PHP Security und Bugfix Release 8.0.29 – 8.1.20 und 8.2.7

Die Entwickler von PHP haben am 8.Juni 2023 die Updates 8.0.29, 8.1.20 und 8.2.7 veröffentlicht. Dies sind Security und Bugfix Releases die umgehend installiert werden sollten.

PHP 8.2.7 Changelog

• Core:
  • Fixed bug GH-11152 (Unable to alias namespaces containing reserved class names).
  • Fixed bug GH-9068 (Conditional jump or move depends on uninitialised value(s)).
  • Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state).
  • Fixed bug GH-11063 (Compilation error on old GCC versions).
  • Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash).
• Date:
  • Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in offset).
• Exif:
  • Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper chunk sizes).
• FPM:
  • Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of child->ev_std(out|err)).
  • Fixed bug #64539 (FPM status page: query_string not properly JSON encoded).
  • Fixed memory leak for invalid primary script file handle.
• Hash:
  • Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments).
• LibXML:
  • Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0).
• MBString:
  • Fix bug GH-11217 (Segfault in mb_strrpos / mb_strripos when using negative offset and ASCII encoding).
• Opcache:
  • Fixed bug GH-11134 (Incorrect match default branch optimization).
  • Fixed too wide OR and AND range inference.
  • Fixed missing class redeclaration error with OPcache enabled.
  • Fixed bug GH-11245 (In some specific cases SWITCH with one default statement will cause segfault).
• PCNTL:
  • Fixed maximum argument count of pcntl_forkx().
• PGSQL:
  • Fixed parameter parsing of pg_lo_export().
• Phar:
  • Fixed bug GH-11099 (Generating phar.php during cross-compile can’t be done).
• Soap:
  • Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP).
  • Fixed bug GH-8426 (make test fail while soap extension build).
• SPL:
  • Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)).
• Standard:
  • Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for source file).
  • Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308 redirect).
• Streams:
  • Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data).
  • Fixed bug GH-11175 (Stream Socket Timeout).
  • Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client).

PHP 8.1.19 Changelog

• Core:
  • Fix inconsistent float negation in constant expressions.
  • Fixed bug GH-8841 (php-cli core dump calling a badly formed function).
  • Fixed bug GH-10737 (PHP 8.1.16 segfaults on line 597 of sapi/apache2handler/sapi_apache2.c).
  • Fixed bug GH-11028 (Heap Buffer Overflow in zval_undefined_cv.).
  • Fixed bug GH-11108 (Incorrect CG(memoize_mode) state after bailout in ??=).
• DOM:
  • Fixed bug #80602 (Segfault when using DOMChildNode::before()).
  • Fixed incorrect error handling in dom_zvals_to_fragment().
• Exif:
  • Fixed bug GH-9397 (exif read : warnings and errors : Potentially invalid endianess, Illegal IFD size and Undefined index).
• Intl:
  • Fixed bug GH-11071 (TZData version not displayed anymore).
• PCRE:
  • Fixed bug GH-10968 (Segfault in preg_replace_callback_array()).
• Standard:
  • Fixed bug GH-10990 (mail() throws TypeError after iterating over $additional_headers array by reference).
  • Fixed bug GH-9775 (Duplicates returned by array_unique when using enums).

PHP 8.0.29 Changelog

• Soap:
  • Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP).