PHP 8.3.1 – 8.2.14 und 8.1.27 Bugfix Release

Die Entwickler von PHP haben die Versionen 8.3.1, 8.2.14 und 8.1.27 als Bugfix Release veröffentlicht. Die Updates beheben zahlreiche Fehler, sorgen so für die Stabilität des Systems und sollten umgehend installiert werden.

PHP 8.3.1 Release Notes

• Core:
  • Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC).
  • Fix various missing NULL checks.
  • Fixed bug GH-12835 (Leak of call->extra_named_params on internal __call).
  • Fixed bug GH-12826 (Weird pointers issue in nested loops).
• FPM:
  • Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval).
• FTP:
  • Fixed bug GH-9348 (FTP & SSL session reuse).
• LibXML:
  • Fixed test failures for libxml2 2.12.0.
• MySQLnd:
  • Avoid using uninitialised struct.
  • Fixed bug GH-12791 (Possible dereference of NULL in MySQLnd debug code).
• Opcache:
  • Fixed JIT bug (Function JIT emits “Uninitialized string offset” warning at the same time as invalid offset Error).
  • Fixed JIT bug (JIT emits “Attempt to assign property of non-object” warning at the same time as Error is being thrown).
• PDO PGSQL:
  • Fixed the default value of $fetchMode in PDO::pgsqlGetNotify() (kocsismate)
• SOAP:
  • Fixed bug GH-12838 ([SOAP] Temporary WSDL cache files not being deleted).
• Standard:
  • Fixed GH-12745 (http_build_query() default null argument for $arg_separator is implicitly coerced to string).

PHP 8.2.14 Release Notes

Version 8.2.14

21 Dec 2023

• Core:
  • Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious error handler).
  • Fixed oss-fuzz #64209 (In-place modification of filename in php_message_handler_for_zend).
  • Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC).
  • Fix various missing NULL checks.
  • Fixed bug GH-12835 (Leak of call->extra_named_params on internal __call).
• Date:
  • Fixed improbably integer overflow while parsing really large (or small) Unix timestamps.
• DOM:
  • Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid default: prefix).
• FPM:
  • Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval).
• FTP:
  • Fixed bug GH-9348 (FTP & SSL session reuse).
• Intl:
  • Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1).
• LibXML:
  • Fixed bug GH-12702 (libxml2 2.12.0 issue building from src).
  • Fixed test failures for libxml2 2.12.0.
• MySQLnd:
  • Avoid using uninitialised struct.
  • Fixed bug GH-12791 (Possible dereference of NULL in MySQLnd debug code).
• Opcache:
  • Fixed JIT bug (Function JIT emits “Uninitialized string offset” warning at the same time as invalid offset Error).
  • Fixed JIT bug (JIT emits “Attempt to assign property of non-object” warning at the same time as Error is being thrown).
• OpenSSL:
  • Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs).
• PCRE:
  • Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux).
• PDO PGSQL:
  • Fixed the default value of $fetchMode in PDO::pgsqlGetNotify() (kocsismate)
• PGSQL:
  • Fixed bug GH-12763 wrong argument type for pg_untrace.
• PHPDBG:
  • Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c).
• SOAP:
  • Fixed bug GH-12838 ([SOAP] Temporary WSDL cache files not being deleted).
• SPL:
  • Fixed bug GH-12721 (SplFileInfo::getFilename() segfault in combination with GlobIterator and no directory separator).
• SQLite3:
  • Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0).
• Standard:
  • Fix memory leak in syslog device handling.
  • Fixed bug GH-12621 (browscap segmentation fault when configured in the vhost).
  • Fixed bug GH-12655 (proc_open() does not take into account references in the descriptor array).
• Streams:
  • Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault).
• Zip:
  • Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option Behavior).

PHP 8.1.27 Release Notes

• Core:
  • Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious error handler).
  • Fixed oss-fuzz #64209 (In-place modification of filename in php_message_handler_for_zend).
  • Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC).
• DOM:
  • Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid default: prefix).
• FPM:
  • Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval).
• Intl:
  • Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1).
• LibXML:
  • Fixed bug GH-12702 (libxml2 2.12.0 issue building from src).
• MySQLnd:
  • Avoid using uninitialised struct.
• OpenSSL:
  • Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs).
• PCRE:
  • Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux).
• PGSQL:
  • Fixed bug GH-12763 wrong argument type for pg_untrace.
• PHPDBG:
  • Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c).
• SQLite3:
  • Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0).
• Standard:
  • Fix memory leak in syslog device handling.
  • Fixed bug GH-12621 (browscap segmentation fault when configured in the vhost).
  • Fixed bug GH-12655 (proc_open() does not take into account references in the descriptor array).
• Streams:
  • Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault).
• Zip:
  • Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option Behavior).

Quelle: https://www.php.net