11PHP NEWS
22|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
3- ?? ??? ???? , PHP 8.3.18
3+ 13 Mar 2025 , PHP 8.3.18
44
55- BCMath:
66 . Fixed bug GH-17398 (bcmul memory leak). (SakiTakamachi)
@@ -15,6 +15,8 @@ PHP NEWS
1515 `__callStatic` is allowed). (timwolla)
1616 . Fixed bug GH-17797 (zend_test_compile_string crash on invalid
1717 script path). (David Carlier)
18+ . Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown
19+ causes Use-After-Free). (CVE-2024-11235) (ilutov)
1820
1921- DOM:
2022 . Fixed bug GH-17847 (xinclude destroys live node). (nielsdos)
@@ -34,6 +36,11 @@ PHP NEWS
3436 . Fixed bug GH-17704 (ldap_search fails when $attributes contains a
3537 non-packed array with numerical keys). (nielsdos, 7u83)
3638
39+ - LibXML:
40+ . Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714). (nielsdos)
41+ . Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header
42+ when requesting a redirected resource). (CVE-2025-1219) (timwolla)
43+
3744- MBString:
3845 . Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables).
3946 (cmb)
@@ -69,6 +76,14 @@ PHP NEWS
6976- Streams:
7077 . Fixed bug GH-17650 (realloc with size 0 in user_filters.c). (nielsdos)
7178 . Fix memory leak on overflow in _php_stream_scandir(). (nielsdos)
79+ . Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit
80+ basic auth header). (CVE-2025-1736) (Jakub Zelenka)
81+ . Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location
82+ to 1024 bytes). (CVE-2025-1861) (Jakub Zelenka)
83+ . Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers
84+ without colon). (CVE-2025-1734) (Jakub Zelenka)
85+ . Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not
86+ handle folded headers). (CVE-2025-1217) (Jakub Zelenka)
7287
7388- Windows:
7489 . Fixed phpize for Windows 11 (24H2). (bwoebi)
0 commit comments