PHP 7.1.27、7.2.16 和 7.3.3 发布

PHP 7.1.27、7.2.16 和 7.3.3 发布了。

Version 7.1.27

07 Mar 2019

• Core:
  • Fixed bug  #77630  (rename() across the device may allow unwanted access during processing).
• EXIF:
  • Fixed bug  #77509  (Uninitialized read in exif_process_IFD_in_TIFF).
  • Fixed bug  #77540  (Invalid Read on exif_process_SOFn).
  • Fixed bug  #77563  (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
  • Fixed bug  #77659  (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
• PHAR:
  • Fixed bug  #77396  (Null Pointer Dereference in phar_create_or_parse_filename).
  • Fixed bug  #77586  (phar_tar_writeheaders_int() buffer overflow).
• SPL:
  • Fixed bug  #77431  (openFile() silently truncates after a null byte).

Version 7.2.16

07 Mar 2019

• Core:
  • Fixed bug  #77589  (Core dump using parse_ini_string with numeric sections).
  • Fixed bug  #77630  (rename() across the device may allow unwanted access during processing).
• COM:
  • Fixed bug  #77621  (Already defined constants are not properly reported).
• EXIF:
  • Fixed bug  #77509  (Uninitialized read in exif_process_IFD_in_TIFF).
  • Fixed bug  #77540  (Invalid Read on exif_process_SOFn).
  • Fixed bug  #77563  (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
  • Fixed bug  #77659  (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
• PDO_OCI:
  • Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
• PHAR:
  • Fixed bug  #77396  (Null Pointer Dereference in phar_create_or_parse_filename).
• SPL:
  • Fixed bug  #51068  (DirectoryIterator glob:// don't support current path relative queries).
  • Fixed bug  #77431  (openFile() silently truncates after a null byte).
• Standard:
  • Fixed bug  #77552  (Unintialized php_stream_statbuf in stat functions).
• MySQL:
  • Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.

Version 7.3.3

07 Mar 2019

• Core:
  • Fixed bug  #77589  (Core dump using parse_ini_string with numeric sections).
  • Fixed bug  #77329  (Buffer Overflow via overly long Error Messages).
  • Fixed bug  #77494  (Disabling class causes segfault on member access).
  • Fixed bug  #77498  (Custom extension Segmentation fault when declare static property).
  • Fixed bug  #77530  (PHP crashes when parsing `(2)::class`).
  • Fixed bug  #77546  (iptcembed broken function).
  • Fixed bug  #77630  (rename() across the device may allow unwanted access during processing).
• COM:
  • Fixed bug  #77621  (Already defined constants are not properly reported).
  • Fixed bug  #77626  (Persistence confusion in php_com_import_typelib()).
• EXIF:
  • Fixed bug  #77509  (Uninitialized read in exif_process_IFD_in_TIFF).
  • Fixed bug  #77540  (Invalid Read on exif_process_SOFn).
  • Fixed bug  #77563  (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
  • Fixed bug  #77659  (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
• Mbstring:
  • Fixed bug  #77514  (mb_ereg_replace() with trailing backslash adds null byte).
• MySQL:
  • Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.
• OpenSSL:
  • Fixed bug  #77390  (feof might hang on TLS streams in case of fragmented TLS records).
• PDO_OCI:
  • Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
• PHAR:
  • Fixed bug  #77396  (Null Pointer Dereference in phar_create_or_parse_filename).
  • Fixed bug  #77586  (phar_tar_writeheaders_int() buffer overflow).
• phpdbg:
  • Fixed bug  #76596  (phpdbg support for display_errors=stderr).
• SPL:
  • Fixed bug  #51068  (DirectoryIterator glob:// don't support current path relative queries).
  • Fixed bug  #77431  (openFile() silently truncates after a null byte).
• Standard:
  • Fixed bug  #77552  (Unintialized php_stream_statbuf in stat functions).
  • Fixed bug  #77612  (setcookie() sets incorrect SameSite header if all of its options filled).