Menü Schließen

PHP Bugfix 8.0.21 und 8.1.8 Security Release

PHP Logo

Die Entwickler von PHP haben die neuen Versionen 8.0.21 und 8.1.8, als Bugfix bzw. Security Update, veröffentlicht.

PHP 8.1.8 Release Notes

  • Core:
    • Fixed bug #8338 (Intel CET is disabled unintentionally).
    • Fixed leak in Enum::from/tryFrom for internal enums when using JIT
    • Fixed calling internal methods with a static return type from extension code.
    • Fixed bug #8655 (Casting an object to array does not unwrap refcount=1 references).
    • Fixed potential use after free in php_binary_init().
  • CLI:
    • Fixed #8827 (Intentionally closing std handles no longer possible).
  • COM:
    • Fixed bug #8778 (Integer arithmethic with large number variants fails).
  • Curl:
    • Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.
  • Date:
    • Fixed bug #72963 (Null-byte injection in CreateFromFormat and related functions).
    • Fixed bug #74671 (DST timezone abbreviation has incorrect offset).
    • Fixed bug #77243 (Weekdays are calculated incorrectly for negative years).
    • Fixed bug #78139 (timezone_open accepts invalid timezone string argument).
  • Fileinfo:
    • Fixed bug #81723 (Heap buffer overflow in finfo_buffer). (CVE-2022-31627)
  • FPM:
    • Fixed bug #67764 (fpm: syslog.ident don’t work).
  • GD:
    • Fixed imagecreatefromavif() memory leak.
  • MBString:
    • mb_detect_encoding recognizes all letters in Czech alphabet
    • mb_detect_encoding recognizes all letters in Hungarian alphabet
    • Fixed bug #8685 (pcre not ready at mbstring startup).
    • Backwards-compatible mappings for 0x5C/0x7E in Shift-JIS are restored, after they had been changed in 8.1.0.
  • ODBC:
    • Fixed handling of single-key connection strings.
  • OPcache:
    • Fixed bug #8591 (tracing JIT crash after private instance method change).
  • OpenSSL:
    • Fixed bug #50293 (Several openssl functions ignore the VCWD).
    • Fixed bug #81713 (NULL byte injection in several OpenSSL functions working with certificates).
  • PDO_ODBC:
    • Fixed handling of single-key connection strings.
  • SPL:
    • Fixed bug #8563 (Different results for seek() on SplFileObject and SplTempFileObject).
  • Zip:
    • Fixed bug #8781 (ZipArchive::close deletes zip file without updating stat cache).

PHP 8.0.21 Release Notes

  • Core:
    • Fixed potential use after free in php_binary_init().
  • CLI:
    • Fixed #8827 (Intentionally closing std handles no longer possible).
  • COM:
    • Fixed bug #8778 (Integer arithmethic with large number variants fails).
  • Curl:
    • Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.
  • Date:
    • Fixed bug #74671 (DST timezone abbreviation has incorrect offset).
    • Fixed bug #77243 (Weekdays are calculated incorrectly for negative years).
    • Fixed bug #78139 (timezone_open accepts invalid timezone string argument).
  • FPM:
    • Fixed bug #67764 (fpm: syslog.ident don’t work).
  • MBString:
    • Fixed bug #8685 (pcre not ready at mbstring startup).
  • ODBC:
    • Fixed handling of single-key connection strings.
  • OpenSSL:
    • Fixed bug #50293 (Several openssl functions ignore the VCWD).
    • Fixed bug #81713 (NULL byte injection in several OpenSSL functions working with certificates).
  • PDO_ODBC:
    • Fixed errorInfo() result on successful PDOStatement->execute().
    • Fixed handling of single-key connection strings.
  • Zip:
    • Fixed bug #8781 (ZipArchive::close deletes zip file without updating stat cache).

Quelle. https://www.php.net

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert