PHP 8.3.31 has been released, featuring crucial security patches across various components like FPM, MBString, SOAP, and the Standard library, along with new brotli and zstd compression support for Curl on Windows. Server administrators are strongly advised to upgrade to this version immediately to prevent potential exploits related to cross-site scripting, SQL injection, and memory corruption. The update also addresses specific vulnerabilities, including OpenSSL 4.0 handshake issues and a null byte injection flaw in the Firebird PDO driver, enhancing overall security and performance. Overall, this release aims to maintain system integrity and performance, urging users to monitor their server logs post-update for any compatibility issues
PHP 8.3.31 released
PHP 8.3.31 lands today with a heavy dose of security patches across FPM, MBString, SOAP, and the Standard library, plus native brotli and zstd compression finally making its way to Curl on Windows. Server admins should install this immediately since leaving older versions running is basically handing attackers a free pass to exploit cross-site scripting, SQL injection, and memory corruption flaws. The update also patches up OpenSSL 4.0 handshake failures and seals a null byte injection hole in the Firebird PDO driver that could easily leak database records. Skipping this upgrade just guarantees you will spend your weekend debugging preventable crashes instead of actually shipping code.
