The following new PHP versions has been released: PHP 7.4.3, 7.3.15, 7.2.28, and 5.6.40-10.
PHP 7.4.3
20 Feb 2020, PHP 7.4.3
- Core:
. Fixed bug #79146 (cscript can fail to run on some systems). (clarodeus)
. Fixed bug #79155 (Property nullability lost when using multiple property
definition). (Nikita)
. Fixed bug #78323 (Code 0 is returned on invalid options). (Ivan Mikheykin)
. Fixed bug #78989 (Delayed variance check involving trait segfaults).
(Nikita)
. Fixed bug #79174 (cookie values with spaces fail to round-trip). (cmb)
. Fixed bug #76047 (Use-after-free when accessing already destructed
backtrace arguments). (Nikita)
- COM:
. Fixed bug #79247 (Garbage collecting variant objects segfaults). (cmb)
- CURL:
. Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()).
(cmb)
- FFI:
. Fixed bug #79096 (FFI Struct Segfault). (cmb)
- IMAP:
. Fixed bug #79112 (IMAP extension can't find OpenSSL libraries at configure
time). (Nikita)
-Intl:
. Fixed bug #79212 (NumberFormatter::format() may detect wrong type). (cmb)
- Libxml:
. Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()).
(Nikita, cmb)
- MBString:
. Fixed bug #79149 (SEGV in mb_convert_encoding with non-string encodings).
(cmb)
- MySQLi:
. Fixed bug #78666 (Properties may emit a warning on var_dump()). (kocsismate)
- MySQLnd:
. Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
(cmb)
. Fixed bug #79011 (MySQL caching_sha2_password Access denied for password
with more than 20 chars). (Nikita)
- Opcache:
. Fixed bug #79114 (Eval class during preload causes class to be only half
available). (Laruence)
. Fixed bug #79128 (Preloading segfaults if preload_user is used). (Nikita)
. Fixed bug #79193 (Incorrect type inference for self::$field =& $field).
(Nikita)
- OpenSSL:
. Fixed bug #79145 (openssl memory leak). (cmb, Nikita)
- Phar:
. Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have
all-access permissions). (CVE-2020-7063) (stas)
. Fixed bug #79171 (heap-buffer-overflow in phar_extract_file).
(CVE-2020-7061) (cmb)
. Fixed bug #76584 (PharFileInfo::decompress not working). (cmb)
- Reflection:
. Fixed bug #79115 (ReflectionClass::isCloneable call reflected class
__destruct). (Nikita)
- Session:
. Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress).
(CVE-2020-7062) (stas)
- Standard:
. Fixed bug #78902 (Memory leak when using stream_filter_append). (liudaixiao)
. Fixed bug #78969 (PASSWORD_DEFAULT should match PASSWORD_BCRYPT instead of being null). (kocsismate)
- Testing:
. Fixed bug #78090 (bug45161.phpt takes forever to finish). (cmb)
- XSL:
. Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory). (cmb)
- Zip:
. Add ZipArchive::CM_LZMA2 and ZipArchive::CM_XZ constants (since libzip 1.6.0). (Remi)
. Add ZipArchive::RDONLY (since libzip 1.0.0). (Remi)
. Add ZipArchive::ER_* missing constants. (Remi)
. Add ZipArchive::LIBZIP_VERSION constant. (Remi)
. Fixed bug #73119 (Wrong return for ZipArchive::addEmptyDir Method). (Remi)
Download
PHP 7.3.15
20 Feb 2020, PHP 7.3.15
- Core:
. Fixed bug #71876 (Memory corruption htmlspecialchars(): charset `*' not
supported). (Nikita)
. Fixed bug ##79146 (cscript can fail to run on some systems). (clarodeus)
. Fixed bug #78323 (Code 0 is returned on invalid options). (Ivan Mikheykin)
. Fixed bug #76047 (Use-after-free when accessing already destructed
backtrace arguments). (Nikita)
- CURL:
. Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()).
(cmb)
-Intl:
. Fixed bug #79212 (NumberFormatter::format() may detect wrong type). (cmb)
- Libxml:
. Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()).
(Nikita, cmb)
- MBString:
. Fixed bug #79154 (mb_convert_encoding() can modify $from_encoding). (cmb)
- MySQLnd:
. Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
(cmb)
- OpenSSL:
. Fixed bug #79145 (openssl memory leak). (cmb, Nikita)
- Phar:
. Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have
all-access permissions). (CVE-2020-7063) (stas)
. Fixed bug #79171 (heap-buffer-overflow in phar_extract_file).
(CVE- 2020-7061) (cmb)
. Fixed bug #76584 (PharFileInfo::decompress not working). (cmb)
- Reflection:
. Fixed bug #79115 (ReflectionClass::isCloneable call reflected class
__destruct). (Nikita)
- Session:
. Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress).
(CVE-2020-7062) (stas)
- SPL:
. Fixed bug #79151 (heap use after free caused by
spl_dllist_it_helper_move_forward). (Nikita)
- Standard:
. Fixed bug #78902 (Memory leak when using stream_filter_append). (liudaixiao)
- Testing:
. Fixed bug #78090 (bug45161.phpt takes forever to finish). (cmb)
- XSL:
. Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory). (cmb)
Download
PHP 7.2.28
20 Feb 2020, PHP 7.2.28
- DOM:
. Fixed bug #77569: (Write Access Violation in DomImplementation). (Nikita,
cmb)
- Phar:
. Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have
all-access permissions). (CVE-2020-7063) (stas)
- Session:
. Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress).
(CVE-2020-7062) (stas)
Download
PHP 5.6.40-10
Backported from 7.2.28
- Phar:
. Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have
all-access permissions). (CVE-2020-7063) (stas)
- Session:
. Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress).
(CVE-2020-7062) (stas)
Download
