forked from php/web-php
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog-7.php
10657 lines (10314 loc) · 426 KB
/
ChangeLog-7.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?php
$_SERVER['BASE_PAGE'] = 'ChangeLog-7.php';
include_once __DIR__ . '/include/prepend.inc';
include_once __DIR__ . '/include/changelogs.inc';
$MINOR_VERSIONS = ['7.4', '7.3', '7.2', '7.1', '7.0'];
changelog_header(7, $MINOR_VERSIONS);
?>
<a id="PHP_7_4"></a>
<section class="version" id="7.4.33"><!-- {{{ 7.4.33 -->
<h3>Version 7.4.33</h3>
<b><?php release_date('03-Nov-2022'); ?></b>
<ul><li>GD:
<ul>
<li><?php bugfix(81739); ?>: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)</li>
</ul></li>
<li>Hash:
<ul>
<li><?php bugfix(81738); ?>: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.32"><!-- {{{ 7.4.32 -->
<h3>Version 7.4.32</h3>
<b><?php release_date('29-Sep-2022'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(81726); ?>: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)</li>
<li><?php bugfix(81727); ?>: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.30"><!-- {{{ 7.4.30 -->
<h3>Version 7.4.30</h3>
<b><?php release_date('09-Jun-2022'); ?></b>
<ul><li>mysqlnd:
<ul>
<li><?php bugfix(81719); ?>: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)</li>
</ul></li>
<li>pgsql:
<ul>
<li><?php bugfix(81720); ?>: Uninitialized array in pg_query_params(). (CVE-2022-31625)</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.29"><!-- {{{ 7.4.29 -->
<h3>Version 7.4.29</h3>
<b><?php release_date('14-Apr-2022'); ?></b>
<ul><li>Core:
<ul>
<li>No source changes to this release. This update allows for re-building the
Windows binaries against upgraded dependencies which have received security
updates.</li>
</ul></li>
<li>Date:
<ul>
<li>Updated to latest IANA timezone database (2022a).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.28"><!-- {{{ 7.4.28 -->
<h3>Version 7.4.28</h3>
<b><?php release_date('17-Feb-2022'); ?></b>
<ul><li>Filter:
<ul>
<li>Fix #81708: UAF due to php_filter_float() failing for ints (CVE-2021-21708)</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.27"><!-- {{{ 7.4.27 -->
<h3>Version 7.4.27</h3>
<b><?php release_date('16-Dec-2021'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(81626); ?> (Error on use static:: in __сallStatic() wrapped to Closure::fromCallable()).</li>
</ul></li>
<li>FPM:
<ul>
<li><?php bugfix(81513); ?> (Future possibility for heap overflow in FPM zlog).</li>
</ul></li>
<li>GD:
<ul>
<li><?php bugfix(71316); ?> (libpng warning from imagecreatefromstring).</li>
</ul></li>
<li>OpenSSL:
<ul>
<li><?php bugfix(75725); ?> (./configure: detecting RAND_egd).</li>
</ul></li>
<li>PCRE:
<ul>
<li><?php bugfix(74604); ?> (Out of bounds in php_pcre_replace_impl).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(81618); ?> (dns_get_record fails on FreeBSD for missing type).</li>
<li><?php bugfix(81659); ?> (stream_get_contents() may unnecessarily overallocate).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.26"><!-- {{{ 7.4.26 -->
<h3>Version 7.4.26</h3>
<b><?php release_date('18-Nov-2021'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(81518); ?> (Header injection via default_mimetype / default_charset).</li>
</ul></li>
<li>Date:
<ul>
<li><?php bugfix(81500); ?> (Interval serialization regression since 7.3.14 / 7.4.2).</li>
</ul></li>
<li>MBString:
<ul>
<li><?php bugfix(76167); ?> (mbstring may use pointer from some previous request).</li>
</ul></li>
<li>MySQLi:
<ul>
<li><?php bugfix(81494); ?> (Stopped unbuffered query does not throw error).</li>
</ul></li>
<li>PCRE:
<ul>
<li><?php bugfix(81424); ?> (PCRE2 10.35 JIT performance regression).</li>
</ul></li>
<li>Streams:
<ul>
<li><?php bugfix(54340); ?> (Memory corruption with user_filter).</li>
</ul></li>
<li>XML:
<ul>
<li><?php bugfix(79971); ?> (special character is breaking the path in xml function). (CVE-2021-21707)</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.25"><!-- {{{ 7.4.25 -->
<h3>Version 7.4.25</h3>
<b><?php release_date('21-Oct-2021'); ?></b>
<ul><li>DOM:
<ul>
<li><?php bugfix(81433); ?> (DOMElement::setIdAttribute() called twice may remove ID).</li>
</ul></li>
<li>FFI:
<ul>
