JARVIS
Die Programmiersprache PHP erhielt am 5.1.2023 ein Update. Das Sicherheitsupdate behebt einige Fehler und schließt eine Sicherhetislücken in PDO/SQLite die unter CVE-2022-31631 gelistet wird.
PHP 8.2.1 Release Notes
- Core:
- Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
- Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file).
- Fixed bug GH-9890 (OpenSSL legacy providers not available on Windows).
- Fixed bug GH-9650 (Can’t initialize heap: [0x000001e7]).
- Fixed potentially undefined behavior in Windows ftok(3) emulation.
- Fixed GH-9769 (Misleading error message for unpacking of objects).
- Apache:
- Fixed bug GH-9949 (Partial content on incomplete POST request).
- FPM:
- Imap:
- Fixed bug GH-10051 (IMAP: there’s no way to check if a IMAP\Connection is still open).
- MBString:
- Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1).
- Opcache:
- Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
- OpenSSL:
- Pcntl:
- Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
- PDO_Firebird:
- Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
- PDO/SQLite:
- Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
- Session:
- Fixed GH-9932 (session name silently fails with . and [).
- SPL:
- SQLite3:
- Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI).
- TSRM:
- Fixed Windows shmget() wrt. IPC_PRIVATE.
PHP 8.1.14 Release Notes
- Core:
- Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
- Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file).
- Fixed bug GH-9650 (Can’t initialize heap: [0x000001e7]).
- Fixed potentially undefined behavior in Windows ftok(3) emulation.
- Date:
- Fixed bug GH-9699 (DateTimeImmutable::diff differences in 8.1.10 onwards – timezone related).
- Fixed bug GH-9700 (DateTime::createFromFormat: Parsing TZID string is too greedy).
- Fixed bug GH-9866 (Time zone bug with \DateTimeInterface::diff()).
- Fixed bug GH-9880 (DateTime diff returns wrong sign on day count when using a timezone).
- FPM:
- MBString:
- Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1).
- Opcache:
- Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
- OpenSSL:
- Pcntl:
- Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
- PDO_Firebird:
- Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
- PDO/SQLite:
- Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
- Session:
- Fixed GH-9932 (session name silently fails with . and [).
- SPL:
- SQLite3:
- Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI).
PHP 8.0.27 Release Notes
- PDO/SQLite:
- Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.