PHP 8.2.29 has been released, addressing critical vulnerabilities and issues within the PGSQL, SOAP, and Standard extensions. This update resolves specific security concerns, including a NULL pointer dereference and problems related to NULL byte termination in hostnames. The release includes fixes for the following vulnerabilities:
- PGSQL Extension: A fix for the issue identified as GHSA-hrwm-9436-5mv3, which pertains to the failure of the pgsql extension to check for errors during data escaping. This vulnerability is also linked to CVE-2025-1735 and was addressed by Jakub Zelenka.
- SOAP Extension: The update resolves the issue GHSA-453j-q27h-5p8x, which involves a NULL pointer dereference that could be triggered by a large XML namespace prefix. This vulnerability is associated with CVE-2025-6491 and was fixed by Lekssays and nielsdos.
- Standard Extension: The release fixes the vulnerability GHSA-3cr5-j632-f35r, which concerns NULL byte termination in hostnames. This issue is linked to CVE-2025-1220 and was also addressed by Jakub Zelenka.
Overall, PHP 8.2.29 enhances the security and stability of the language, making it imperative for developers to update to this latest version to mitigate potential risks associated with these vulnerabilities. As PHP continues to evolve, users are encouraged to stay informed about updates and best practices for maintaining secure and efficient applications
- PGSQL Extension: A fix for the issue identified as GHSA-hrwm-9436-5mv3, which pertains to the failure of the pgsql extension to check for errors during data escaping. This vulnerability is also linked to CVE-2025-1735 and was addressed by Jakub Zelenka.
- SOAP Extension: The update resolves the issue GHSA-453j-q27h-5p8x, which involves a NULL pointer dereference that could be triggered by a large XML namespace prefix. This vulnerability is associated with CVE-2025-6491 and was fixed by Lekssays and nielsdos.
- Standard Extension: The release fixes the vulnerability GHSA-3cr5-j632-f35r, which concerns NULL byte termination in hostnames. This issue is linked to CVE-2025-1220 and was also addressed by Jakub Zelenka.
Overall, PHP 8.2.29 enhances the security and stability of the language, making it imperative for developers to update to this latest version to mitigate potential risks associated with these vulnerabilities. As PHP continues to evolve, users are encouraged to stay informed about updates and best practices for maintaining secure and efficient applications
PHP 8.2.29 released
PHP 8.2.29 resolves issues related to PGSQL, SOAP, and Standard, including GHSA-hrwm-9436-5mv3, GHSA-453j-q27h-5p8x, and GHSA-3cr5-j632-f35r. This update addresses issues such as NULL pointer dereference, NULL byte termination in hostnames, and CVE-2025-1220.