<li><?php bugfix(79576); ?> ("TYPE *" shows unhelpful message when type is not defined).</li>
</ul></li>
<li>Fileinfo:
<ul>
<li><?php bugfix(78987); ?> (High memory usage during encoding detection).</li>
</ul></li>
<li>Filter:
<ul>
<li><?php bugfix(61700); ?> (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).</li>
</ul></li>
<li>FPM:
<ul>
<li><?php bugfix(81026); ?> (PHP-FPM oob R/W in root process leading to privilege escalation) (CVE-2021-21703).</li>
</ul></li>
<li>SPL:
<ul>
<li><?php bugfix(80663); ?> (Recursive SplFixedArray::setSize() may cause double-free).</li>
</ul></li>
<li>Streams:
<ul>
<li><?php bugfix(81475); ?> (stream_isatty emits warning with attached stream wrapper).</li>
</ul></li>
<li>XML:
<ul>
<li><?php bugfix(70962); ?> (XML_OPTION_SKIP_WHITE strips embedded whitespace).</li>
</ul></li>
<li>Zip:
<ul>
<li><?php bugfix(81490); ?> (ZipArchive::extractTo() may leak memory).</li>
<li><?php bugfix(77978); ?> (Dirname ending in colon unzips to wrong dir).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.24"><!-- {{{ 7.4.24 -->
<h3>Version 7.4.24</h3>
<b><?php release_date('23-Sep-2021'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(81302); ?> (Stream position after stream filter removed).</li>
<li><?php bugfix(81346); ?> (Non-seekable streams don't update position after write).</li>
<li><?php bugfix(73122); ?> (Integer Overflow when concatenating strings).</li>
</ul></li>
<li>GD:
<ul>
<li><?php bugfix(53580); ?> (During resize gdImageCopyResampled cause colors change).</li>
</ul></li>
<li>Opcache:
<ul>
<li><?php bugfix(81353); ?> (segfault with preloading and statically bound closure).</li>
</ul></li>
<li>Shmop:
<ul>
<li><?php bugfix(81407); ?> (shmop_open won't attach and causes php to crash).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(71542); ?> (disk_total_space does not work with relative paths).</li>
<li><?php bugfix(81400); ?> (Unterminated string in dns_get_record() results).</li>
</ul></li>
<li>SysVMsg:
<ul>
<li><?php bugfix(78819); ?> (Heap Overflow in msg_send).</li>
</ul></li>
<li>XML:
<ul>
<li><?php bugfix(81351); ?> (xml_parse may fail, but has no error code).</li>
</ul></li>
<li>Zip:
<ul>
<li><?php bugfix(81420); ?> (ZipArchive::extractTo extracts outside of destination). (CVE-2021-21706)</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.23"><!-- {{{ 7.4.23 -->
<h3>Version 7.4.23</h3>
<b><?php release_date('26-Aug-2021'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(72595); ?> (php_output_handler_append illegal write access).</li>
<li><?php bugfix(66719); ?> (Weird behaviour when using get_called_class() with call_user_func()).</li>
<li><?php bugfix(81305); ?> (Built-in Webserver Drops Requests With "Upgrade" Header).</li>
</ul></li>
<li>BCMath:
<ul>
<li><?php bugfix(78238); ?> (BCMath returns "-0").</li>
</ul></li>
<li>CGI:
<ul>
<li><?php bugfix(80849); ?> (HTTP Status header truncation).</li>
</ul></li>
<li>GD:
<ul>
<li><?php bugfix(51498); ?> (imagefilledellipse does not work for large circles).</li>
</ul></li>
<li>MySQLi:
<ul>
<li><?php bugfix(74544); ?> (Integer overflow in mysqli_real_escape_string()).</li>
</ul></li>
<li>OpenSSL:
<ul>
<li><?php bugfix(81327); ?> (Error build openssl extension on php 7.4.22).</li>
</ul></li>
<li>PDO_ODBC:
<ul>
<li><?php bugfix(81252); ?> (PDO_ODBC doesn't account for SQL_NO_TOTAL).</li>
</ul></li>
<li>Phar:
<ul>
<li><?php bugfix(81211); ?>: Symlinks are followed when creating PHAR archive.(cmb)</li>
</ul></li>
<li>Shmop:
<ul>
<li><?php bugfix(81283); ?> (shmop can't read beyond 2147483647 bytes).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(72146); ?> (Integer overflow on substr_replace).</li>
<li><?php bugfix(81265); ?> (getimagesize returns 0 for 256px ICO images).</li>
<li><?php bugfix(74960); ?> (Heap buffer overflow via str_repeat).</li>
</ul></li>
<li>Streams:
<ul>
<li><?php bugfix(81294); ?> (Segfault when removing a filter).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.22"><!-- {{{ 7.4.22 -->
<h3>Version 7.4.22</h3>
<b><?php release_date('29-Jul-2021'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(81145); ?> (copy() and stream_copy_to_stream() fail for +4GB files).</li>
