Software 42837 Published by

The following new versions of PHP are available: PHP 7.4.9, 7.3.21, and 7.2.33.





PHP 7.4.9

- Apache:
. Fixed bug #79030 (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec). (Herbert256)

- COM:
. Fixed bug #63208 (BSTR to PHP string conversion not binary safe). (cmb)
. Fixed bug #63527 (DCOM does not work with Username, Password parameter). (cmb)

- Core:
. Fixed bug #79740 (serialize() and unserialize() methods can not be called statically). (Nikita)
. Fixed bug #79783 (Segfault in php_str_replace_common). (Nikita)
. Fixed bug #79778 (Assertion failure if dumping closure with unresolved static variable). (Nikita)
. Fixed bug #79779 (Assertion failure when assigning property of string offset by reference). (Nikita)
. Fixed bug #79792 (HT iterators not removed if empty array is destroyed). (Nikita)
. Fixed bug #78598 (Changing array during undef index RW error segfaults). (Nikita)
. Fixed bug #79784 (Use after free if changing array during undef var during array write fetch). (Nikita)
. Fixed bug #79793 (Use after free if string used in undefined index warning is changed). (Nikita)
. Fixed bug #79862 (Public non-static property in child should take priority over private static). (Nikita)
. Fixed bug #79877 (getimagesize function silently truncates after a null byte) (cmb)

- Fileinfo:
. Fixed bug #79756 (finfo_file crash (FILEINFO_MIME)). (cmb)

- FTP:
. Fixed bug #55857 (ftp_size on large files). (cmb)

- Mbstring:
. Fixed bug #79787 (mb_strimwidth does not trim string). (XXiang)

- Phar:
. Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068) (cmb)

- Reflection:
. Fixed bug #79487 (::getStaticProperties() ignores property modifications). (cmb, Nikita)
. Fixed bug #69804 (::getStaticPropertyValue() throws on protected props). (cmb, Nikita)
. Fixed bug #79820 (Use after free when type duplicated into ReflectionProperty gets resolved). (Christopher Broadbent)

- Standard:
. Fixed bug #70362 (Can't copy() large 'data://' with open_basedir). (cmb)
. Fixed bug #78008 (dns_check_record() always return true on Alpine). (Andy Postnikov)
. Fixed bug #79839 (array_walk() does not respect property types). (Nikita)

Download PHP 7.4.9 from GitHub

PHP 7.3.21

- Apache:
. Fixed bug #79030 (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec). (Herbert256)

- Core:
. Fixed bug #79877 (getimagesize function silently truncates after a null byte) (cmb)
. Fixed bug #79778 (Assertion failure if dumping closure with unresolved static variable). (Nikita)
. Fixed bug #79792 (HT iterators not removed if empty array is destroyed). (Nikita)

- COM:
. Fixed bug #63208 (BSTR to PHP string conversion not binary safe). (cmb)
. Fixed bug #63527 (DCOM does not work with Username, Password parameter). (cmb)

- Curl:
. Fixed bug #79741 (curl_setopt CURLOPT_POSTFIELDS asserts on object with declared properties). (Nikita)

- Fileinfo:
. Fixed bug #79756 (finfo_file crash (FILEINFO_MIME)). (cmb)

- FTP:
. Fixed bug #55857 (ftp_size on large files). (cmb)

- Mbstring:
. Fixed bug #79787 (mb_strimwidth does not trim string). (XXiang)

- Phar:
. Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068) (cmb)

- Standard:
. Fixed bug #70362 (Can't copy() large 'data://' with open_basedir). (cmb)
. Fixed bug #79817 (str_replace() does not handle INDIRECT elements). (Nikita)
. Fixed bug #78008 (dns_check_record() always return true on Alpine). (Andy Postnikov)

Download PHP 7.3.21 from GitHub

PHP 7.2.33

- Core:
. Fixed bug #79877 (getimagesize function silently truncates after a null byte) (cmb)

- Phar:
. Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068) (cmb)

Php73

Download PHP 7.2.33 from GitHub