PHP Bugfix 8.0.21 und 8.1.8 Security Release

Die Entwickler von PHP haben die neuen Versionen 8.0.21 und 8.1.8, als Bugfix bzw. Security Update, veröffentlicht.

PHP 8.1.8 Release Notes

• Core:
  • Fixed bug #8338 (Intel CET is disabled unintentionally).
  • Fixed leak in Enum::from/tryFrom for internal enums when using JIT
  • Fixed calling internal methods with a static return type from extension code.
  • Fixed bug #8655 (Casting an object to array does not unwrap refcount=1 references).
  • Fixed potential use after free in php_binary_init().
• CLI:
  • Fixed #8827 (Intentionally closing std handles no longer possible).
• COM:
  • Fixed bug #8778 (Integer arithmethic with large number variants fails).
• Curl:
  • Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.
• Date:
  • Fixed bug #72963 (Null-byte injection in CreateFromFormat and related functions).
  • Fixed bug #74671 (DST timezone abbreviation has incorrect offset).
  • Fixed bug #77243 (Weekdays are calculated incorrectly for negative years).
  • Fixed bug #78139 (timezone_open accepts invalid timezone string argument).
• Fileinfo:
  • Fixed bug #81723 (Heap buffer overflow in finfo_buffer). (CVE-2022-31627)
• FPM:
  • Fixed bug #67764 (fpm: syslog.ident don’t work).
• GD:
  • Fixed imagecreatefromavif() memory leak.
• MBString:
  • mb_detect_encoding recognizes all letters in Czech alphabet
  • mb_detect_encoding recognizes all letters in Hungarian alphabet
  • Fixed bug #8685 (pcre not ready at mbstring startup).
  • Backwards-compatible mappings for 0x5C/0x7E in Shift-JIS are restored, after they had been changed in 8.1.0.
• ODBC:
  • Fixed handling of single-key connection strings.
• OPcache:
  • Fixed bug #8591 (tracing JIT crash after private instance method change).
• OpenSSL:
  • Fixed bug #50293 (Several openssl functions ignore the VCWD).
  • Fixed bug #81713 (NULL byte injection in several OpenSSL functions working with certificates).
• PDO_ODBC:
  • Fixed handling of single-key connection strings.
• SPL:
  • Fixed bug #8563 (Different results for seek() on SplFileObject and SplTempFileObject).
• Zip:
  • Fixed bug #8781 (ZipArchive::close deletes zip file without updating stat cache).

PHP 8.0.21 Release Notes

• Core:
  • Fixed potential use after free in php_binary_init().
• CLI:
  • Fixed #8827 (Intentionally closing std handles no longer possible).
• COM:
  • Fixed bug #8778 (Integer arithmethic with large number variants fails).
• Curl:
  • Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.
• Date:
  • Fixed bug #74671 (DST timezone abbreviation has incorrect offset).
  • Fixed bug #77243 (Weekdays are calculated incorrectly for negative years).
  • Fixed bug #78139 (timezone_open accepts invalid timezone string argument).
• FPM:
  • Fixed bug #67764 (fpm: syslog.ident don’t work).
• MBString:
  • Fixed bug #8685 (pcre not ready at mbstring startup).
• ODBC:
  • Fixed handling of single-key connection strings.
• OpenSSL:
  • Fixed bug #50293 (Several openssl functions ignore the VCWD).
  • Fixed bug #81713 (NULL byte injection in several OpenSSL functions working with certificates).
• PDO_ODBC:
  • Fixed errorInfo() result on successful PDOStatement->execute().
  • Fixed handling of single-key connection strings.
• Zip:
  • Fixed bug #8781 (ZipArchive::close deletes zip file without updating stat cache).

Quelle. https://www.php.net