<li><?php bugfix(81163); ?> (incorrect handling of indirect vars in __sleep).</li>
<li><?php bugfix(80728); ?> (PHP built-in web server resets timeout when it can kill the process).</li>
<li><?php bugfix(73630); ?> (Built-in Webserver - overwrite $_SERVER['request_uri']).</li>
<li><?php bugfix(80173); ?> (Using return value of zend_assign_to_variable() is not safe).</li>
<li><?php bugfix(73226); ?> (--r[fcez] always return zero exit code).</li>
</ul></li>
<li>Intl:
<ul>
<li><?php bugfix(72809); ?> (Locale::lookup() wrong result with canonicalize option).</li>
<li><?php bugfix(68471); ?> (IntlDateFormatter fails for "GMT+00:00" timezone).</li>
<li><?php bugfix(74264); ?> (grapheme_strrpos() broken for negative offsets).</li>
</ul></li>
<li>OpenSSL:
<ul>
<li><?php bugfix(52093); ?> (openssl_csr_sign truncates $serial).</li>
</ul></li>
<li>PCRE:
<ul>
<li><?php bugfix(81101); ?> (PCRE2 10.37 shows unexpected result).</li>
<li><?php bugfix(81243); ?> (Too much memory is allocated for preg_replace()).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(81223); ?> (flock() only locks first byte of file).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.21"><!-- {{{ 7.4.21 -->
<h3>Version 7.4.21</h3>
<b><?php release_date('01-Jul-2021'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(81068); ?> (Double free in realpath_cache_clean()).</li>
<li><?php bugfix(76359); ?> (open_basedir bypass through adding "..").</li>
<li><?php bugfix(81090); ?> (Typed property performance degradation with .= operator).</li>
<li><?php bugfix(81070); ?> (Integer underflow in memory limit comparison).</li>
<li><?php bugfix(81122); ?> (SSRF bypass in FILTER_VALIDATE_URL). (CVE-2021-21705)</li>
</ul></li>
<li>Bzip2:
<ul>
<li><?php bugfix(81092); ?> (fflush before stream_filter_remove corrupts stream).</li>
</ul></li>
<li>OpenSSL:
<ul>
<li><?php bugfix(76694); ?> (native Windows cert verification uses CN as server name).</li>
</ul></li>
<li>PDO_Firebird:
<ul>
<li><?php bugfix(76448); ?> (Stack buffer overflow in firebird_info_cb). (CVE-2021-21704)</li>
<li><?php bugfix(76449); ?> (SIGSEGV in firebird_handle_doer). (CVE-2021-21704)</li>
<li><?php bugfix(76450); ?> (SIGSEGV in firebird_stmt_execute). (CVE-2021-21704)</li>
<li><?php bugfix(76452); ?> (Crash while parsing blob data in firebird_fetch_blob). (CVE-2021-21704)</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(81048); ?> (phpinfo(INFO_VARIABLES) "Array to string conversion").</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.20"><!-- {{{ 7.4.20 -->
<h3>Version 7.4.20</h3>
<b><?php release_date('03-Jun-2021'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(80929); ?> (Method name corruption related to repeated calls to call_user_func_array).</li>
<li><?php bugfix(80960); ?> (opendir() warning wrong info when failed on Windows).</li>
<li><?php bugfix(67792); ?> (HTTP Authorization schemes are treated as case-sensitive).</li>
<li><?php bugfix(80972); ?> (Memory exhaustion on invalid string offset).</li>
</ul></li>
<li>FPM:
<ul>
<li><?php bugfix(65800); ?> (Events port mechanism).</li>
</ul></li>
<li>FTP:
<ul>
<li><?php bugfix(80901); ?> (Info leak in ftp extension).</li>
<li><?php bugfix(79100); ?> (Wrong FTP error messages).</li>
</ul></li>
<li>GD:
<ul>
<li><?php bugfix(81032); ?> (GD install is affected by external libgd installation).</li>
</ul></li>
<li>MBString:
<ul>
<li><?php bugfix(81011); ?> (mb_convert_encoding removes references from arrays).</li>
</ul></li>
<li>ODBC:
<ul>
<li><?php bugfix(80460); ?> (ODBC doesn't account for SQL_NO_TOTAL indicator).</li>
</ul></li>
<li>PDO_MySQL:
<ul>
<li><?php bugfix(81037); ?> (PDO discards error message text from prepared statement).</li>
</ul></li>
<li>PDO_ODBC:
<ul>
<li><?php bugfix(44643); ?> (bound parameters ignore explicit type definitions).</li>
</ul></li>
<li>pgsql:
<ul>
<li>Fixed php_pgsql_fd_cast() wrt. php_stream_can_cast().</li>
</ul></li>
<li>SPL:
<ul>
<li><?php bugfix(80933); ?> (SplFileObject::DROP_NEW_LINE is broken for NUL and CR).</li>
</ul></li>
<li>Opcache:
<ul>
<li><?php bugfix(80900); ?> (switch statement behavior inside function).</li>
