PHP 8.1.14 – 8.2.1 und 8.0.27 Security Release

      Keine Kommentare zu PHP 8.1.14 – 8.2.1 und 8.0.27 Security Release
PHP Logo

Die Programmiersprache PHP erhielt am 5.1.2023 ein Update. Das Sicherheitsupdate behebt einige Fehler und schließt eine Sicherhetislücken in PDO/SQLite die unter CVE-2022-31631 gelistet wird.

PHP 8.2.1 Release Notes

  • Core:
    • Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
    • Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file).
    • Fixed bug GH-9890 (OpenSSL legacy providers not available on Windows).
    • Fixed bug GH-9650 (Can’t initialize heap: [0x000001e7]).
    • Fixed potentially undefined behavior in Windows ftok(3) emulation.
    • Fixed GH-9769 (Misleading error message for unpacking of objects).
  • Apache:
    • Fixed bug GH-9949 (Partial content on incomplete POST request).
  • FPM:
    • Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694).
    • Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING).
    • Fixed bug #80669 (FPM numeric user fails to set groups).
    • Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said).
  • Imap:
    • Fixed bug GH-10051 (IMAP: there’s no way to check if a IMAP\Connection is still open).
  • MBString:
    • Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1).
  • Opcache:
    • Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
  • OpenSSL:
    • Fixed bug GH-9997 (OpenSSL engine clean up segfault).
    • Fixed bug GH-9064 (PHP fails to build if openssl was built with –no-ec).
    • Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa).
  • Pcntl:
    • Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
  • PDO_Firebird:
    • Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
  • PDO/SQLite:
    • Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
  • Session:
    • Fixed GH-9932 (session name silently fails with . and [).
  • SPL:
    • Fixed GH-9883 (SplFileObject::__toString() reads next line).
    • Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered).
  • SQLite3:
    • Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI).
  • TSRM:
    • Fixed Windows shmget() wrt. IPC_PRIVATE.

PHP 8.1.14 Release Notes

  • Core:
  • Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
  • Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file).
  • Fixed bug GH-9650 (Can’t initialize heap: [0x000001e7]).
  • Fixed potentially undefined behavior in Windows ftok(3) emulation.
  • Date:
    • Fixed bug GH-9699 (DateTimeImmutable::diff differences in 8.1.10 onwards – timezone related).
    • Fixed bug GH-9700 (DateTime::createFromFormat: Parsing TZID string is too greedy).
    • Fixed bug GH-9866 (Time zone bug with \DateTimeInterface::diff()).
    • Fixed bug GH-9880 (DateTime diff returns wrong sign on day count when using a timezone).
  • FPM:
    • Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694).
    • Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING).
    • Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said).
  • MBString:
    • Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1).
  • Opcache:
    • Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
  • OpenSSL:
    • Fixed bug GH-9064 (PHP fails to build if openssl was built with –no-ec).
    • Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa).
  • Pcntl:
    • Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
  • PDO_Firebird:
    • Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
  • PDO/SQLite:
    • Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
  • Session:
    • Fixed GH-9932 (session name silently fails with . and [).
  • SPL:
    • Fixed GH-9883 (SplFileObject::__toString() reads next line).
    • Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered).
  • SQLite3:
    • Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI).

PHP 8.0.27 Release Notes

  • PDO/SQLite:
    • Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert