PHP 8.3.21 released

Software 43273 Published by

Eric Mann has announced the release of PHP 8.3.21, which addresses multiple issues, including IPv6 filter integer overflow, GD overflow, LDAP overriding, libxml errors, OpenSSL memory leaks, PDO Firebird persistent connection problems, SPL memory mismanagement, standard bugs, and Zip-related issues.

The updates address several issues, including crashes in php_clear_stat_cache() related to php8ts, a use-after-free vulnerability in extract(), problems with fseek using SEEK_CUR, a resource leak in iptcembed(), and Zip-related issues with uouv and memory leaks.





PHP 8.3.21 

- Core:
. Fixed bug GH-18304 (Changing the properties of a DateInterval through
dynamic properties triggers a SegFault). (nielsdos)
. Fix some leaks in php_scandir. (nielsdos)

- Filter:
. Fixed bug GH-18309 (ipv6 filter integer overflow). (nielsdos)

- GD:
. Fixed imagecrop() overflow with rect argument with x/width y/heigh usage
in gdImageCrop(). (David Carlier)
. Fixed GH-18243 imagettftext() overflow/underflow on font size value.
(David Carlier)

- Intl:
. Fix reference support for intltz_get_offset(). (nielsdos)

- LDAP:
. Fixed bug GH-17776 (LDAP_OPT_X_TLS_* options can't be overridden). (Remi)
. Fix NULL deref on high modification key. (nielsdos)

- libxml:
. Fixed custom external entity loader returning an invalid resource leading
to a confusing TypeError message. (Girgias)

- OpenSSL:
. Fix memory leak in openssl_sign() when passing invalid algorithm.
(nielsdos)
. Fix potential leaks when writing to BIO fails. (nielsdos)

- PDO Firebird:
. Fixed GH-18276 - persistent connection - "zend_mm_heap corrupted"
with setAttribute() (SakiTakamachi).

- SPL:
. Fixed bug GH-18322 (SplObjectStorage debug handler mismanages memory).
(nielsdos)

- Standard:
. Fixed bug GH-18145 (php8ts crashes in php_clear_stat_cache()).
(Jakub Zelenka)
. Fixed bug GH-18209 (Use-after-free in extract() with EXTR_REFS). (ilutov)
. Fixed bug GH-18212 (fseek with SEEK_CUR whence value and negative offset
leads to negative stream position). (David Carlier)
. Fix resource leak in iptcembed() on error. (nielsdos)

- Zip:
. Fix uouv when handling empty options in ZipArchive::addGlob(). (nielsdos)
. Fix memory leak when handling a too long path in ZipArchive::addGlob().
(nielsdos)

Release php-8.3.21 · php/php-src

Crapfixer 0.40 released

Node v24.0.0 released

Windows

Linux

macOS

Community

  • Artsyl
    Artsyl Technologies has announced the latest version of ...
  • Artsyl
    ONTARIO, CANADA – May 13, 2025 — Artsyl Technologies, a ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...