<li><?php bugfix(81015); ?> (Opcache optimization assumes wrong part of ternary operator in if-condition).</li>
</ul></li>
<li>XMLReader:
<ul>
<li><?php bugfix(73246); ?> (XMLReader: encoding length not checked).</li>
</ul></li>
<li>Zip:
<ul>
<li><?php bugfix(80863); ?> (ZipArchive::extractTo() ignores references).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.19"><!-- {{{ 7.4.19 -->
<h3>Version 7.4.19</h3>
<b><?php release_date('06-May-2021'); ?></b>
<ul><li>PDO_pgsql:
<ul>
<li>Reverted bug fix for #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.18"><!-- {{{ 7.4.18 -->
<h3>Version 7.4.18</h3>
<b><?php release_date('29-Apr-2021'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(80781); ?> (Error handler that throws ErrorException infinite loop).</li>
<li><?php bugfix(75776); ?> (Flushing streams with compression filter is broken).</li>
</ul></li>
<li>Dba:
<ul>
<li><?php bugfix(80817); ?> (dba_popen() may cause segfault during RSHUTDOWN).</li>
</ul></li>
<li>DOM:
<ul>
<li><?php bugfix(66783); ?> (UAF when appending DOMDocument to element).</li>
</ul></li>
<li>FPM:
<ul>
<li><?php bugfix(80024); ?> (Duplication of info about inherited socket after pool removing).</li>
</ul></li>
<li>FTP:
<ul>
<li><?php bugfix(80880); ?> (SSL_read on shutdown, ftp/proc_open).</li>
</ul></li>
<li>Imap:
<ul>
<li><?php bugfix(80710); ?> (imap_mail_compose() header injection).</li>
</ul></li>
<li>Intl:
<ul>
<li><?php bugfix(80763); ?> (msgfmt_format() does not accept DateTime references).</li>
</ul></li>
<li>LibXML:
<ul>
<li><?php bugfix(51903); ?> (simplexml_load_file() doesn't use HTTP headers).</li>
<li><?php bugfix(73533); ?> (Invalid memory access in php_libxml_xmlCheckUTF8).</li>
</ul></li>
<li>MySQLnd:
<ul>
<li><?php bugfix(80713); ?> (SegFault when disabling ATTR_EMULATE_PREPARES and MySQL 8.0).</li>
<li><?php bugfix(80837); ?> (Calling stmt_store_result after fetch doesn't throw an error).</li>
<li><?php bugfix(78680); ?> (mysqlnd's mysql_clear_password does not transmit null-terminated password).</li>
</ul></li>
<li>Opcache:
<ul>
<li><?php bugfix(80805); ?> (create simple class and get error in opcache.so).</li>
<li><?php bugfix(80950); ?> (Variables become null in if statements).</li>
</ul></li>
<li>Pcntl:
<ul>
<li><?php bugfix(79812); ?> (Potential integer overflow in pcntl_exec()).</li>
</ul></li>
<li>PCRE:
<ul>
<li><?php bugfix(80866); ?> (preg_split ignores limit flag when pattern with \K has 0-width fullstring match).</li>
</ul></li>
<li>PDO_ODBC:
<ul>
<li><?php bugfix(80783); ?> (PDO ODBC truncates BLOB records at every 256th byte).</li>
</ul></li>
<li>PDO_pgsql:
<ul>
<li><?php bugfix(80892); ?> (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).</li>
</ul></li>
<li>phpdbg:
<ul>
<li><?php bugfix(80757); ?> (Exit code is 0 when could not open file).</li>
</ul></li>
<li>Session:
<ul>
<li><?php bugfix(80774); ?> (session_name() problem with backslash).</li>
<li><?php bugfix(80889); ?> (Cannot set save handler when save_handler is invalid).</li>
</ul></li>
<li>SOAP:
<ul>
<li><?php bugfix(69668); ?> (SOAP special XML characters in namespace URIs not encoded).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(78719); ?> (http wrapper silently ignores long Location headers).</li>
<li><?php bugfix(80771); ?> (phpinfo(INFO_CREDITS) displays nothing in CLI).</li>
<li><?php bugfix(80838); ?> (HTTP wrapper waits for HTTP 1 response after HTTP 101).</li>
<li><?php bugfix(80915); ?> (Taking a reference to $_SERVER hides its values from phpinfo()).</li>
<li><?php bugfix(80654); ?> (file_get_contents() maxlen fails above (2**31)-1 bytes).</li>
</ul></li>
<li>MySQLi:
<ul>
<li><?php bugfix(74779); ?> (x() and y() truncating floats to integers).</li>
</ul></li>
<li>OPcache:
<ul>
<li><?php bugfix(80682); ?> (opcache doesn't honour pcre.jit option).</li>
</ul></li>
<li>OpenSSL:
<ul>
<li><?php bugfix(80747); ?> (Providing RSA key size < 512 generates key that crash PHP).</li>
</ul></li>
<li>Phar:
<ul>
<li><?php bugfix(75850); ?> (Unclear error message wrt. __halt_compiler() w/o semicolon) (cmb)</li>
<li><?php bugfix(70091); ?> (Phar does not mark UTF-8 filenames in ZIP archives).</li>
<li><?php bugfix(53467); ?> (Phar cannot compress large archives).</li>
</ul></li>
<li>SPL:
<ul>
<li><?php bugfix(80719); ?> (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault).</li>
</ul></li>
<li>Zip:
<ul>
<li><?php bugfix(80648); ?> (Fix for bug 79296 should be based on runtime version).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.16"><!-- {{{ 7.4.16 -->
<h3>Version 7.4.16</h3>
<b><?php release_date('04-Mar-2021'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(80706); ?> (mail(): Headers after Bcc headers may be ignored).</li>
</ul></li>
<li>MySQLnd:
<ul>
<li><?php bugfix(78680); ?> (mysqlnd's mysql_clear_password does not transmit null-terminated password).</li>
</ul></li>
<li>MySQLi:
<ul>
<li><?php bugfix(74779); ?> (x() and y() truncating floats to integers).</li>
</ul></li>
<li>OPcache:
<ul>
<li><?php bugfix(80682); ?> (opcache doesn't honour pcre.jit option).</li>
</ul></li>
<li>OpenSSL:
<ul>
<li><?php bugfix(80747); ?> (Providing RSA key size < 512 generates key that crash PHP).</li>
</ul></li>
<li>Phar:
<ul>
<li><?php bugfix(75850); ?> (Unclear error message wrt. __halt_compiler() w/o semicolon) (cmb)</li>
<li><?php bugfix(70091); ?> (Phar does not mark UTF-8 filenames in ZIP archives).</li>
<li><?php bugfix(53467); ?> (Phar cannot compress large archives).</li>
</ul></li>
<li>SPL:
<ul>
<li><?php bugfix(80719); ?> (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(80654); ?> (file_get_contents() maxlen fails above (2**31)-1 bytes).</li>
</ul></li>
<li>Zip:
<ul>
<li><?php bugfix(80648); ?> (Fix for bug 79296 should be based on runtime version).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.15"><!-- {{{ 7.4.15 -->
<h3>Version 7.4.15</h3>
<b><?php release_date('04-Feb-2021'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(80523); ?> (bogus parse error on >4GB source code).</li>
<li><?php bugfix(80384); ?> (filter buffers entire read until file closed).</li>
</ul></li>
<li>Curl:
<ul>
<li><?php bugfix(80595); ?> (Resetting POSTFIELDS to empty array breaks request).</li>
</ul></li>
<li>Date:
<ul>
<li><?php bugfix(80376); ?> (last day of the month causes runway cpu usage.</li>
</ul></li>
<li>MySQLi:
<ul>
<li><?php bugfix(67983); ?> (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to interpret bit columns).</li>
<li><?php bugfix(64638); ?> (Fetching resultsets from stored procedure with cursor fails).</li>
<li><?php bugfix(72862); ?> (segfault using prepared statements on stored procedures that use a cursor).</li>
<li><?php bugfix(77935); ?> (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP with a cursor).</li>
</ul></li>
<li>Phar:
<ul>
<li><?php bugfix(77565); ?> (Incorrect locator detection in ZIP-based phars).</li>
<li><?php bugfix(69279); ?> (Compressed ZIP Phar extractTo() creates garbage files).</li>
</ul></li>
<li>SOAP:
<ul>
<li><?php bugfix(80672); ?> (Null Dereference in SoapClient). (CVE-2021-21702)</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.14"><!-- {{{ 7.4.14 -->
<h3>Version 7.4.14</h3>
<b><?php release_date('07-Jan-2021'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(74558); ?> (Can't rebind closure returned by Closure::fromCallable()).</li>
<li><?php bugfix(80345); ?> (PHPIZE configuration has outdated PHP_RELEASE_VERSION).</li>
<li><?php bugfix(72964); ?> (White space not unfolded for CC/Bcc headers).</li>
<li><?php bugfix(80362); ?> (Running dtrace scripts can cause php to crash).</li>
<li><?php bugfix(80393); ?> (Build of PHP extension fails due to configuration gap with libtool).</li>
<li><?php bugfix(80402); ?> (configure filtering out -lpthread).</li>
<li><?php bugfix(77069); ?> (stream filter loses final block of data).</li>
</ul></li>
<li>Fileinfo:
<ul>
<li><?php bugfix(77961); ?> (finfo_open crafted magic parsing SIGABRT).</li>
</ul></li>
<li>FPM:
<ul>
<li><?php bugfix(69625); ?> (FPM returns 200 status on request without SCRIPT_FILENAME env).</li>
</ul></li>
<li>Intl:
<ul>
<li><?php bugfix(80425); ?> (MessageFormatAdapter::getArgTypeList redefined).</li>
</ul></li>
<li>OpenSSL:
<ul>
<li><?php bugfix(80368); ?> (OpenSSL extension fails to build against LibreSSL due to lack of OCB support).</li>
</ul></li>
<li>Phar:
<ul>
<li><?php bugfix(73809); ?> (Phar Zip parse crash - mmap fail).</li>
