PHP 8.0.8与PHP 7.4.21发布,均为安全更新 建议升级

目前PHP的主流版本是PHP 8与PHP 7.4,近日官方发布了PHP 8.0.8与PHP 7.4.21更新,此次更新均为安全更新,并鼓励所有 PHP 8与PHP 7.4 用户升级到新版本。站长帮第一时间进行了升级,目前版本为PHP 7.4.21。

PHP Version 7.4.21 ChangeLog

  • 内核:
    • 修复BUG #81068 (Double free in realpath_cache_clean()).
    • 修复BUG #76359 (open_basedir bypass through adding “..”).
    • 修复BUG #81090 (Typed property performance degradation with .= operator).
    • 修复BUG #81070 (Integer underflow in memory limit comparison).
    • 修复BUG #81122 (SSRF bypass in FILTER_VALIDATE_URL). (CVE-2021-21705)
  • Bzip2:
    • 修复BUG #81092 (fflush before stream_filter_remove corrupts stream).
  • OpenSSL:
    • 修复BUG #76694 (native Windows cert verification uses CN as sever name).
  • PDO_Firebird:
    • 修复BUG #76448 (Stack buffer overflow in firebird_info_cb). (CVE-2021-21704)
    • 修复BUG #76449 (SIGSEGV in firebird_handle_doer). (CVE-2021-21704)
    • 修复BUG #76450 (SIGSEGV in firebird_stmt_execute). (CVE-2021-21704)
    • 修复BUG #76452 (Crash while parsing blob data in firebird_fetch_blob). (CVE-2021-21704)
  • 标准:
    • 修复BUG #81048 (phpinfo(INFO_VARIABLES) “Array to string conversion”).

PHP Version 8.0.8 ChangeLog

  • 内核:
    • 修复BUG #81076 (incorrect debug info on Closures with implicit binds).
    • 修复BUG #81068 (Double free in realpath_cache_clean()).
    • 修复BUG #76359 (open_basedir bypass through adding “..”).
    • 修复BUG #81090 (Typed property performance degradation with .= operator).
    • 修复BUG #81070 (Integer underflow in memory limit comparison).
    • 修复BUG #81122 (SSRF bypass in FILTER_VALIDATE_URL). (CVE-2021-21705)
  • Bzip2:
    • 修复BUG #81092 (fflush before stream_filter_remove corrupts stream).
  • Fileinfo:
    • 修复BUG #80197 (implicit declaration of function ‘magic_stream’ is invalid).
  • GMP:
    • 修复BUG #81119 (GMP operators throw errors with wrong parameter names).
  • OCI8:
    • 修复BUG #81088 (error in regression test for oci_fetch_object() and oci_fetch_array()).
  • Opcache:
    • 修复BUG #81051 (Broken property type handling after incrementing reference).
    • 修复BUG #80968 (JIT segfault with return from required file).
  • OpenSSL:
    • 修复BUG #76694 (native Windows cert verification uses CN as sever name).
  • MySQLnd:
    • 修复BUG #80761 (PDO uses too much memory).
  • PDO_Firebird:
    • 修复BUG #76448 (Stack buffer overflow in firebird_info_cb). (CVE-2021-21704)
    • 修复BUG #76449 (SIGSEGV in firebird_handle_doer). (CVE-2021-21704)
    • 修复BUG #76450 (SIGSEGV in firebird_stmt_execute). (CVE-2021-21704)
    • 修复BUG #76452 (Crash while parsing blob data in firebird_fetch_blob). (CVE-2021-21704)
  • readline:
    • 修复BUG #72998 (invalid read in readline completion).
  • 标准:
    • 修复BUG #81048 (phpinfo(INFO_VARIABLES) “Array to string conversion”).
    • 修复BUG #77627 (method_exists on Closure::__invoke inconsistency).
  • Windows:
    • 修复BUG #81120 (PGO data for main PHP DLL are not used).

发表评论