PHP 7.4.14 - Change Log - FreewareFiles.com

CHANGELOG

What's New in version 7.2.11:

Core:

Fixed bug '76800 (foreach inconsistent if array modified during loop).
Fixed bug '76901 (method_exists on SPL iterator passthrough method corrupts memory).

CURL:

Fixed bug '76480 (Use curl_multi_wait() so that timeouts are respected).

iconv:

Fixed bug '66828 (iconv_mime_encode Q-encoding longer than it should be).

Opcache:

Fixed bug '76832 (ZendOPcache.MemoryBase periodically deleted by the OS).
Fixed bug '76796 (Compile-time evaluation of disabled function in opcache causes segfault).

POSIX:

Fixed bug '75696 (posix_getgrnam fails to print details of group).

Reflection:

Fixed bug '74454 (Wrong exception being thrown when using ReflectionMethod).

Standard:

Fixed bug '73457 (Wrong error message when fopen FTP wrapped fails to open data connection).
Fixed bug '74764 (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).
Fixed bug '75533 (array_reduce is slow when $carry is large array).

XMLRPC:

Fixed bug '76886 (Can't build xmlrpc with expat).

Zlib:

Fixed bug '75273 (php_zlib_inflate_filter() may not update bytes_consumed).

What's New in version 5.5.11:

Core:

Allow zero length comparison in substr_compare() (Tjerk)
Fixed bug #60602 (proc_open() changes environment array) (Tjerk)

SPL:

Added feature #65545 (SplFileObject::fread()) (Tjerk)

cURL:

Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour) (Tjerk)
Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive. (Adam)

FPM:

Added clear_env configuration directive to disable clearenv() call. (Github PR# 598, Paul Annesley)

Fileinfo:

Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression). (CVE-2013-7345) (Remi)

GD:

Fixed bug #66714 (imageconvolution breakage). (Brad Daily)
Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)
Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi)
Fixed bug #66890 (imagescale segfault). (Remi)
Fixed bug #66893 (imagescale ignore method argument). (Remi)

Hash:

hash_pbkdf2() now works correctly if the $length argument is not specified. (Nikita)

Intl:

Fixed bug #66873 (A reproductible crash in UConverter when given invalid encoding) (Stas)

Mail:

Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)

MySQLi:

Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed) (Remi)

OPCache:

Added function opcache_is_script_cached(). (Danack)
Added information about interned strings usage. (Terry, Julien, Dmitry)

Openssl:

Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)

GMP:

Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)

SQLite:

Updated bundled libsqlite to 3.8.3.1 (Anatol)

What's new in version 5.5.10:

Core: Fixed Request #66574i (Allow multiple paths in php_ini_scanned_path).
Date: Fixed bug #45528 (Allow the DateTimeZone constructor to accept timezones per offset too).
Fileinfo:
- Fixed bug #66731 (file: infinite recursion) (CVE-2014-1943).
- Fixed bug #66820 (out-of-bounds memory access in fileinfo).
GD: Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer CVE-2013-7327).
JSON: Fixed bug #65753 (JsonSerializeable couldn't implement on module extension)
LDAP: Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch). (Ondrej Ho�ek)
Openssl: Fixed bug #66501 (Add EC key support to php_openssl_is_private_key). (Mark Zedwood)
PCRE: Upgraded to PCRE 8.34.
Pgsql: Added warning for dangerous client encoding and remove possible injections for pg_insert()/pg_update()/pg_delete()/pg_select().

What's new in version 5.5.9:

Core:

Fixed bug #66509 (copy() arginfo has changed starting from 5.4). (willfitch)

GD:

Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()). (Laruence, Remi)

OPCache:

Fixed bug #66474 (Optimizer bug in constant string to boolean conversion). (Dmitry)
FFixed bug #66461 (PHP crashes if opcache.interned_strings_buffer=0). (Dmitry)
FFixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style ^M as lineend). (Laruence)

PDO_pgsql:

Fixed bug #62479 (PDO-psql cannot connect if password contains spaces) (willfitch, iliaa)

Readline:

Fixed Bug #66412 (readline_clear_history() with libedit causes segfault after #65714). (Remi)

Session:

Fixed bug #66469 (Session module is sending multiple set-cookie headers when session.use_strict_mode=1) (Yasuo)
FFixed bug #66481 (Segfaults on session_name()). (cmcdermottroe at engineyard dot com, Yasuo)

Standard:

Fixed bug #66395 (basename function doesn't remove drive letter). (Anatol)

Sockets:

Fixed bug #66381 (__ss_family was changed on AIX 5.3). (Felipe)

Zend Engine:

Fixed bug #66009 (Failed compilation of PHP extension with C++ std library using VS 2012). (Anatol)

What's New in version 5.5.7:

CLI server:

Added some MIME types to the CLI web server (Chris Jones)
Implemented FR #65917 (getallheaders() is not supported by the built-in web server) - also implements apache_response_headers() (Andrea Faulds)

Core:

Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence)

OPCache

Fixed bug #66176 (Invalid constant substitution). (Dmitry)
Fixed bug #65915 (Inconsistent results with require return value). (Dmitry)
Fixed bug #65559 (Opcache: cache not cleared if changes occur while running). (Dmitry)

OpenSSL:

Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser).

readline

Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi)

What's New in version 5.5.3:

Openssl: Fixed UMR in fix for CVE-2013-4248.