<li><?php bugfix(75102); ?> (`PharData` says invalid checksum for valid tar).</li>
<li><?php bugfix(77322); ?> (PharData::addEmptyDir('/') Possible integer overflow).</li>
</ul></li>
<li>PDO MySQL:
<ul>
<li><?php bugfix(80458); ?> (PDOStatement::fetchAll() throws for upsert queries).</li>
<li><?php bugfix(63185); ?> (nextRowset() ignores MySQL errors with native prepared statements).</li>
<li><?php bugfix(78152); ?> (PDO::exec() - Bad error handling with multiple commands).</li>
<li><?php bugfix(70066); ?> (Unexpected "Cannot execute queries while other unbuffered queries").</li>
<li><?php bugfix(71145); ?> (Multiple statements in init command triggers unbuffered query error).</li>
<li><?php bugfix(76815); ?> (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(77423); ?> (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)</li>
<li><?php bugfix(80366); ?> (Return Value of zend_fstat() not Checked).</li>
<li><?php bugfix(80411); ?> (References to null-serialized object break serialize()).</li>
</ul></li>
<li>Tidy:
<ul>
<li><?php bugfix(77594); ?> (ob_tidyhandler is never reset).</li>
</ul></li>
<li>Zlib:
<ul>
<li><?php bugfix(48725); ?> (Support for flushing in zlib stream).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.13"><!-- {{{ 7.4.13 -->
<h3>Version 7.4.13</h3>
<b><?php release_date('26-Nov-2020'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(80280); ?> (ADD_EXTENSION_DEP() fails for ext/standard and ext/date).</li>
<li><?php bugfix(80258); ?> (Windows Deduplication Enabled, randon permission errors).</li>
</ul></li>
<li>COM:
<ul>
<li><?php bugfix(62474); ?> (com_event_sink crashes on certain arguments).</li>
</ul></li>
<li>DOM:
<ul>
<li><?php bugfix(80268); ?> (loadHTML() truncates at NUL bytes).</li>
</ul></li>
<li>FFI:
<ul>
<li><?php bugfix(79177); ?> (FFI doesn't handle well PHP exceptions within callback).</li>
</ul></li>
<li>IMAP:
<ul>
<li><?php bugfix(64076); ?> (imap_sort() does not return FALSE on failure).</li>
<li><?php bugfix(76618); ?> (segfault on imap_reopen).</li>
<li><?php bugfix(80239); ?> (imap_rfc822_write_address() leaks memory).</li>
<li>Fixed minor regression caused by fixing bug <?php bugl(80220); ?>.</li>
<li><?php bugfix(80242); ?> (imap_mail_compose() segfaults for multipart with rfc822).</li>
</ul></li>
<li>MySQLi:
<ul>
<li><?php bugfix(79375); ?> (mysqli_store_result does not report error from lock wait timeout).</li>
<li><?php bugfix(76525); ?> (mysqli::commit does not throw if MYSQLI_REPORT_ERROR enabled and mysqlnd used).</li>
<li><?php bugfix(72413); ?> (mysqlnd segfault (fetch_row second parameter typemismatch)).</li>
</ul></li>
<li>ODBC:
<ul>
<li><?php bugfix(44618); ?> (Fetching may rely on uninitialized data).</li>
</ul></li>
<li>Opcache:
<ul>
<li><?php bugfix(79643); ?> (PHP with Opcache crashes when a file with specific name is included).</li>
<li>Fixed run-time binding of preloaded dynamically declared function.</li>
</ul></li>
<li>OpenSSL:
<ul>
<li><?php bugfix(79983); ?> (openssl_encrypt / openssl_decrypt fail with OCB mode).</li>
</ul></li>
<li>PDO MySQL:
<ul>
<li><?php bugfix(66528); ?> (No PDOException or errorCode if database becomes unavailable before PDO::commit).</li>
<li><?php bugfix(65825); ?> (PDOStatement::fetch() does not throw exception on broken server connection).</li>
</ul></li>
<li>SNMP:
<ul>
<li><?php bugfix(70461); ?> (disable md5 code when it is not supported in net-snmp).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(80266); ?> (parse_url silently drops port number 0).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.12"><!-- {{{ 7.4.12 -->
<h3>Version 7.4.12</h3>
<b><?php release_date('29-Oct-2020'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(80061); ?> (Copying large files may have suboptimal performance).</li>
<li><?php bugfix(79423); ?> (copy command is limited to size of file it can copy).</li>
<li><?php bugfix(80126); ?> (Covariant return types failing compilation).</li>
<li><?php bugfix(80186); ?> (Segfault when iterating over FFI object).</li>
</ul></li>
<li>Calendar:
<ul>
<li><?php bugfix(80185); ?> (jdtounix() fails after 2037).</li>
</ul></li>
<li>IMAP:
<ul>
