PHP Logo

PHP Security Release 7.4.9 -7.3.21 und 7.2.33

von

Vor wenigen Tagen wurden die PHP Releases 7.4.9, 7.3.21 und 7.2.33 veröffentlicht. Dies ist ein Security Release das umgehend installiert werden sollte.

PHP 7.4.9 Release Notes

  • Apache:
    • Fixed bug #79030 (Upgrade apache2handler’s php_apache_sapi_get_request_time to return usec).
  • COM:
    • Fixed bug #63208 (BSTR to PHP string conversion not binary safe).
    • Fixed bug #63527 (DCOM does not work with Username, Password parameter).
  • Core:
    • Fixed bug #79740 (serialize() and unserialize() methods can not be called statically).
    • Fixed bug #79783 (Segfault in php_str_replace_common).
    • Fixed bug #79778 (Assertion failure if dumping closure with unresolved static variable).
    • Fixed bug #79779 (Assertion failure when assigning property of string offset by reference).
    • Fixed bug #79792 (HT iterators not removed if empty array is destroyed).
    • Fixed bug #78598 (Changing array during undef index RW error segfaults).
    • Fixed bug #79784 (Use after free if changing array during undef var during array write fetch).
    • Fixed bug #79793 (Use after free if string used in undefined index warning is changed).
    • Fixed bug #79862 (Public non-static property in child should take priority over private static).
    • Fixed bug #79877 (getimagesize function silently truncates after a null byte) (cmb)
  • Fileinfo:
    • Fixed bug #79756 (finfo_file crash (FILEINFO_MIME)).
  • FTP:
    • Fixed bug #55857 (ftp_size on large files).
  • Mbstring:
    • Fixed bug #79787 (mb_strimwidth does not trim string).
  • Phar:
    • Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)
  • Reflection:
    • Fixed bug #79487 (::getStaticProperties() ignores property modifications).
    • Fixed bug #69804 (::getStaticPropertyValue() throws on protected props).
    • Fixed bug #79820 (Use after free when type duplicated into ReflectionProperty gets resolved).
  • Standard:
    • Fixed bug #70362 (Can’t copy() large ‘data://’ with open_basedir).
    • Fixed bug #78008 (dns_check_record() always return true on Alpine).
    • Fixed bug #79839 (array_walk() does not respect property types).

PHP 7.3.21 Release Notes

  • Apache:
    • Fixed bug #79030 (Upgrade apache2handler’s php_apache_sapi_get_request_time to return usec).
  • Core:
    • Fixed bug #79877 (getimagesize function silently truncates after a null byte).
    • Fixed bug #79778 (Assertion failure if dumping closure with unresolved static variable).
    • Fixed bug #79792 (HT iterators not removed if empty array is destroyed).
  • COM:
    • Fixed bug #63208 (BSTR to PHP string conversion not binary safe).
    • Fixed bug #63527 (DCOM does not work with Username, Password parameter).
  • Curl:
    • Fixed bug #79741 (curl_setopt CURLOPT_POSTFIELDS asserts on object with declared properties).
  • Fileinfo:
    • Fixed bug #79756 (finfo_file crash (FILEINFO_MIME)).
  • FTP:
    • Fixed bug #55857 (ftp_size on large files).
  • Mbstring:
    • Fixed bug #79787 (mb_strimwidth does not trim string).
  • Phar:
    • Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)
  • Standard:
    • Fixed bug #70362 (Can’t copy() large ‘data://’ with open_basedir).
    • Fixed bug #79817 (str_replace() does not handle INDIRECT elements).
    • Fixed bug #78008 (dns_check_record() always return true on Alpine).

PHP 7.2.33 Release Notes

  • Core:
    • Fixed bug #79877 (getimagesize function silently truncates after a null byte) (cmb)
  • Phar:
    • Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.