PHP 7.1.28、7.2.17、7.3.4 发布,主要是安全更新

释放双眼,带上耳机,听听看~!

文章转载开源中国

PHP 发布了三个更新版本,这三个版本主要都是安全方面的更新,详细改进记录如下:

Version 7.1.28

04 Apr 2019

  • EXIF:
    • Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s).
    • Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
  • SQLite3:
    • Added sqlite3.defensive INI directive.

Version 7.3.4

04 Apr 2019

  • Core:
    • Fixed bug #77738 (Nullptr deref in zend_compile_expr).
    • Fixed bug #77660 (Segmentation fault on break 2147483648).
    • Fixed bug #77652 (Anonymous classes can lose their interface information).
    • Fixed bug #77345 (Stack Overflow caused by circular reference in garbage collection).
    • Fixed bug #76956 (Wrong value for 'syslog.filter' documented in php.ini).
  • Apache2Handler:
    • Fixed bug #77648 (BOM in sapi/apache2handler/php_functions.c).
  • Bcmath:
    • Fixed bug #77742 (bcpow() implementation related to gcc compiler optimization).
  • CLI Server:
    • Fixed bug #77722 (Incorrect IP set to $_SERVER['REMOTE_ADDR'] on the localhost).
  • COM:
    • Fixed bug #77578 (Crash when php unload).
  • EXIF:
    • Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s).
    • Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
  • FPM:
    • Fixed bug #77677 (FPM fails to build on AIX due to missing WCOREDUMP).
  • GD:
    • Fixed bug #77700 (Writing truecolor images as GIF ignores interlace flag).
  • MySQLi:
    • Fixed bug #77597 (mysqli_fetch_field hangs scripts).
  • Opcache:
    • Fixed bug #77743 (Incorrect pi node insertion for jmpznz with identical successors).
  • PCRE:
    • Fixed bug #76127 (preg_split does not raise an error on invalid UTF-8).
  • Phar:
    • Fixed bug #77697 (Crash on Big_Endian platform).
  • phpdbg:
    • Fixed bug #77767 (phpdbg break cmd aliases listed in help do not match actual aliases).
  • sodium:
    • Fixed bug #77646 (sign_detached() strings not terminated).
  • SQLite3:
    • Added sqlite3.defensive INI directive.
  • Standard:
    • Fixed bug #77664 (Segmentation fault when using undefined constant in custom wrapper).
    • Fixed bug #77669 (Crash in extract() when overwriting extracted array).
    • Fixed bug #76717 (var_export() does not create a parsable value for PHP_INT_MIN).
    • Fixed bug #77765 (FTP stream wrapper should set the directory as executable).

https://www.php.net/ChangeLog-7.php

给TA打赏
共{{data.count}}人
人已打赏
安全经验

GitLab 发布安全修复版本:11.9.4, 11.8.6 和 11.7.10

2019-4-3 11:12:22

安全经验

GitLab 发布安全修复版本 11.9.7, 11.8.7 和 11.7.11

2019-4-11 11:12:22

个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索