<li><?php bugfix(80213); ?> (imap_mail_compose() segfaults on certain $bodies).</li>
<li><?php bugfix(80215); ?> (imap_mail_compose() may modify by-val parameters).</li>
<li><?php bugfix(80220); ?> (imap_mail_compose() may leak memory).</li>
<li><?php bugfix(80223); ?> (imap_mail_compose() leaks envelope on malformed bodies).</li>
<li><?php bugfix(80216); ?> (imap_mail_compose() does not validate types/encodings).</li>
<li><?php bugfix(80226); ?> (imap_sort() leaks sortpgm memory).</li>
</ul></li>
<li>MySQLnd:
<ul>
<li><?php bugfix(80115); ?> (mysqlnd.debug doesn't recognize absolute paths with slashes).</li>
<li><?php bugfix(80107); ?> (mysqli_query() fails for ~16 MB long query when compression is enabled).</li>
</ul></li>
<li>ODBC:
<ul>
<li><?php bugfix(78470); ?> (odbc_specialcolumns() no longer accepts $nullable).</li>
<li><?php bugfix(80147); ?> (BINARY strings may not be properly zero-terminated).</li>
<li><?php bugfix(80150); ?> (Failure to fetch error message).</li>
<li><?php bugfix(80152); ?> (odbc_execute() moves internal pointer of $params).</li>
<li><?php bugfix(46050); ?> (odbc_next_result corrupts prepared resource).</li>
</ul></li>
<li>OPcache:
<ul>
<li><?php bugfix(80083); ?> (Optimizer pass 6 removes variables used for ibm_db2 data binding).</li>
<li><?php bugfix(80194); ?> (Assertion failure during block assembly of unreachable free with leading nop).</li>
</ul></li>
<li>PCRE:
<ul>
<li>Updated to PCRE 10.35.</li>
<li><?php bugfix(80118); ?> (Erroneous whitespace match with JIT only).</li>
</ul></li>
<li>PDO_ODBC:
<ul>
<li><?php bugfix(67465); ?> (NULL Pointer dereference in odbc_handle_preparer).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(80114); ?> (parse_url does not accept URLs with port 0).</li>
<li><?php bugfix(76943); ?> (Inconsistent stream_wrapper_restore() errors).</li>
<li><?php bugfix(76735); ?> (Incorrect message in fopen on invalid mode).</li>
</ul></li>
<li>Tidy:
<ul>
<li><?php bugfix(77040); ?> (tidyNode::isHtml() is completely broken).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.11"><!-- {{{ 7.4.11 -->
<h3>Version 7.4.11</h3>
<b><?php release_date('01-Oct-2020'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(79699); ?> (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)</li>
<li><?php bugfix(79979); ?> (passing value to by-ref param via CUFA crashes).</li>
<li><?php bugfix(80037); ?> (Typed property must not be accessed before initialization when __get() declared).</li>
<li><?php bugfix(80048); ?> (Bug <?php bugl(69100); ?> has not been fixed for Windows).</li>
<li><?php bugfix(80049); ?> (Memleak when coercing integers to string via variadic argument).</li>
</ul></li>
<li>Calendar:
<ul>
<li><?php bugfix(80007); ?> (Potential type confusion in unixtojd() parameter parsing).</li>
</ul></li>
<li>COM:
<ul>
<li><?php bugfix(64130); ?> (COM obj parameters passed by reference are not updated).</li>
</ul></li>
<li>OPcache:
<ul>
<li><?php bugfix(80002); ?> (calc free space for new interned string is wrong).</li>
<li><?php bugfix(80046); ?> (FREE for SWITCH_STRING optimized away).</li>
<li><?php bugfix(79825); ?> (opcache.file_cache causes SIGSEGV when custom opcode handlers changed).</li>
</ul></li>
<li>OpenSSL:
<ul>
<li><?php bugfix(79601); ?> (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)</li>
</ul></li>
<li>PDO:
<ul>
<li><?php bugfix(80027); ?> (Terrible performance using $query->fetch on queries with many bind parameters).</li>
</ul></li>
<li>SOAP:
<ul>
<li><?php bugfix(47021); ?> (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(79986); ?> (str_ireplace bug with diacritics characters).</li>
<li><?php bugfix(80077); ?> (getmxrr test bug).</li>
<li><?php bugfix(72941); ?> (Modifying bucket->data by-ref has no effect any longer).</li>
<li><?php bugfix(80067); ?> (Omitting the port in bindto setting errors).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.10"><!-- {{{ 7.4.10 -->
<h3>Version 7.4.10</h3>
<b><?php release_date('03-Sep-2020'); ?></b>
<ul><li>Core:
<ul>
<li><?php bugfix(79884); ?> (PHP_CONFIG_FILE_PATH is meaningless).</li>
<li><?php bugfix(77932); ?> (File extensions are case-sensitive).</li>
<li><?php bugfix(79806); ?> (realpath() erroneously resolves link to link).</li>
