PHP 7.4.6 – 7.3.18 und 7.2.31 Security und Bugfix Release

Für PHP gab es ein Security und Bugfix Release das umgehend durchgeführt werden sollte.

PHP 7.4.6 Release Notes

• Core:
  • Fixed bug #78434 (Generator yields no items after valid() call).
  • Fixed bug #79477 (casting object into array creates references).
  • Fixed bug #79514 (Memory leaks while including unexistent file).
  • Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
  • Fixed bug #78784 (Unable to interact with files inside a VFS for Git repository).
  • Fixed bug #78875 (Long variables cause OOM and temp files are not cleaned). (CVE-2019-11048).
  • Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048).
• DOM:
  • Fixed bug #78221 (DOMNode::normalize() doesn’t remove empty text nodes).
• EXIF:
  • Fixed bug #79336 (ext/exif/tests/bug79046.phpt fails on Big endian arch).
• FCGI:
  • Fixed bug #79491 (Search for .user.ini extends up to root dir).
• MBString:
  • Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
• OpenSSL:
  • Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes with <1s timeout).
• PCRE:
  • Upgraded to PCRE2 10.34.
• Phar:
  • Fixed bug #79503 (Memory leak on duplicate metadata).
• SimpleXML:
  • Fixed bug #79528 (Different object of the same xml between 7.4.5 and 7.4.4).
• SPL:
  • Fixed bug #69264 (__debugInfo() ignored while extending SPL classes).
  • Fixed bug #67369 (ArrayObject serialization drops the iterator class).
• Standard:
  • Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).
  • Fixed bug #79447 (Serializing uninitialized typed properties with __sleep should not throw).

PHP 7.3.18 Release Notes

• Core:
  • Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)
  • Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)
  • Fixed bug #79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference on !CS constant).
  • Fixed bug #79477 (casting object into array creates references).
  • Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
  • Fixed bug #78784 (Unable to interact with files inside a VFS for Git repository).
• DOM:
  • Fixed bug #78221 (DOMNode::normalize() doesn’t remove empty text nodes).
• FCGI:
  • Fixed bug #79491 (Search for .user.ini extends up to root dir).
• MBString:
  • Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
• OpenSSL:
  • Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes with <1s timeout).
• Phar:
  • Fixed bug #79503 (Memory leak on duplicate metadata).
• SimpleXML:
  • Fixed bug #79528 (Different object of the same xml between 7.4.5 and 7.4.4).
• Standard:
  • Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).

PHP 7.2.31 Release Notes

Core:

• Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)
• Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)