Sat. Nov 16th, 2019

PHP 7.1.33, 7.3.11 & 7.2.24 released: fix bugs

2 min read
PHP is a general-purpose open-source scripting language. The grammar absorbs the characteristics of C language, Java, and Perl is conducive to learning and is widely used, mainly for the field of Web development. PHP’s unique syntax mixes C, Java, Perl, and PHP’s native syntax. It can execute dynamic web pages faster than CGI or Perl. Dynamic pages made with PHP compared to other programming languages, PHP embeds programs into HTML (an application under the standard universal markup language) document, which is much more efficient than CGI that entirely generates HTML markup. PHP can also execute compiled code, compile to achieve encryption and optimize code execution, making the code run faster.

PHP 7.3

Changelog

v7.1.33

FPM:

  • Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)

v7.2.24

  • Core:
    • Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
    • Fixed bug #78620 (Out of memory error).
  • Exif:
    • Fixed bug #78442 (‘Illegal component’ on exif_read_data since PHP7) (Kalle)
  • FPM:
    • Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)
  • MBString:
    • Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
    • Fixed bug #78609 (mb_check_encoding() no longer supports stringable objects).
  • MySQLi:
    • Fixed bug #76809 (SSL settings aren’t respected when persistent connections are used).
  • PDO_MySQL:
    • Fixed bug #78623 (Regression caused by “SP call yields additional empty result set”).
  • Session:
    • Fixed bug #78624 (session_gc return value for user defined session handlers).
  • Standard:
    • Fixed bug #76342 (file_get_contents waits twice specified timeout).
    • Fixed bug #78612 (strtr leaks memory when integer keys are used and the subject string shorter).
    • Fixed bug #76859 (stream_get_line skips data if used with data-generating filter).
  • Zip:
    • Fixed bug #78641 (addGlob can modify given remove_path value).

v7.3.11

  • Core:
    • Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
    • Fixed bug #78620 (Out of memory error).
  • Exif:
    • Fixed bug #78442 (‘Illegal component’ on exif_read_data since PHP7) (Kalle)
  • FPM:
    • Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)
    • Fixed bug #78413 (request_terminate_timeout does not take effect after fastcgi_finish_request).
  • MBString:
    • Fixed bug #78633 (Heap buffer overflow (read) in mb_eregi).
    • Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
    • Fixed bug #78609 (mb_check_encoding() no longer supports stringable objects).
  • MySQLi:
    • Fixed bug #76809 (SSL settings aren’t respected when persistent connections are used).
  • Mysqlnd:
    • Fixed bug #78525 (Memory leak in pdo when reusing native prepared statements).
  • PCRE:
    • Fixed bug #78272 (calling preg_match() before pcntl_fork() will freeze child process).
  • PDO_MySQL:
    • Fixed bug #78623 (Regression caused by “SP call yields additional empty result set”).
  • Session:
    • Fixed bug #78624 (session_gc return value for user defined session handlers).
  • Standard:
    • Fixed bug #76342 (file_get_contents waits twice specified timeout).
    • Fixed bug #78612 (strtr leaks memory when integer keys are used and the subject string shorter).
    • Fixed bug #76859 (stream_get_line skips data if used with data-generating filter).
  • Zip:
    • Fixed bug #78641 (addGlob can modify given remove_path value).

Download