Menü Schließen

PHP 8.2.9 Security und Bugfix Release

PHP Logo

Die Entwickler von PHP haben vor wenigen Tagen das Sicherheitsupdate 8.2.9 veröffentlicht. Das PHP 8.2.9 Release schließt Sicherheitslücken und behebt Fehler.

PHP 8.2.9 Release Notes

  • Build:
    • Fixed bug GH-11522 (PHP version check fails with ‘-‘ separator).
  • CLI:
    • Fix interrupted CLI output causing the process to exit.
  • Core:
    • Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).
    • Fixed line number of JMP instruction over else block.
    • Fixed use-of-uninitialized-value with ??= on assert.
    • Fixed oss-fuzz #60411 (Fix double-compilation of arrow-functions).
    • Fixed build for FreeBSD before the 11.0 releases.
  • Curl:
    • Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION.
  • Date:
    • Fixed bug GH-11368 (Date modify returns invalid datetime).
    • Fixed bug GH-11600 (Can’t parse time strings which include (narrow) non-breaking space characters).
    • Fixed bug GH-11854 (DateTime:createFromFormat stopped parsing datetime with extra space).
  • DOM:
    • Fixed bug GH-11625 (DOMElement::replaceWith() doesn’t replace node with DOMDocumentFragment but just deletes node or causes wrapping <></> depending on libxml2 version).
  • Fileinfo:
    • Fixed bug GH-11298 (finfo returns wrong mime type for xz files).
  • FTP:
    • Fix context option check for “overwrite”.
    • Fixed bug GH-10562 (Memory leak and invalid state with consecutive ftp_nb_fget).
  • GD:
    • Fix most of the external libgd test failures.
  • Intl:
    • Fix memory leak in MessageFormatter::format() on failure.
  • Libxml:
    • Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823)
  • MBString:
    • Fix GH-11300 (license issue: restricted unicode license headers).
  • Opcache:
    • Fixed bug GH-10914 (OPCache with Enum and Callback functions results in segmentation fault).
    • Prevent potential deadlock if accelerated globals cannot be allocated.
  • PCNTL:
    • Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open).
  • PDO:
    • Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled).
  • PDO SQLite:
    • Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt).
  • Phar:
    • Add missing check on EVP_VerifyUpdate() in phar util.
    • Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)
    • Fixed bug GH-9669 (phpdbg -h options doesn’t list the -z option).
  • Session:
    • Removed broken url support for transferring session ID.
  • Standard:
    • Fix serialization of RC1 objects appearing in object graph twice.
  • Streams:
    • Fixed bug GH-11735 (Use-after-free when unregistering user stream wrapper from itself).
  • SQLite3:
    • Fix replaced error handling in SQLite3Stmt::__construct.
  • XMLReader:
    • Fix GH-11548 (Argument corruption when calling XMLReader::open or XMLReader::XML non-statically with observer active).

Quelle: PHP: PHP 8 ChangeLog

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert