PHP Logo

PHP Security und Bugfix Release 7.4.5 – 7.3.17 und 7.2.30

von

Die freie Skript- / Programmiersprache, PHP, erhielt für die Zweige 7.4, 7.3 und 7.2 ein Security Update sowie einige Bugfixes.

PHP 7.4.5 Release Notes

  • Core:
    • Fixed bug #79364 (When copy empty array, next key is unspecified).
    • Fixed bug #78210 (Invalid pointer address).
  • CURL:
    • Fixed bug #79199 (curl_copy_handle() memory leak).
  • Date:
    • Fixed bug #79396 (DateTime hour incorrect during DST jump forward).
    • Fixed bug #74940 (DateTimeZone loose comparison always true).
  • FPM:
    • Implement request #77062 (Allow numeric [UG]ID in FPM listen.{owner,group}) (Andre Nathan)
  • Iconv:
    • Fixed bug #79200 (Some iconv functions cut Windows-1258).
  • OPcache:
    • Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
  • Session:
    • Fixed bug #79413 (session_create_id() fails for active sessions).
  • Shmop:
    • Fixed bug #79427 (Integer Overflow in shmop_open()).
  • SimpleXML:
    • Fixed bug #61597 (SXE properties may lack attributes and content).
  • SOAP:
    • Fixed bug #79357 (SOAP request segfaults when any request parameter is missing).
  • Spl:
    • Fixed bug #75673 (SplStack::unserialize() behavior).
    • Fixed bug #79393 (Null coalescing operator failing with SplFixedArray).
  • Standard:
    • Fixed bug #79330 (shell_exec() silently truncates after a null byte).
    • Fixed bug #79410 (system() swallows last chunk if it is exactly 4095 bytes without newline).
    • Fixed bug #79465 (OOB Read in urldecode()). (CVE-2020-7067)
  • Zip:
    • Fixed bug #79296 (ZipArchive::open fails on empty file).
    • Fixed bug #79424 (php_zip_glob uses gl_pathc after call to globfree).

PHP 7.3.17 Release Notes

  • Core:
    • Fixed bug #79364 (When copy empty array, next key is unspecified).
    • Fixed bug #78210 (Invalid pointer address).
  • CURL:
    • Fixed bug #79199 (curl_copy_handle() memory leak).
  • Date:
    • Fixed bug #79396 (DateTime hour incorrect during DST jump forward).
  • Iconv:
    • Fixed bug #79200 (Some iconv functions cut Windows-1258).
  • OPcache:
    • Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
  • Session:
    • Fixed bug #79413 (session_create_id() fails for active sessions).
  • Shmop:
    • Fixed bug #79427 (Integer Overflow in shmop_open()).
  • SimpleXML:
    • Fixed bug #61597 (SXE properties may lack attributes and content).
  • Spl:
    • Fixed bug #75673 (SplStack::unserialize() behavior).
    • Fixed bug #79393 (Null coalescing operator failing with SplFixedArray).
  • Standard:
    • Fixed bug #79330 (shell_exec() silently truncates after a null byte).
    • Fixed bug #79465 (OOB Read in urldecode()). (CVE-2020-7067)
    • Fixed bug #79410 (system() swallows last chunk if it is exactly 4095 bytes without newline).
  • Zip:
    • Fixed bug #79296 (ZipArchive::open fails on empty file).
    • Fixed bug #79424 (php_zip_glob uses gl_pathc after call to globfree).

PHP 7.2.30 Release Notes

Standard:

  • Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).
  • Fixed bug #79330 (shell_exec() silently truncates after a null byte).
  • Fixed bug #79465 (OOB Read in urldecode()).

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.