4.6 – 7.3.18 und 7.2.31 Security und Bugfix Release

von

Für PHP gab es ein Security und Bugfix Release das umgehend durchgeführt werden sollte.

PHP 7.4.6 Release Notes

  • Core:
    • Fixed bug #78434 (Generator yields no items after valid() call).
    • Fixed bug #79477 (casting object into array creates references).
    • Fixed bug #79514 (Memory leaks while including unexistent file).
    • Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
    • Fixed bug #78784 (Unable to interact with files inside a VFS for Git repository).
    • Fixed bug #78875 (Long variables cause OOM and temp files are not cleaned). (CVE-2019-11048).
    • Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048).
  • DOM:
    • Fixed bug #78221 (DOMNode::normalize() doesn’t remove empty text nodes).
  • EXIF:
    • Fixed bug #79336 (ext/exif/tests/bug79046.phpt fails on Big endian arch).
  • FCGI:
    • Fixed bug #79491 (Search for .user.ini extends up to root dir).
  • MBString:
    • Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
  • OpenSSL:
    • Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes with <1s timeout).
  • PCRE:
    • Upgraded to PCRE2 10.34.
  • Phar:
    • Fixed bug #79503 (Memory leak on duplicate metadata).
  • SimpleXML:
    • Fixed bug #79528 (Different object of the same xml between 7.4.5 and 7.4.4).
  • SPL:
    • Fixed bug #69264 (__debugInfo() ignored while extending SPL classes).
    • Fixed bug #67369 (ArrayObject serialization drops the iterator class).
  • Standard:
    • Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).
    • Fixed bug #79447 (Serializing uninitialized typed properties with __sleep should not throw).

PHP 7.3.18 Release Notes

  • Core:
    • Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)
    • Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)
    • Fixed bug #79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference on !CS constant).
    • Fixed bug #79477 (casting object into array creates references).
    • Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
    • Fixed bug #78784 (Unable to interact with files inside a VFS for Git repository).
  • DOM:
    • Fixed bug #78221 (DOMNode::normalize() doesn’t remove empty text nodes).
  • FCGI:
    • Fixed bug #79491 (Search for .user.ini extends up to root dir).
  • MBString:
    • Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
  • OpenSSL:
    • Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes with <1s timeout).
  • Phar:
    • Fixed bug #79503 (Memory leak on duplicate metadata).
  • SimpleXML:
    • Fixed bug #79528 (Different object of the same xml between 7.4.5 and 7.4.4).
  • Standard:
    • Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).

PHP 7.2.31 Release Notes

Core:

  • Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)
  • Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.