What's New in version 5.5.1:

Fixed bug #65254 (Exception not catchable when exception thrown in autoload with a namespace).
Fixed bug #65088 (Generated configure script is malformed on OpenBSD). (Adam)
Fixed bug #65108 (is_callable() triggers Fatal Error).
Fixed bug #65035 (yield / exit segfault).
Fixed bug #65161 (Generator + autoload + syntax error = segfault).
hex2bin() raises E_WARNING for invalid hex string.
Fixed bug #65226 (chroot() does not get enabled).

What's New in version 5.5.0:

Added generators and coroutines.
Added the finally keyword.
Added a simplified password hashing API.
Added support for constant array/string dereferencing.
Added scalar class name resolution via ::class.
Added support for using empty() on the result of function calls and other expressions.
Added support for non-scalar Iterator keys in foreach.
Added support for list() constructs in foreach statements.
Added the Zend OPcache extension for opcode caching.
The GD library has been upgraded to version 2.1 adding new functions and improving existing functionality.
A lot more improvements and fixes.

What's New in version 5.3.10:

Core: Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830. (Stas, Dmitry)

What's New in version 5.3.8:

Core:

Fixed bug #55439 (crypt() returns only the salt for MD5). (Stas)

OpenSSL:

Reverted a change in timeout handling restoring PHP 5.3.6 behavior, as the new behavior caused mysqlnd SSL connections to hang (#55283). (Pierre, Andrey, Johannes)

What's New in version 5.3.7:

Security Enhancements and Fixes in PHP 5.3.7:

Updated crypt_blowfish to 1.2. (CVE-2011-2483)
Fixed crash in error_log(). Reported by Mateusz Kocielski
Fixed buffer overflow on overlog salt in crypt().
Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)

Key enhancements in PHP 5.3.7 include:

Upgraded bundled Sqlite3 to version 3.7.7.1
Upgraded bundled PCRE to version 8.12
Fixed bug #54910 (Crash when calling call_user_func with unknown function name)
Fixed bug #54585 (track_errors causes segfault)
Fixed bug #54262 (Crash when assigning value to a dimension in a non-array)
Fixed a crash inside dtor for error handling
Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off)
Fixed bug #54935 php_win_err can lead to crash
Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption)
Fixed bug #54305 (Crash in gc_remove_zval_from_buffer)
Fixed bug #54580 (get_browser() segmentation fault when browscap ini directive is set through php_admin_value)
Fixed bug #54529 (SAPI crashes on apache_config.c:197)
Fixed bug #54283 (new DatePeriod(NULL) causes crash).
Fixed bug #54269 (Short exception message buffer causes crash)
Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries)
Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters)
Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and SplTempFileObject crash when user-space classes don't call the parent constructor)
Fixed bug #54292 (Wrong parameter causes crash in SplFileObject::__construct())
Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting with \0)
Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator)
Fixed bug #54623 (Segfault when writing to a persistent socket after closing a copy of the socket)
Fixed bug #54681 (addGlob() crashes on invalid flags)
Over 80 other bug fixes.

What's New in version 5.3.6:

Upgraded bundled Sqlite3 to version 3.7.4. (Ilia)
Upgraded bundled PCRE to version 8.11. (Ilia)

What's New in version 5.3.5:

Fixed Bug #53632 (infinite loop with x87 fpu). (Scott, Rasmus)

What's New in version 5.3.4:

Upgraded bundled Sqlite3 to version 3.7.3. (Ilia)
Upgraded bundled PCRE to version 8.10. (Ilia)

Security enhancements:

Fixed crash in zip extract method (possible CWE-170). (Maksymilian Arciemowicz, Pierre)
Paths with NULL in them (foo\0bar.txt) are now considered as invalid. (Rasmus)
Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia)
Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). (Maksymilian Arciemowicz)
Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre)
Fixed symbolic resolution support when the target is a DFS share. (Pierre)
Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710). (Adam)

General improvements:

Added stat support for zip stream. (Pierre)
Added follow_location (enabled by default) option for the http stream support. (Pierre)
Improved support for is_link and related functions on Windows. (Pierre)
Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al. (Gustavo)

Implemented feature requests:

Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime. (Kalle)
Implemented FR #52173, added functions pcntl_get_last_error() and pcntl_strerror(). (nick dot telford at gmail dot com, Arnaud)
Implemented symbolic links support for open_basedir checks. (Pierre)
Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre)
Implemented FR #50692, not uploaded files don't count towards max_file_uploads limit. As a side improvement, temporary files are not opened for empty uploads and, in debug mode, 0-length uploads. (Gustavo)