Important Announcement: Critical Bug Fixes for Fedora 37 PHP 8.1.20
fedora
June 16, 2023
**PHP version 8.1.20** (08 Jun 2023) **Core:** * Fixed bug [GH-9068](https://github.com/php/php-src/issues/9068) (Conditional jump or move depends on uninitialised value(s))
Summary
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
**PHP version 8.1.20** (08 Jun 2023) **Core:** * Fixed bug
[GH-9068](https://github.com/php/php-src/issues/9068) (Conditional jump or move
depends on uninitialised value(s)). (nielsdos) * Fixed bug
[GH-11189](https://github.com/php/php-src/issues/11189) (Exceeding memory limit
in zend_hash_do_resize leaves the array in an invalid state). (Bob) * Fixed bug
[GH-11222](https://github.com/php/php-src/issues/11222) (foreach by-ref may jump
over keys during a rehash). (Bob) **Date:** * Fixed bug
[GH-11281](https://github.com/php/php-src/issues/11281) (DateTimeZone::getName()
does not include seconds in offset). (nielsdos) **Exif:** * Fixed bug
[GH-10834](https://github.com/php/php-src/issues/10834) (exif_read_data() cannot
read smaller stream wrapper chunk sizes). (nielsdos) **FPM:** * Fixed bug
[GH-10461](https://github.com/php/php-src/issues/10461) (PHP-FPM segfault due to
after free usage of child->ev_std(out|err)). (Jakub Zelenka) * Fixed bug
php#64539 (FPM status page: query_string not properly JSON encoded). (Jakub
Zelenka) * Fixed memory leak for invalid primary script file handle. (Jakub
Zelenka) **Hash:** * Fixed bug [GH-11180](https://github.com/php/php-src/issues/11180) (hash_file() appears to be restricted to 3 arguments).
(nielsdos) **LibXML:** * Fixed bug [GH-11160](https://github.com/php/php-src/issues/11160) (Few tests failed building with new libxml 2.11.0). (nielsdos)
**Opcache:** * Fixed bug [GH-11134](https://github.com/php/php-src/issues/11134) (Incorrect match default branch optimization). (ilutov) *
Fixed too wide OR and AND range inference. (nielsdos) * Fixed bug
[GH-11245](https://github.com/php/php-src/issues/11245) (In some specific cases
SWITCH with one default statement will cause segfault). (nielsdos) **PGSQL:**
* Fixed parameter parsing of pg_lo_export(). (kocsismate) **Phar:** * Fixed
bug [GH-11099](https://github.com/php/php-src/issues/11099) (Generating phar.php
during cross-compile can't be done). (peter279k) **Soap:** * Fixed bug
[GHSA-76gg-c692-v2mw](https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw) (Missing error check and
insufficient random bytes in HTTP Digest authentication for SOAP). (nielsdos,
timwolla) * Fixed bug [GH-8426](https://github.com/php/php-src/issues/8426)
(make test fail while soap extension build). (nielsdos) **SPL:** * Fixed bug
[GH-11178](https://github.com/php/php-src/issues/11178) (Segmentation fault in
spl_array_it_get_current_data (PHP 8.1.18)). (nielsdos) **Standard:** * Fixed
bug [GH-11138](https://github.com/php/php-src/issues/11138)
(move_uploaded_file() emits open_basedir warning for source file). (ilutov) *
Fixed bug [GH-11274](https://github.com/php/php-src/issues/11274) (POST/PATCH
request switches to GET after a HTTP 308 redirect). (nielsdos) **Streams:** *
Fixed bug [GH-10031](https://github.com/php/php-src/issues/10031) ([Stream]
STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data).
(nielsdos) * Fixed bug [GH-11175](https://github.com/php/php-src/issues/11175)
(Stream Socket Timeout). (nielsdos) * Fixed bug
[GH-11177](https://github.com/php/php-src/issues/11177) (ASAN
UndefinedBehaviorSanitizer when timeout = -1 passed to
stream_socket_accept/stream_socket_client). (nielsdos)
* Wed Jun 7 2023 Remi Collet
- Update to 8.1.20 - https://www.php.net/releases/8_1_20.php
su -c 'dnf upgrade --advisory FEDORA-2023-2b7eeaaee5' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it:
Change Log
References
Update Instructions
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Product: Fedora 37
Version: 8.1.20
Release: 1.fc37
URL: https://www.php.net/
Summary: PHP scripting language for creating dynamic web sites
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!