The following new PHP versions are available: PHP 7.4.5, 7.3.17, 7.2.30, and 5.6.40-12.

PHP 7.4.5

16 Apr 2020, PHP 7.4.5

- Core:
  . Fixed bug #79364 (When copy empty array, next key is unspecified). (cmb)
  . Fixed bug #78210 (Invalid pointer address). (cmb, Nikita)

- CURL:
  . Fixed bug #79199 (curl_copy_handle() memory leak). (cmb)

- Date:
  . Fixed bug #79396 (DateTime hour incorrect during DST jump forward). (Nate
    Brunette)
  . Fixed bug #74940 (DateTimeZone loose comparison always true). (cmb)

- FPM:
  . Implement request #77062 (Allow numeric [UG]ID in FPM listen.{owner,group})
    (Andre Nathan)

- Iconv:
  . Fixed bug #79200 (Some iconv functions cut Windows-1258). (cmb)

- OPcache:
  . Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
    (Dmitry)

- Session:
  . Fixed bug #79413 (session_create_id() fails for active sessions). (cmb)

- Shmop:
  . Fixed bug #79427 (Integer Overflow in shmop_open()). (cmb)

- SimpleXML:
  . Fixed bug #61597 (SXE properties may lack attributes and content). (cmb)

- SOAP:
  . Fixed bug #79357 (SOAP request segfaults when any request parameter is
    missing). (Nikita)

- Spl:
  . Fixed bug #75673 (SplStack::unserialize() behavior). (cmb)
  . Fixed bug #79393 (Null coalescing operator failing with SplFixedArray).
    (cmb)

- Standard:
  . Fixed bug #79330 (shell_exec() silently truncates after a null byte). (stas)
  . Fixed bug #79410 (system() swallows last chunk if it is exactly 4095 bytes
    without newline). (Christian Schneider)
  . Fixed bug #79465 (OOB Read in urldecode()). (stas)


- Zip:
  . Fixed Bug #79296 (ZipArchive::open fails on empty file). (Remi)
  . Fixed bug #79424 (php_zip_glob uses gl_pathc after call to globfree).
    (Max Rees)

PHP 7.3.17

16 Apr 2020, PHP 7.3.17

- Core:
  . Fixed bug #79364 (When copy empty array, next key is unspecified). (cmb)
  . Fixed bug #78210 (Invalid pointer address). (cmb, Nikita)

- CURL:
  . Fixed bug #79199 (curl_copy_handle() memory leak). (cmb)

- Date:
  . Fixed bug #79396 (DateTime hour incorrect during DST jump forward). (Nate
    Brunette)

- Iconv:
  . Fixed bug #79200 (Some iconv functions cut Windows-1258). (cmb)

- OPcache:
  . Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
    (Dmitry)

- Session:
  . Fixed bug #79413 (session_create_id() fails for active sessions). (cmb)

- Shmop:
  . Fixed bug #79427 (Integer Overflow in shmop_open()). (cmb)

- SimpleXML:
  . Fixed bug #61597 (SXE properties may lack attributes and content). (cmb)

- Spl:
  . Fixed bug #75673 (SplStack::unserialize() behavior). (cmb)
  . Fixed bug #79393 (Null coalescing operator failing with SplFixedArray).
    (cmb)

- Standard:
  . Fixed bug #79330 (shell_exec() silently truncates after a null byte). (stas)
  . Fixed bug #79465 (OOB Read in urldecode()). (stas)
  . Fixed bug #79410 (system() swallows last chunk if it is exactly 4095 bytes
    without newline). (Christian Schneider)

- Zip:
  . Fixed Bug #79296 (ZipArchive::open fails on empty file). (Remi)
  . Fixed bug #79424 (php_zip_glob uses gl_pathc after call to globfree).
    (Max Rees)

PHP 7.2.30

16 Apr 2020, PHP 7.2.30

- Standard:
  . Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter
    appended). (dinosaur)
  . Fixed bug #79330 (shell_exec() silently truncates after a null byte). (stas)
  . Fixed bug #79465 (OOB Read in urldecode()). (stas)

PHP 5.6.40-12

Backported from 7.2.30

- Standard:
  . Fixed bug #79330 (shell_exec silently truncates after a null byte). (stas)
  . Fixed bug #79465 (OOB Read in urldecode). (CVE-2020-7067) (stas)