Menü Schließen

PHP Security und Bugfix Release 7.2.34 – 7.3.23 und 7.4.11

PHP Logo

Das PHP Entwicklerteam hat vor kurzem Updates für die PHP Zweige 7.2, 7.3 und 7.4 veröffentlicht. Dies sind Sicherheitsupdates mit einigen Bugfixes.

PHP 7.4.11 Release Notes

  • Core:
    • Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)
    • Fixed bug #79979 (passing value to by-ref param via CUFA crashes).
    • Fixed bug #80037 (Typed property must not be accessed before initialization when __get() declared).
    • Fixed bug #80048 (Bug #69100 has not been fixed for Windows).
    • Fixed bug #80049 (Memleak when coercing integers to string via variadic argument).
  • Calendar:
    • Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
  • COM:
    • Fixed bug #64130 (COM obj parameters passed by reference are not updated).
  • OPcache:
    • Fixed bug #80002 (calc free space for new interned string is wrong).
    • Fixed bug #80046 (FREE for SWITCH_STRING optimized away).
    • Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode handlers changed).
  • OpenSSL:
    • Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)
  • PDO:
    • Fixed bug #80027 (Terrible performance using $query->fetch on queries with many bind parameters).
  • SOAP:
    • Fixed bug #47021 (SoapClient stumbles over WSDL delivered with „Transfer-Encoding: chunked“).
  • Standard:
    • Fixed bug #79986 (str_ireplace bug with diacritics characters).
    • Fixed bug #80077 (getmxrr test bug).
    • Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
    • Fixed bug #80067 (Omitting the port in bindto setting errors).

Quelle: https://www.php.net/ChangeLog-7.php#7.4.11

PHP 7.3.23 Release Notes

  • Core:
    • Fixed bug #80048 (Bug #69100 has not been fixed for Windows).
    • Fixed bug #80049 (Memleak when coercing integers to string via variadic argument).
    • Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)
  • Calendar:
    • Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
  • COM:
    • Fixed bug #64130 (COM obj parameters passed by reference are not updated).
  • OPcache:
    • Fixed bug #80002 (calc free space for new interned string is wrong).
    • Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode handlers changed).
  • OpenSSL:
    • Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)
  • PDO:
    • Fixed bug #80027 (Terrible performance using $query->fetch on queries with many bind parameters).
  • SOAP:
    • Fixed bug #47021 (SoapClient stumbles over WSDL delivered with „Transfer-Encoding: chunked“).
  • Standard:
    • Fixed bug #79986 (str_ireplace bug with diacritics characters).
    • Fixed bug #80077 (getmxrr test bug).
    • Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
    • Fixed bug #80067 (Omitting the port in bindto setting errors).

Quelle: https://www.php.net/ChangeLog-7.php#7.3.23

PHP 7.2.34 Release Notes

  • Core:
    • Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)
  • OpenSSL:
    • Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)

Quelle: https://www.php.net/ChangeLog-7.php#7.2.34

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert