PHP Bugfix 8.0.21 und 8.1.8 Security Release

PHP Logo

Die Entwickler von PHP haben die neuen Versionen 8.0.21 und 8.1.8, als Bugfix bzw. Security Update, veröffentlicht.

PHP 8.1.8 Release Notes

  • Core:
    • Fixed bug #8338 (Intel CET is disabled unintentionally).
    • Fixed leak in Enum::from/tryFrom for internal enums when using JIT
    • Fixed calling internal methods with a static return type from extension code.
    • Fixed bug #8655 (Casting an object to array does not unwrap refcount=1 references).
    • Fixed potential use after free in php_binary_init().
  • CLI:
    • Fixed #8827 (Intentionally closing std handles no longer possible).
  • COM:
    • Fixed bug #8778 (Integer arithmethic with large number variants fails).
  • Curl:
    • Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.
  • Date:
    • Fixed bug #72963 (Null-byte injection in CreateFromFormat and related functions).
    • Fixed bug #74671 (DST timezone abbreviation has incorrect offset).
    • Fixed bug #77243 (Weekdays are calculated incorrectly for negative years).
    • Fixed bug #78139 (timezone_open accepts invalid timezone string argument).
  • Fileinfo:
    • Fixed bug #81723 (Heap buffer overflow in finfo_buffer). (CVE-2022-31627)
  • FPM:
    • Fixed bug #67764 (fpm: syslog.ident don’t work).
  • GD:
    • Fixed imagecreatefromavif() memory leak.
  • MBString:
    • mb_detect_encoding recognizes all letters in Czech alphabet
    • mb_detect_encoding recognizes all letters in Hungarian alphabet
    • Fixed bug #8685 (pcre not ready at mbstring startup).
    • Backwards-compatible mappings for 0x5C/0x7E in Shift-JIS are restored, after they had been changed in 8.1.0.
  • ODBC:
    • Fixed handling of single-key connection strings.
  • OPcache:
    • Fixed bug #8591 (tracing JIT crash after private instance method change).
  • OpenSSL:
    • Fixed bug #50293 (Several openssl functions ignore the VCWD).
    • Fixed bug #81713 (NULL byte injection in several OpenSSL functions working with certificates).
  • PDO_ODBC:
    • Fixed handling of single-key connection strings.
  • SPL:
    • Fixed bug #8563 (Different results for seek() on SplFileObject and SplTempFileObject).
  • Zip:
    • Fixed bug #8781 (ZipArchive::close deletes zip file without updating stat cache).

PHP 8.0.21 Release Notes

  • Core:
    • Fixed potential use after free in php_binary_init().
  • CLI:
    • Fixed #8827 (Intentionally closing std handles no longer possible).
  • COM:
    • Fixed bug #8778 (Integer arithmethic with large number variants fails).
  • Curl:
    • Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.
  • Date:
    • Fixed bug #74671 (DST timezone abbreviation has incorrect offset).
    • Fixed bug #77243 (Weekdays are calculated incorrectly for negative years).
    • Fixed bug #78139 (timezone_open accepts invalid timezone string argument).
  • FPM:
    • Fixed bug #67764 (fpm: syslog.ident don’t work).
  • MBString:
    • Fixed bug #8685 (pcre not ready at mbstring startup).
  • ODBC:
    • Fixed handling of single-key connection strings.
  • OpenSSL:
    • Fixed bug #50293 (Several openssl functions ignore the VCWD).
    • Fixed bug #81713 (NULL byte injection in several OpenSSL functions working with certificates).
  • PDO_ODBC:
    • Fixed errorInfo() result on successful PDOStatement->execute().
    • Fixed handling of single-key connection strings.
  • Zip:
    • Fixed bug #8781 (ZipArchive::close deletes zip file without updating stat cache).

Quelle. https://www.php.net

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.