PHP 7.4.32 – 8.0.24 – 8.1.11 Security und Bugfix Release

Die Entwickler von PHP, haben vor wenigen Tagen die Security und Bugfix Release der PHP Versionen 8.1.11, 8.0.24 und 7.4.32 veröffentlicht.

PHP 8.1.11 Release Notes

• Core:
  • Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)
  • Fixed bug #81727: Don’t mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)
  • Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)
  • Fixed bug GH-9361 (Segmentation fault on script exit #9379).
  • Fixed bug GH-9447 (Invalid class FQN emitted by AST dump for new and class constants in constant expressions).
• DOM:
  • Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free).
• FPM:
  • Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload).
  • Fixed bug #77780 („Headers already sent…“ when previous connection was aborted).
• GMP:
  • Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()).
• Intl:
  • Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter).
• PCRE:
  • Fixed pcre.jit on Apple Silicon.
• PDO_PGSQL:
  • Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed).
• Reflection:
  • Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure).
• Streams:
  • Fixed bug GH-9316 ($http_response_header is wrong for long status line).

Quelle: PHP: PHP 8 ChangeLog

PHP 8.0.24 Release Notes

• Core:
  • Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)
  • Fixed bug GH-9361 (Segmentation fault on script exit #9379).
  • Fixed bug GH-9407 (LSP error in eval’d code refers to wrong class for static type).
  • Fixed bug #81727: Don’t mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)
• DOM:
  • Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free).
• FPM:
  • Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload).
  • Fixed bug #77780 („Headers already sent…“ when previous connection was aborted).
• GMP:
  • Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()).
• Intl:
  • Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter).
• Phar:
  • Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)
• PDO_PGSQL:
  • Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed).
• Reflection:
  • Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure).
  • Fixed bug GH-9409 (Private method is incorrectly dumped as „overwrites“).
• Streams:
  • Fixed bug GH-9316 ($http_response_header is wrong for long status line).

Quelle: PHP: PHP 8 ChangeLog

PHP 7.4.32 Release Notes

• Core:
  • Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)
  • Fixed bug #81727: Don’t mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)

Quelle: PHP: PHP 7 ChangeLog