php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update NEWS with entries for security fixes

Browse Source
This commit is contained in:
Jakub Zelenka
2025-03-07 13:47:38 +01:00
parent 115a918790
commit 689c019f54
1 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
NEWS
View File

@@ -1,6 +1,6 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.4.5
13 Mar 2025, PHP 8.4.5
- BCMath:
. Fixed bug GH-17398 (bcmul memory leak). (SakiTakamachi)
@@ -21,6 +21,8 @@ PHP NEWS
(DanielEScherzer)
. Fixed bug GH-17866 (zend_mm_heap corrupted error after upgrading from
8.4.3 to 8.4.4). (nielsdos)
. Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown
causes Use-After-Free). (CVE-2024-11235) (ilutov)
- DOM:
. Fixed bug GH-17609 (Typo in error message: Dom\NO_DEFAULT_NS instead of
@@ -49,6 +51,11 @@ PHP NEWS
. Fixed bug GH-17704 (ldap_search fails when $attributes contains a
non-packed array with numerical keys). (nielsdos, 7u83)
- LibXML:
. Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714). (nielsdos)
. Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header
when requesting a redirected resource). (CVE-2025-1219) (timwolla)
- MBString:
. Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables).
(cmb)
@@ -90,6 +97,14 @@ PHP NEWS
- Streams:
. Fixed bug GH-17650 (realloc with size 0 in user_filters.c). (nielsdos)
. Fix memory leak on overflow in _php_stream_scandir(). (nielsdos)
. Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit
basic auth header). (CVE-2025-1736) (Jakub Zelenka)
. Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location
to 1024 bytes). (CVE-2025-1861) (Jakub Zelenka)
. Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers
without colon). (CVE-2025-1734) (Jakub Zelenka)
. Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not
handle folded headers). (CVE-2025-1217) (Jakub Zelenka)
- Windows:
. Fixed phpize for Windows 11 (24H2). (Bob)