PHP 7.1.27, 7.2.16, and 7.3.3 released
Posted on: 03/09/2019 07:03 AM

New versions of PHP has been released

PHP 7.1.27:
07 Mar 2019
Core:
Fixed bug #77630 (rename() across the device may allow unwanted access during processing).
EXIF:
Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF).
Fixed bug #77540 (Invalid Read on exif_process_SOFn).
Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
PHAR:
Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow).
SPL:
Fixed bug #77431 (openFile() silently truncates after a null byte).

PHP 7.2.16:
07 Mar 2019
Core:
Fixed bug #77589 (Core dump using parse_ini_string with numeric sections).
Fixed bug #77630 (rename() across the device may allow unwanted access during processing).
COM:
Fixed bug #77621 (Already defined constants are not properly reported).
EXIF:
Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF).
Fixed bug #77540 (Invalid Read on exif_process_SOFn).
Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
PDO_OCI:
Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
PHAR:
Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
SPL:
Fixed bug #51068 (DirectoryIterator glob:// don't support current path relative queries).
Fixed bug #77431 (openFile() silently truncates after a null byte).
Standard:
Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions).
MySQL:
Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.

PHP 7.3.3:
Core:
Fixed bug #77589 (Core dump using parse_ini_string with numeric sections).
Fixed bug #77329 (Buffer Overflow via overly long Error Messages).
Fixed bug #77494 (Disabling class causes segfault on member access).
Fixed bug #77498 (Custom extension Segmentation fault when declare static property).
Fixed bug #77530 (PHP crashes when parsing `(2)::class`).
Fixed bug #77546 (iptcembed broken function).
Fixed bug #77630 (rename() across the device may allow unwanted access during processing).
COM:
Fixed bug #77621 (Already defined constants are not properly reported).
Fixed bug #77626 (Persistence confusion in php_com_import_typelib()).
EXIF:
Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF).
Fixed bug #77540 (Invalid Read on exif_process_SOFn).
Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
Mbstring:
Fixed bug #77514 (mb_ereg_replace() with trailing backslash adds null byte).
MySQL:
Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.
OpenSSL:
Fixed bug #77390 (feof might hang on TLS streams in case of fragmented TLS records).
PDO_OCI:
Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
PHAR:
Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow).
phpdbg:
Fixed bug #76596 (phpdbg support for display_errors=stderr).
SPL:
Fixed bug #51068 (DirectoryIterator glob:// don't support current path relative queries).
Fixed bug #77431 (openFile() silently truncates after a null byte).
Standard:
Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions).
Fixed bug #77612 (setcookie() sets incorrect SameSite header if all of its options filled).



Printed from CompatDB (https://www.compatdb.org/news/story/php_7_1_277_2_16and_7_3_3_released.html)