PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? 2016, PHP 5.6.23
+?? ??? 2016 PHP 7.0.9
+
+
+
+23 Jun 2016 PHP 7.0.8
+
+- Core:
+ . Fixed bug #72221 (segfault, past-the-end access). (Lauri Kenttä)
+ . Fixed bug #72218 (If host name cannot be resolved then PHP 7 crashes).
+ (Esminis at esminis dot lt)
+
+- FPM:
+ . Fixed bug #72308 (fastcgi_finish_request and logging environment
+ variables). (Laruence)
+ - GD:
+ . Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre)
+
- Intl:
- . Fixed bug #70484 (selectordinal doesn't work with named parameters).
+ . Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol)
+
+- PCRE:
+ . Fixed bug #72143 (preg_replace uses int instead of size_t). (Joe)
+
+- PDO_pgsql:
+ . Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound).
+ (Laruence)
+ . Fixed bug #72294 (Segmentation fault/invalid pointer in connection
+ with pgsql_stmt_dtor). (Anatol)
+
+- Phpdbg:
+ . Fixed bug #72284 (phpdbg fatal errors with coverage). (Bob)
+
+- Postgres:
+ . Fixed bug #72195 (pg_pconnect/pg_connect cause use-after-free). (Laruence)
+ . Fixed bug #72197 (pg_lo_create arbitrary read). (Anatol)
+
+- Standard:
+ . Fixed bug #72300 (ignore_user_abort(false) has no effect). (Laruence)
+ . Fixed bug #72229 (Wrong reference when serialize/unserialize an object).
+ (Laruence)
+ . Fixed bug #72193 (dns_get_record returns array containing elements of
+ type 'unknown'). (Laruence)
+ . Fixed bug #72017 (range() with float step produces unexpected result).
+ (Thomas Punt)
+
+- XML:
+ . Fixed bug #72206 (xml_parser_create/xml_parser_free leaks mem). (Joe)
+
+- XMLRPC:
+ . Fixed bug #72155 (use-after-free caused by get_zval_xmlrpc_type).
+ (Joe, Laruence)
+
+- Zip:
+ . Fixed ug #72258 (ZipArchive converts filenames to unrecoverable form).
(Anatol)
-26 May 2016, PHP 5.6.22
+26 May 2016 PHP 7.0.7
- Core:
- . Fixed bug #72172 (zend_hex_strtod should not use strlen).
- (bwitz at hotmail dot com )
- . Fixed bug #72114 (Integer underflow / arbitrary null write in
- fread/gzread). (Stas)
- . Fixed bug #72135 (Integer Overflow in php_html_entities). (Stas)
+ . Fixed bug #72162 (use-after-free - error_reporting). (Laruence)
+ . Add compiler option to disable special case function calls. (Joe)
+ . Fixed bug #72101 (crash on complex code). (Dmitry)
+ . Fixed bug #72100 (implode() inserts garbage into resulting string when
+ joins very big integer). (Mikhail Galanin)
+ . Fixed bug #72057 (PHP Hangs when using custom error handler and typehint).
+ (Nikita Nefedov)
+ . Fixed bug #72038 (Function calls with values to a by-ref parameter don't
+ always throw a notice). (Bob)
+ . Fixed bug #71737 (Memory leak in closure with parameter named $this).
+ (Nikita)
+ . Fixed bug #72059 (?? is not allowed on constant expressions). (Bob, Marcio)
+ . Fixed bug #72159 (Imported Class Overrides Local Class Name). (Nikita)
+
+- Curl:
+ . Fixed bug #68658 (Define CURLE_SSL_CACERT_BADFILE). (Pierrick)
+
+- DBA:
+ . Fixed bug #72157 (use-after-free caused by dba_open). (Shm, Laruence)
- GD:
. Fixed bug #72227 (imagescale out-of-bounds read). (Stas)
. Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte
value of 32 bytes). (Stas)
-- GMP:
- . Fixed bug #70284 (Use after free vulnerability in unserialize() with GMP).
- (stas)
-
-- hash:
- . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee
- at naver dot com)
-
-- MCrypt:
- . Fixed bug #69833 (mcrypt fd caching not working). (Anatol)
-
-- Opcache:
- . Fixed bug #70237 (Empty while and do-while segmentation fault with opcode
- on CLI enabled). (Dmitry, Laruence)
-
-- PCRE:
- . Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string
- match). (cmb)
- . Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
- (Anatol Belski)
-
-- SOAP:
- . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
- (CVE-2015-6836) (Stas)
-
-- SPL:
- . Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via
- ob_start). (hugh at allthethings dot co dot nz)
- . Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
- . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
- SplObjectStorage). (CVE-2015-6834) (taoguangchen at icloud dot com)
- . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
- SplDoublyLinkedList). (CVE-2015-6834) (taoguangchen at icloud dot com)
-
-- Standard:
- . Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).
- (cmb)
- . Fixed bug #70157 (parse_ini_string() segmentation fault with
- INI_SCANNER_TYPED). (Tjerk)
-
-- XSLT:
- . Fixed bug #69782 (NULL pointer dereference). (CVE-2015-6837, CVE-2015-6838)
- (Stas)
+- Fileinfo:
+ . Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB)
-- ZIP:
- . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
- creating directories). (CVE-2014-9767) (neal at fb dot com)
+- Filter:
+ . New FILTER_VALIDATE_DOMAIN and better RFC conformance for FILTER_VALIDATE_URL. (Kevin Dunglas)
-06 Aug 2015, PHP 5.6.12
+- FPM:
+ . Fixed bug #70538 ("php-fpm -i" crashes). (rainer dot jung at
+ kippdata dot de)
+ . Fixed bug #70279 (HTTP Authorization Header is sometimes passed to newer
+ reqeusts). (Laruence)
+ . Fixed bug #68945 (Unknown admin values segfault pools). (Laruence)
+ . Fixed bug #65933 (Cannot specify config lines longer than 1024 bytes). (Chris Wright)
+ . Implemented FR #67106 (Split main fpm config). (Elan Ruusamäe, Remi)
-- Core:
- . Fixed bug #70012 (Exception lost with nested finally block). (Laruence)
- . Fixed bug #70002 (TS issues with temporary dir handling). (Anatol)
- . Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive
- method calls). (Stas)
- . Fixed bug #69892 (Different arrays compare indentical due to integer key
- truncation). (Nikita)
- . Fixed bug #70121 (unserialize() could lead to unexpected methods execution
- / NULL pointer deref). (Stas)
+- FTP:
+ . Fixed bug #69082 (FTPS support on Windows). (Anatol)
-- CLI server:
- . Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). (cmb)
- . Fixed bug #64878 (304 responses return Content-Type header). (cmb)
-
- GD:
. Fixed bug #53156 (imagerectangle problem with point ordering). (cmb)
- . Fixed bug #66387 (Stack overflow with imagefilltoborder). (cmb)
+ . Fixed bug #66387 (Stack overflow with imagefilltoborder). (CVE-2015-8874)
+ (cmb)
. Fixed bug #70102 (imagecreatefromwebm() shifts colors). (cmb)
. Fixed bug #66590 (imagewebp() doesn't pad to even length). (cmb)
. Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px). (cmb)
projects / php / commitdiff