PHP 7.4.21 and 7.3.29 released

Software 42346 Published 2021-06-29 15:46 by Philipp Esselbach

News

Both PHP 7.4.21 and 7.3.29 are now available from GitHub.

PHP 7.4.21
- Core:
. Fixed bug #81068 (Double free in realpath_cache_clean()). (Dimitry Andric)
. Fixed bug #76359 (open_basedir bypass through adding ".."). (cmb)
. Fixed bug #81090 (Typed property performance degradation with .= operator).
(Nikita)
. Fixed bug #81070 (Integer underflow in memory limit comparison).
(Peter van Dommelen)
. Fixed bug #81122 (SSRF bypass in FILTER_VALIDATE_URL).
(CVE-2021-21705) (cmb)

- Bzip2:
. Fixed bug #81092 (fflush before stream_filter_remove corrupts stream).
(cmb)

- OpenSSL:
. Fixed bug #76694 (native Windows cert verification uses CN as sever name).
(cmb)

- PDO_Firebird:
. Fixed bug #76448 (Stack buffer overflow in firebird_info_cb).
(CVE-2021-21704) (cmb)
. Fixed bug #76449 (SIGSEGV in firebird_handle_doer).
(CVE-2021-21704) (cmb)
. Fixed bug #76450 (SIGSEGV in firebird_stmt_execute).
(CVE-2021-21704) (cmb)
. Fixed bug #76452 (Crash while parsing blob data in firebird_fetch_blob).
(CVE-2021-21704) (cmb)

- Standard:
. Fixed bug #81048 (phpinfo(INFO_VARIABLES) "Array to string conversion").
(cmb)

Download PHP 7.4.21

PHP 7.3.29
- Core:
. Fixed bug #81122: SSRF bypass in FILTER_VALIDATE_URL. (CVE-2021-21705) (cmb)

- PDO_Firebird:
. Fixed bug #76448: Stack buffer overflow in firebird_info_cb.
(CVE-2021-21704) (cmb)
. Fixed bug #76449: SIGSEGV in firebird_handle_doer. (CVE-2021-21704) (cmb)
. Fixed bug #76450: SIGSEGV in firebird_stmt_execute. (CVE-2021-21704) (cmb)
. Fixed bug #76452: Crash while parsing blob data in firebird_fetch_blob.
(CVE-2021-21704) (cmb)

Download PHP 7.3.29

Optimizer 9.3 released and more

AMD Radeon Software Adrenalin 21.6.2 released

PHP 7.4.21 and 7.3.29 released

PHP 7.4.21

PHP 7.3.29

Windows

Linux

macOS

Community