PHP Securiy Release 7.4.28 – 8.0.16 – 8.1.3 – 8.0.17 – 8.1.4

Das Entwicklerteam von PHP, hat Update für die Hauptzweige7.4, 8.0 und 8.1 veröffentlicht. Alle Updates sind Security Releases und sollten umgehend installiert werden.

PHP 8.1.4 Release Notes

• Core:
  • Fixed Haiku ZTS build.
  • Fixed bug #8059 arginfo not regenerated for extension.
  • Fixed bug #8083 Segfault when dumping uncalled fake closure with static variables.
  • Fixed bug #7958 (Nested CallbackFilterIterator is leaking memory).
  • Fixed bug #8074 (Wrong type inference of range() result).
  • Fixed bug #8140 (Wrong first class callable by name optimization).
  • Fixed bug #8082 (op_arrays with temporary run_time_cache leak memory when observed).
• GD:
  • Fixed libpng warning when loading interlaced images.
• FPM:
  • Fixed bug #76109 (Unsafe access to fpm scoreboard).
• Iconv:
  • Fixed bug #7953 (ob_clean() only does not set Content-Encoding).
  • Fixed bug #7980 (Unexpected result for iconv_mime_decode).
• MBString:
  • Fixed bug #8128 (mb_check_encoding wrong result for 7bit).
• MySQLnd:
  • Fixed bug #8058 (NULL pointer dereference in mysqlnd package).
• Reflection:
  • Fixed bug #8080 (ReflectionClass::getConstants() depends on def. order).
• Zlib:
  • Fixed bug #7953 (ob_clean() only does not set Content-Encoding).

PHP 8.1.3 Release Notes

• Core:
  • Fixed bug #81430 (Attribute instantiation leaves dangling pointer).
  • Fixed bug #7896 (Environment vars may be mangled on Windows).
  • Fixed bug #7883 (Segfault when INI file is not readable).
• FFI:
  • Fixed bug #7867 (FFI::cast() from pointer to array is broken).
• Filter:
  • Fix #81708: UAF due to php_filter_float() failing for ints. (CVE-2021-21708)
• FPM:
  • Fixed memory leak on invalid port.
  • Fixed bug #7842 (Invalid OpenMetrics response format returned by FPM status page.
• MBString:
  • Fixed bug #7902 (mb_send_mail may delimit headers with LF only).
• MySQLnd:
  • Fixed bug #7972 (MariaDB version prefix 5.5.5- is not stripped).
• pcntl:
  • Fixed pcntl_rfork build for DragonFlyBSD.
• Sockets:
  • Fixed bug #7978 (sockets extension compilation errors).
• Standard:
  • Fixed bug #7899 (Regression in unpack for negative int value).
  • Fixed bug #7875 (mails are sent even if failure to log throws exception).

PHP 8.0.17 Release Notes

• Core:
  • Fixed Haiku ZTS build.
• GD:
  • Fixed libpng warning when loading interlaced images.
• FPM:
  • Fixed bug #76109 (Unsafe access to fpm scoreboard).
• Iconv:
  • Fixed bug #7953 (ob_clean() only does not set Content-Encoding).
  • Fixed bug #7980 (Unexpected result for iconv_mime_decode).
• MySQLnd:
  • Fixed bug #8058 (NULL pointer dereference in mysqlnd package).
• OPcache:
  • Fixed bug #8074 (Wrong type inference of range() result).
• Reflection:
  • Fixed bug #8080 (ReflectionClass::getConstants() depends on def. order).
• Zlib:
  • Fixed bug #7953 (ob_clean() only does not set Content-Encoding).

PHP 8.0.16 Release Notes

• Core:
  • Fixed bug #81430 (Attribute instantiation leaves dangling pointer).
  • Fixed bug #7896 (Environment vars may be mangled on Windows).
• FFI:
  • Fixed bug #7867 (FFI::cast() from pointer to array is broken).
• Filter:
  • Fix #81708: UAF due to php_filter_float() failing for ints.
• FPM:
  • Fixed memory leak on invalid port.
• MBString:
  • Fixed bug #7902 (mb_send_mail may delimit headers with LF only).
• MySQLnd:
  • Fixed bug #7972 (MariaDB version prefix 5.5.5- is not stripped).
• Sockets:
  • Fixed ext/sockets build on Haiku.
  • Fixed bug #7978 (sockets extension compilation errors).
• Standard:
  • Fixed bug #7875 (mails are sent even if failure to log throws exception).

PHP 7.4.28 Release Notes

• Filter:
  • Fix #81708: UAF due to php_filter_float() failing for ints (CVE-2021-21708)

Quelle: https://www.php.net/