PHP – Version 7.0.12 veröffentlicht

Die Entwickler der Open-Source Skriptsprache PHP, haben die neuste Version 7.0.12 am 13.10.2016 veröffentlicht. Diese behebt ca. 52 Fehler und steht ab sofort zur Installation bereit.

PHP Version 7.0.12 Release Notes

• Core:
  • Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c).
  • Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by password_verify).
  • Fixed bug #73058 (crypt broken when salt is ‚too‘ long).
  • Fixed bug #69579 (Invalid free in extension trait).
  • Fixed bug #73156 (segfault on undefined function).
  • Fixed bug #73163 (PHP hangs if error handler throws while accessing undef const in default value).
  • Fixed bug #73172 (parse error: Invalid numeric literal).
  • Fixed bug #73240 (Write out of bounds at number_format).
  • Fixed bug #73147 (Use After Free in PHP7 unserialize()).
  • Fixed bug #73189 (Memcpy negative size parameter php_resolve_path).
• BCmath:
  • Fixed bug #73190 (memcpy negative parameter _bc_new_num_ex).
• COM:
  • Fixed bug #73126 (Cannot pass parameter 1 by reference).
• Date:
  • Fixed bug #73091 (Unserializing DateInterval object may lead to __toString invocation).
• DOM:
  • Fixed bug #73150 (missing NULL check in dom_document_save_html).
• Filter:
  • Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE).
  • Fixed bug #73054 (default option ignored when object passed to int filter).
• GD:
  • Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette).
  • Fixed bug #50194 (imagettftext broken on transparent background w/o alphablending).
  • Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c).
  • Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box).
  • Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given).
  • Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries).
  • Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted files).
  • Fixed bug #73161 (imagecreatefromgd2() may leak memory).
• Intl:
  • Fixed bug #73218 (add mitigation for ICU int overflow).
• Mbstring:
  • Fixed bug #66797 (mb_substr only takes 32-bit signed integer).
  • Fixed bug #66964 (mb_convert_variables() cannot detect recursion).
  • Fixed bug #72992 (mbstring.internal_encoding doesn’t inherit default_charset).
• Mysqlnd:
  • Fixed bug #72489 (PHP Crashes When Modifying Array Containing MySQLi Result Data).
• Opcache:
  • Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp() function).
• OpenSSL:
  • Fixed bug #73072 (Invalid path SNI_server_certs causes segfault).
  • Fixed bug #73276 (crash in openssl_random_pseudo_bytes function).
  • Fixed bug #73275 (crash in openssl_encrypt function).
• PCRE:
  • Fixed bug #73121 (Bundled PCRE doesn’t compile because JIT isn’t supported on s390).
  • Fixed bug #73174 (heap overflow in php_pcre_replace_impl).
• PDO_DBlib:
  • Fixed bug #72414 (Never quote values as raw binary data).
  • Allow \PDO::setAttribute() to set query timeouts.
  • Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions.
  • Add common PDO test suite.
  • Free error and message strings when cleaning up PDO instances.
  • Fixed bug #67130 (\PDOStatement::nextRowset() should succeed when all rows in current rowset haven’t been fetched).
  • Ignore potentially misleading dberr values.
• phpdbg:
  • Fixed bug #72996 (phpdbg_prompt.c undefined reference to DL_LOAD).
  • Fixed next command not stopping when leaving function.
• Session:
  • Fixed bug #68015 (Session does not report invalid uid for files save handler).
  • Fixed bug #73100 (session_destroy null dereference in ps_files_path_create).
• SimpleXML:
  • Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()).
• SOAP:
  • Fixed bug #71711 (Soap Server Member variables reference bug).
  • Fixed bug #71996 (Using references in arrays doesn’t work like expected).
• SPL:
  • Fixed bug #73257, Fixed bug #73258 (SplObjectStorage unserialize allows use of non-object as key).
• SQLite3:
  • Updated bundled SQLite3 to 3.14.2.
• Zip:
  • Fixed bug #70752 (Depacking with wrong password leaves 0 length files).

Quelle: https://secure.php.net/ChangeLog-7.php#7.0.12

JARVIS

Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.