| #
fcbcf2f2 |
| 26-Sep-2024 |
Ben Ramsey |
PHP-8.1 is now for PHP 8.1.31-dev
|
| #
d5035a70 |
| 23-Sep-2024 |
Jakub Zelenka |
[skip ci] Fix typo in NEWS
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
|
| #
8d87bc3e |
| 23-Sep-2024 |
Jakub Zelenka |
Update NEWS with security fixes info
|
| #
a87ccc7c |
| 05-Jun-2024 |
Ben Ramsey |
PHP-8.1 is now for PHP 8.1.30-dev
|
| #
557e09f6 |
| 05-Jun-2024 |
Ben Ramsey |
Update NEWS
Co-authored-by: Eric Mann <ericmann@php.net>
|
| #
ca5fe403 |
| 10-Apr-2024 |
Ben Ramsey |
PHP-8.1 is now for PHP 8.1.29-dev
|
| #
de4f7f93 |
| 10-Apr-2024 |
Ben Ramsey |
Update NEWS
|
| #
8f6610ce |
| 05-Dec-2023 |
Patrick Allaert |
PHP-8.1 is now for PHP 8.1.28-dev
(If released one day!)
|
| #
df259f88 |
| 17-Nov-2023 |
Patrick Prasse |
Fix bug GH-12705: Segmentation fault in fpm_status_export_to_zval
Closes GH-12706
|
| #
3f57bd80 |
| 24-Nov-2023 |
ddv |
Fix phpGH-12763: PGSQL pg_untrace(): Argument #1 ($connection) must be of type resource or null, PgSql\Connection given.
|
| #
7e7817bc |
| 25-Aug-2023 |
Mikhail Galanin |
Avoid using uninitialised struct
Closes GH-12046.
|
| #
1305ea23 |
| 24-Nov-2023 |
Bob Weinand |
Add NEWS entry for GH-12768
|
| #
daa38dd6 |
| 20-Nov-2023 |
Ilija Tovilo |
Fix in-place modification of filename in php_message_handler_for_zend
php_strip_url_passwd modifies url in-place. We cannot assume from
php_message_handler_for_zend that data is a tempor
Fix in-place modification of filename in php_message_handler_for_zend
php_strip_url_passwd modifies url in-place. We cannot assume from
php_message_handler_for_zend that data is a temporary, modifiable string.
Fixes oss-fuzz #64209
Closes GH-12733
show more ...
|
| #
1fdcfa4e |
| 20-Nov-2023 |
Ilija Tovilo |
Fix use-after-free of name in var-var with malicious error handler
Fixes oss-fuzz #54325
Closes GH-12732
|
| #
55e07484 |
| 23-Oct-2023 |
Jakub Zelenka |
Fix #50713: openssl_pkcs7_verify() may ignore untrusted CAs
Closes GH-12499
|
| #
243fa9c1 |
| 15-Nov-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-12616: DOM: Removing XMLNS namespace node results in invalid default: prefix
The namespace data is freed and set to NULL, but there remain references
to the namespace declaration
Fix GH-12616: DOM: Removing XMLNS namespace node results in invalid default: prefix
The namespace data is freed and set to NULL, but there remain references
to the namespace declaration nodes. This (rightfully) confuses libxml2
because its invariants are broken. We also have to remove all remaining
references from the subtree. This fixes the data corruption bug.
Closes GH-12681.
show more ...
|
| #
6a76e5d0 |
| 17-Nov-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-12702: libxml2 2.12.0 issue building from src
Fixes GH-12702.
Co-authored-by: nono303 <github@nono303.net>
|
| #
a7a6151c |
| 16-Nov-2023 |
Jakub Zelenka |
Fix bug #79945: Stream wrappers in imagecreatefrompng causes segfault
Closes GH-12696
|
| #
df2af7ff |
| 15-Nov-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-12675: MEMORY_LEAK in phpdbg_prompt.c
Have to use file_put_contents() instead of --FILE-- because we have to
actually load it using the exec command, *and* have to make multiple
Fix GH-12675: MEMORY_LEAK in phpdbg_prompt.c
Have to use file_put_contents() instead of --FILE-- because we have to
actually load it using the exec command, *and* have to make multiple
files, and note that we can only load files relative from the current
directory, so we can't rely on files being in the sapi/phpdbg/tests
folder.
Closes GH-12680.
show more ...
|
| #
c376f994 |
| 12-Nov-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-12655: proc_open() does not take into account references in the descriptor array
Closes GH-12658.
|
| #
e1c6a7c4 |
| 08-Nov-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-12621: browscap segmentation fault when configured in the vhost
The temporary HashTable has a destructor that releases the string held
by the entry's value. However, browscap_inte
Fix GH-12621: browscap segmentation fault when configured in the vhost
The temporary HashTable has a destructor that releases the string held
by the entry's value. However, browscap_intern_str(_ci) only incremented
the refcount for the reference created by the return value. As the
HashTable is only used during parsing, we don't need to manage the
reference count of the value anyway, so get rid of the destructor.
This is triggerable in two cases:
- When using php_admin_value to set the ini at the activation stage
- When running out of space for the opcache-interned strings
Closes GH-12634.
show more ...
|
| #
6641cd15 |
| 11-Nov-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-12635: Test bug69398.phpt fails with ICU 74.1
ICU 74.1 contains new locale data that breaks the test.
Split the test based on the version number to resolve the issue.
Clo
Fix GH-12635: Test bug69398.phpt fails with ICU 74.1
ICU 74.1 contains new locale data that breaks the test.
Split the test based on the version number to resolve the issue.
Closes GH-12653.
show more ...
|
| #
0b5824e1 |
| 14-Nov-2023 |
Remi Collet |
NEWS
|
| #
2a4775d6 |
| 09-Nov-2023 |
SakiTakamachi |
Fix GH-12633: sqlite3_defensive.phpt fails with sqlite 3.44.0
Removes 'PRAGMA writable_schema;'.
From sqlite changelog https://www.sqlite.org/releaselog/3_44_0.html:
> The SQLIT
Fix GH-12633: sqlite3_defensive.phpt fails with sqlite 3.44.0
Removes 'PRAGMA writable_schema;'.
From sqlite changelog https://www.sqlite.org/releaselog/3_44_0.html:
> The SQLITE_DBCONFIG_DEFENSIVE setting now prevents PRAGMA writable_schema
> from being turned on.
> Previously writable_schema could be turned on, but would not actually allow
> the schema to be writable. Now it simply cannot be turned on.
Closes GH-12636.
show more ...
|
| #
78fba9cb |
| 08-Nov-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-12628: The gh11374 test fails on Alpinelinux
Closes GH-12636.
|
