Menü Schließen

PHP Security und Bugfix Release 8.0.1 – 7.4.14 und 7.3.26

PHP Logo

Die Programmiersprache PHP, erhielt vor wenigen Tagen die Updates 8.0.1, 7.4.14 und 7.3.26. Die Updates schließen Sicherheitslücken und beheben Fehler.

PHP 8.0.1 Release Notes

  • Core:
    • Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION).
    • Fixed bug #72964 (White space not unfolded for CC/Bcc headers).
    • Fixed bug #80391 (Iterable not covariant to mixed).
    • Fixed bug #80393 (Build of PHP extension fails due to configuration gap with libtool).
    • Fixed bug #77069 (stream filter loses final block of data).
  • Fileinfo:
    • Fixed bug #77961 (finfo_open crafted magic parsing SIGABRT).
  • FPM:
    • Fixed bug #69625 (FPM returns 200 status on request without SCRIPT_FILENAME env).
  • IMAP:
    • Fixed bug #80438 (imap_msgno() incorrectly warns and return false on valid UIDs in PHP 8).
    • Fix a regression with valid UIDs in imap_savebody().
    • Make warnings for invalid message numbers/UIDs between functions consistent.
  • Intl:
    • Fixed bug #80425 (MessageFormatAdapter::getArgTypeList redefined).
  • Opcache:
    • Fixed bug #80404 (Incorrect range inference result when division results in float).
    • Fixed bug #80377 (Opcache misses executor_globals).
    • Fixed bug #80433 (Unable to disable the use of the AVX command when using JIT).
    • Fixed bug #80447 (Strange out of memory error when running with JIT).
    • Fixed bug #80480 (Segmentation fault with JIT enabled).
    • Fixed bug #80506 (Immediate SIGSEGV upon ini_set(„opcache.jit_debug“, 1)).
  • OpenSSL:
    • Fixed bug #80368 (OpenSSL extension fails to build against LibreSSL due to lack of OCB support).
  • PDO MySQL:
    • Fixed bug #80458 (PDOStatement::fetchAll() throws for upsert queries).
    • Fixed bug #63185 (nextRowset() ignores MySQL errors with native prepared statements).
    • Fixed bug #78152 (PDO::exec() – Bad error handling with multiple commands).
    • Fixed bug #66878 (Multiple rowsets not returned unless PDO statement object is unset()).
    • Fixed bug #70066 (Unexpected „Cannot execute queries while other unbuffered queries“).
    • Fixed bug #71145 (Multiple statements in init command triggers unbuffered query error).
    • Fixed bug #76815 (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL).
    • Fixed bug #79872 (Can’t execute query with pending result sets).
    • Fixed bug #79131 (PDO does not throw an exception when parameter values are missing).
    • Fixed bug #72368 (PdoStatement->execute() fails but does not throw an exception).
    • Fixed bug #62889 (LOAD DATA INFILE broken).
    • Fixed bug #67004 (Executing PDOStatement::fetch() more than once prevents releasing resultset).
    • Fixed bug #79132 (PDO re-uses parameter values from earlier calls to execute()).
  • Phar:
    • Fixed bug #73809 (Phar Zip parse crash – mmap fail).
    • Fixed bug #75102 (`PharData` says invalid checksum for valid tar).
    • Fixed bug #77322 (PharData::addEmptyDir(‚/‘) Possible integer overflow).
  • Phpdbg:
    • Fixed bug #76813 (Access violation near NULL on source operand).
  • SPL:
    • Fixed bug #62004 (SplFileObject: fgets after seek returns wrong line).
  • Standard:
    • Fixed bug #80366 (Return Value of zend_fstat() not Checked).
    • Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)
  • Tidy:
    • Fixed bug #77594 (ob_tidyhandler is never reset).
  • Tokenizer:
    • Fixed bug #80462 (Nullsafe operator tokenize with TOKEN_PARSE flag fails).
  • XML:
    • XmlParser opaque object renamed to XMLParser for consistency with other XML objects.
  • Zlib:
    • Fixed bug #48725 (Support for flushing in zlib stream).

Quelle: PHP: PHP 8 ChangeLog

PHP 7.4.14 Release Notes

  • Core:
    • Fixed bug #74558 (Can’t rebind closure returned by Closure::fromCallable()).
    • Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION).
    • Fixed bug #72964 (White space not unfolded for CC/Bcc headers).
    • Fixed bug #80362 (Running dtrace scripts can cause php to crash).
    • Fixed bug #80393 (Build of PHP extension fails due to configuration gap with libtool).
    • Fixed bug #80402 (configure filtering out -lpthread).
    • Fixed bug #77069 (stream filter loses final block of data).
  • Fileinfo:
    • Fixed bug #77961 (finfo_open crafted magic parsing SIGABRT).
  • FPM:
    • Fixed bug #69625 (FPM returns 200 status on request without SCRIPT_FILENAME env).
  • Intl:
    • Fixed bug #80425 (MessageFormatAdapter::getArgTypeList redefined).
  • OpenSSL:
    • Fixed bug #80368 (OpenSSL extension fails to build against LibreSSL due to lack of OCB support).
  • Phar:
    • Fixed bug #73809 (Phar Zip parse crash – mmap fail).
    • Fixed bug #75102 (`PharData` says invalid checksum for valid tar).
    • Fixed bug #77322 (PharData::addEmptyDir(‚/‘) Possible integer overflow).
  • PDO MySQL:
    • Fixed bug #80458 (PDOStatement::fetchAll() throws for upsert queries).
    • Fixed bug #63185 (nextRowset() ignores MySQL errors with native prepared statements).
    • Fixed bug #78152 (PDO::exec() – Bad error handling with multiple commands).
    • Fixed bug #70066 (Unexpected „Cannot execute queries while other unbuffered queries“).
    • Fixed bug #71145 (Multiple statements in init command triggers unbuffered query error).
    • Fixed bug #76815 (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL).
  • Standard:
    • Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)
    • Fixed bug #80366 (Return Value of zend_fstat() not Checked).
    • Fixed bug #80411 (References to null-serialized object break serialize()).
  • Tidy:
    • Fixed bug #77594 (ob_tidyhandler is never reset).
  • Zlib:
    • Fixed #48725 (Support for flushing in zlib stream).

Quelle: PHP: PHP 7 ChangeLog

PHP 7.3.26 Release Notes

Standard:

  • Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)
  • Fixed bug #80457 (stream_get_contents() fails with maxlength=-1 or default).

Quelle: PHP: PHP 7 ChangeLog

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert