PHP 8.3.21 has been officially released by Eric Mann, bringing numerous important fixes and enhancements to the language. This update specifically addresses a variety of critical issues, including security vulnerabilities, memory leaks, and bugs that could lead to application crashes.
1. Core Enhancements:
- Resolved a segmentation fault when modifying properties of a `DateInterval` object.
- Fixed memory leaks in the `php_scandir` function.
2. Filter Improvements:
- Addressed an integer overflow issue related to IPv6 filtering.
3. GD Library Updates:
- Fixed an overflow issue in the `imagecrop()` function.
- Resolved overflow and underflow bugs in the `imagettftext()` function concerning font size.
4. Internationalization (Intl):
- Improved reference support for the function `intltz_get_offset()`.
5. LDAP Enhancements:
- Fixed issues with overriding TLS options and addressed a null dereference for specific modification keys.
6. libxml Adjustments:
- Corrected an issue that caused a confusing TypeError when a custom external entity loader returned an invalid resource.
7. OpenSSL Fixes:
- Resolved memory leaks in the `openssl_sign()` function and addressed potential leaks during BIO writes.
8. PDO Firebird Improvements:
- Fixed persistent connection issues that resulted in heap corruption.
9. SPL (Standard PHP Library) Fixes:
- Corrected memory mismanagement in the `SplObjectStorage` debug handler.
10. Standard Library Bugs:
- Addressed crashes in `php_clear_stat_cache()`, a use-after-free vulnerability in the `extract()` function, and fixed issues with `fseek()` that could lead to negative stream positions.
11. Zip Library Updates:
- Resolved issues with handling empty options in `ZipArchive::addGlob()` and fixed a memory leak for overly long paths.
This release underscores the PHP team's commitment to maintaining the stability, security, and performance of the language. Users are encouraged to update to PHP 8.3.21 to benefit from these improvements and mitigate any potential risks associated with the identified vulnerabilities. Further updates and enhancements can be expected as the community continues to contribute to the language's evolution
Key Fixes in PHP 8.3.21:
1. Core Enhancements:
- Resolved a segmentation fault when modifying properties of a `DateInterval` object.
- Fixed memory leaks in the `php_scandir` function.
2. Filter Improvements:
- Addressed an integer overflow issue related to IPv6 filtering.
3. GD Library Updates:
- Fixed an overflow issue in the `imagecrop()` function.
- Resolved overflow and underflow bugs in the `imagettftext()` function concerning font size.
4. Internationalization (Intl):
- Improved reference support for the function `intltz_get_offset()`.
5. LDAP Enhancements:
- Fixed issues with overriding TLS options and addressed a null dereference for specific modification keys.
6. libxml Adjustments:
- Corrected an issue that caused a confusing TypeError when a custom external entity loader returned an invalid resource.
7. OpenSSL Fixes:
- Resolved memory leaks in the `openssl_sign()` function and addressed potential leaks during BIO writes.
8. PDO Firebird Improvements:
- Fixed persistent connection issues that resulted in heap corruption.
9. SPL (Standard PHP Library) Fixes:
- Corrected memory mismanagement in the `SplObjectStorage` debug handler.
10. Standard Library Bugs:
- Addressed crashes in `php_clear_stat_cache()`, a use-after-free vulnerability in the `extract()` function, and fixed issues with `fseek()` that could lead to negative stream positions.
11. Zip Library Updates:
- Resolved issues with handling empty options in `ZipArchive::addGlob()` and fixed a memory leak for overly long paths.
Conclusion
This release underscores the PHP team's commitment to maintaining the stability, security, and performance of the language. Users are encouraged to update to PHP 8.3.21 to benefit from these improvements and mitigate any potential risks associated with the identified vulnerabilities. Further updates and enhancements can be expected as the community continues to contribute to the language's evolution
PHP 8.3.21 released
Eric Mann has announced the release of PHP 8.3.21, which addresses multiple issues, including IPv6 filter integer overflow, GD overflow, LDAP overriding, libxml errors, OpenSSL memory leaks, PDO Firebird persistent connection problems, SPL memory mismanagement, standard bugs, and Zip-related issues. The updates address several issues, including crashes in php_clear_stat_cache() related to php8ts, a use-after-free vulnerability in extract(), problems with fseek using SEEK_CUR, a resource leak in iptcembed(), and Zip-related issues with uouv and memory leaks.
