Fix bug #67252: convert_uudecode out-of-bounds read

Fix bug #67251 - date_parse_from_format out-of-bounds read

Fix bug #67250 (iptcparse out-of-bounds read)

Fix bug #67247 spl_fixedarray_resize integer overflow

fix news

Updated NEWS

Fix author name on the #63228 patch.

add missing NEWS entry to the correct release where it was added

Fix bug #67060: use default mode of 660

Fixed bug #66431 Special Character via COM Interface (CP_UTF8)

Fixed bug #67118 DateTime constructor crash with invalid data

Revert "Fixed bug #64604"

This reverts commit b05c088a3abf8e4c6fb6e40418423a9e2dd3d929.
Breaks parsing urls where query has : in it, like: /foo/bar?baz=goo:boo

Allow valid multi-byte utf-8 characters to be allowed as file names in phar archives.

Fix #66908: php-fpm reload leaks epoll_create() file descriptor

This patch fixes descriptor leak which could lead to DoS once Max open files is reached

Fix bug #65701: Do not use cache for file file copy

Fixed bug #67072 Echoing unserialized "SplFileObject" crash

The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callba

Fixed bug #67072 Echoing unserialized "SplFileObject" crash

The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.

This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.

show more ...

Fixed bug #67081 DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset

5.4.29 is next

Fix #66942: openssl_seal() memory leak

Fix #66952: memory leak in openssl_open()

Fix null byte in LDAP bindings

Fix bug #66171: better handling of symlinks

fix NEWS

Fixed bug #64604

Fix #66562: Consistency bug where curl_multi_getcontent behaves different from curl_exec

curl_exec returns an empty string when data is received from a domain that returns zero content. curl

Fix #66562: Consistency bug where curl_multi_getcontent behaves different from curl_exec

curl_exec returns an empty string when data is received from a domain that returns zero content. curl_multi_getcontent
returned null. Now it returns an empty string fixing the incosistency

show more ...

Fix bug #66482, replace wrong item name 'priority' with 'process.priority' in php-fpm.conf