Sat. May 30th, 2020

PHP 7.2.31, 7.3.18 & 7.4.8 released: fix security & bugs

2 min read
PHP is a general-purpose open-source scripting language. The grammar absorbs the characteristics of C language, Java, and Perl is conducive to learning and is widely used, mainly for the field of Web development. PHP’s unique syntax mixes C, Java, Perl, and PHP’s native syntax. It can execute dynamic web pages faster than CGI or Perl. Dynamic pages made with PHP compared to other programming languages, PHP embeds programs into HTML (an application under the standard universal markup language) document, which is much more efficient than CGI that entirely generates HTML markup. PHP can also execute compiled code, compile to achieve encryption and optimize code execution, making the code run faster.

PHP 7.3

Changelog

v7.2.31

Core:

  • Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)
  • Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)

v7.3.18

  • Core:
    • Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)
    • Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)
    • Fixed bug #79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference on !CS constant).
    • Fixed bug #79477 (casting object into array creates references).
    • Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
    • Fixed bug #78784 (Unable to interact with files inside a VFS for Git repository).
  • DOM:
    • Fixed bug #78221 (DOMNode::normalize() doesn’t remove empty text nodes).
  • FCGI:
    • Fixed bug #79491 (Search for .user.ini extends up to root dir).
  • MBString:
    • Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
  • OpenSSL:
    • Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes with <1s timeout).
  • Phar:
    • Fixed bug #79503 (Memory leak on duplicate metadata).
  • SimpleXML:
    • Fixed bug #79528 (Different object of the same xml between 7.4.5 and 7.4.4).
  • Standard:
    • Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).

v7.4.6

  • Core:
    • Fixed bug #78434 (Generator yields no items after valid() call).
    • Fixed bug #79477 (casting object into array creates references).
    • Fixed bug #79514 (Memory leaks while including unexistent file).
    • Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
    • Fixed bug #78784 (Unable to interact with files inside a VFS for Git repository).
    • Fixed bug #78875 (Long variables cause OOM and temp files are not cleaned).
    • Fixed bug #78876 (Long variables cause OOM and temp files are not cleaned).
  • DOM:
    • Fixed bug #78221 (DOMNode::normalize() doesn’t remove empty text nodes).
  • EXIF:
    • Fixed bug #79336 (ext/exif/tests/bug79046.phpt fails on Big endian arch).
  • FCGI:
    • Fixed bug #79491 (Search for .user.ini extends up to root dir).
  • MBString:
    • Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
  • OpenSSL:
    • Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes with <1s timeout).
  • PCRE:
    • Upgraded to PCRE2 10.34.
  • Phar:
    • Fixed bug #79503 (Memory leak on duplicate metadata).
  • SimpleXML:
    • Fixed bug #79528 (Different object of the same xml between 7.4.5 and 7.4.4).
  • SPL:
    • Fixed bug #69264 (__debugInfo() ignored while extending SPL classes).
    • Fixed bug #67369 (ArrayObject serialization drops the iterator class).
  • Standard:
    • Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).
    • Fixed bug #79447 (Serializing uninitialized typed properties with __sleep should not throw).

Download