<li><?php bugfix(79895); ?> (PHP_CHECK_GCC_ARG does not allow flags with equal sign).</li>
<li><?php bugfix(79919); ?> (Stack use-after-scope in define()).</li>
<li><?php bugfix(79934); ?> (CRLF-only line in heredoc causes parsing error).</li>
<li><?php bugfix(79947); ?> (Memory leak on invalid offset type in compound assignment).</li>
</ul></li>
<li>COM:
<ul>
<li><?php bugfix(48585); ?> (com_load_typelib holds reference, fails on second call).</li>
</ul></li>
<li>Exif:
<ul>
<li><?php bugfix(75785); ?> (Many errors from exif_read_data).</li>
</ul></li>
<li>Gettext:
<ul>
<li><?php bugfix(70574); ?> (Tests fail due to relying on Linux fallback behavior for gettext()).</li>
</ul></li>
<li>LDAP:
<ul>
<li>Fixed memory leaks.</li>
</ul></li>
<li>OPcache:
<ul>
<li><?php bugfix(73060); ?> (php failed with error after temp folder cleaned up).</li>
<li><?php bugfix(79917); ?> (File cache segfault with a static variable in inherited method).</li>
</ul></li>
<li>PDO:
<ul>
<li><?php bugfix(64705); ?> (errorInfo property of PDOException is null when PDO::__construct() fails).</li>
</ul></li>
<li>Session:
<ul>
<li><?php bugfix(79724); ?> (Return type does not match in ext/session/mod_mm.c).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(79930); ?> (array_merge_recursive() crashes when called with array with single reference).</li>
<li><?php bugfix(79944); ?> (getmxrr always returns true on Alpine linux).</li>
<li><?php bugfix(79951); ?> (Memory leak in str_replace of empty string).</li>
</ul></li>
<li>XML:
<ul>
<li><?php bugfix(79922); ?> (Crash after multiple calls to xml_parser_free()).</li>
</ul></li>
</ul>
<!-- }}} --></section>
<section class="version" id="7.4.9"><!-- {{{ 7.4.9 -->
<h3>Version 7.4.9</h3>
<b><?php release_date('06-Aug-2020'); ?></b>
<ul><li>Apache:
<ul>
<li><?php bugfix(79030); ?> (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec).</li>
</ul></li>
<li>COM:
<ul>
<li><?php bugfix(63208); ?> (BSTR to PHP string conversion not binary safe).</li>
<li><?php bugfix(63527); ?> (DCOM does not work with Username, Password parameter).</li>
</ul></li>
<li>Core:
<ul>
<li><?php bugfix(79740); ?> (serialize() and unserialize() methods can not be called statically).</li>
<li><?php bugfix(79783); ?> (Segfault in php_str_replace_common).</li>
<li><?php bugfix(79778); ?> (Assertion failure if dumping closure with unresolved static variable).</li>
<li><?php bugfix(79779); ?> (Assertion failure when assigning property of string offset by reference).</li>
<li><?php bugfix(79792); ?> (HT iterators not removed if empty array is destroyed).</li>
<li><?php bugfix(78598); ?> (Changing array during undef index RW error segfaults).</li>
<li><?php bugfix(79784); ?> (Use after free if changing array during undef var during array write fetch).</li>
<li><?php bugfix(79793); ?> (Use after free if string used in undefined index warning is changed).</li>
<li><?php bugfix(79862); ?> (Public non-static property in child should take priority over private static).</li>
<li><?php bugfix(79877); ?> (getimagesize function silently truncates after a null byte) (cmb)</li>
</ul></li>
<li>Fileinfo:
<ul>
<li><?php bugfix(79756); ?> (finfo_file crash (FILEINFO_MIME)).</li>
</ul></li>
<li>FTP:
<ul>
<li><?php bugfix(55857); ?> (ftp_size on large files).</li>
</ul></li>
<li>Mbstring:
<ul>
<li><?php bugfix(79787); ?> (mb_strimwidth does not trim string).</li>
</ul></li>
<li>Phar:
<ul>
<li><?php bugfix(79797); ?> (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)</li>
</ul></li>
<li>Reflection:
<ul>
<li><?php bugfix(79487); ?> (::getStaticProperties() ignores property modifications).</li>
<li><?php bugfix(69804); ?> (::getStaticPropertyValue() throws on protected props).</li>
<li><?php bugfix(79820); ?> (Use after free when type duplicated into ReflectionProperty gets resolved).</li>
</ul></li>
<li>Standard:
<ul>
<li><?php bugfix(70362); ?> (Can't copy() large 'data://' with open_basedir).</li>
<li><?php bugfix(78008); ?> (dns_check_record() always return true on Alpine).</li>
<li><?php bugfix(79839); ?> (array_walk() does not respect property types).</li>
</ul></li>
</ul>
<!-- }}} --></section>