Skip to content

Commit b672403

Browse files
committed
Announce PHP 8.3.14
1 parent cd7ee29 commit b672403

File tree

6 files changed

+259
-6
lines changed

6 files changed

+259
-6
lines changed

ChangeLog-8.php

Lines changed: 179 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,185 @@
88
?>
99
<a id="PHP_8_3"></a>
1010

11+
<section class="version" id="8.3.14"><!-- {{{ 8.3.14 -->
12+
<h3>Version 8.3.14</h3>
13+
<b><?php release_date('21-Nov-2024'); ?></b>
14+
<ul><li>CLI:
15+
<ul>
16+
<li>Fixed bug <?php githubissuel('php/php-src', 16373); ?> (Shebang is not skipped for router script in cli-server started through shebang).</li>
17+
<li>Fixed bug <?php githubsecurityl('php/php-src', '4w77-75f9-2c8w'); ?> (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface).</li>
18+
</ul></li>
19+
<li>COM:
20+
<ul>
21+
<li>Fixed out of bound writes to SafeArray data.</li>
22+
</ul></li>
23+
<li>Core:
24+
<ul>
25+
<li>Fixed bug <?php githubissuel('php/php-src', 16168); ?> (php 8.1 and earlier crash immediately when compiled with Xcode 16 clang on macOS 15).</li>
26+
<li>Fixed bug <?php githubissuel('php/php-src', 16371); ?> (Assertion failure in Zend/zend_weakrefs.c:646).</li>
27+
<li>Fixed bug <?php githubissuel('php/php-src', 16515); ?> (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline).</li>
28+
<li>Fixed bug <?php githubissuel('php/php-src', 16509); ?> (Incorrect line number in function redeclaration error).</li>
29+
<li>Fixed bug <?php githubissuel('php/php-src', 16508); ?> (Incorrect line number in inheritance errors of delayed early bound classes).</li>
30+
<li>Fixed bug <?php githubissuel('php/php-src', 16648); ?> (Use-after-free during array sorting).</li>
31+
</ul></li>
32+
<li>Curl:
33+
<ul>
34+
<li>Fixed bug <?php githubissuel('php/php-src', 16302); ?> (CurlMultiHandle holds a reference to CurlHandle if curl_multi_add_handle fails).</li>
35+
</ul></li>
36+
<li>Date:
37+
<ul>
38+
<li>Fixed bug <?php githubissuel('php/php-src', 16454); ?> (Unhandled INF in date_sunset() with tiny $utcOffset).</li>
39+
<li>Fixed bug <?php githubissuel('php/php-src', 14732); ?> (date_sun_info() fails for non-finite values).</li>
40+
</ul></li>
41+
<li>DBA:
42+
<ul>
43+
<li>Fixed bug <?php githubissuel('php/php-src', 16390); ?> (dba_open() can segfault for "pathless" streams).</li>
44+
</ul></li>
45+
<li>DOM:
46+
<ul>
47+
<li>Fixed bug <?php githubissuel('php/php-src', 16316); ?> (DOMXPath breaks when not initialized properly).</li>
48+
<li>Add missing hierarchy checks to replaceChild.</li>
49+
<li>Fixed bug <?php githubissuel('php/php-src', 16336); ?> (Attribute intern document mismanagement).</li>
50+
<li>Fixed bug <?php githubissuel('php/php-src', 16338); ?> (Null-dereference in ext/dom/node.c).</li>
51+
<li>Fixed bug <?php githubissuel('php/php-src', 16473); ?> (dom_import_simplexml stub is wrong).</li>
52+
<li>Fixed bug <?php githubissuel('php/php-src', 16533); ?> (Segfault when adding attribute to parent that is not an element).</li>
53+
<li>Fixed bug <?php githubissuel('php/php-src', 16535); ?> (UAF when using document as a child).</li>
54+
<li>Fixed bug <?php githubissuel('php/php-src', 16593); ?> (Assertion failure in DOM-&gt;replaceChild).</li>
55+
<li>Fixed bug <?php githubissuel('php/php-src', 16595); ?> (Another UAF in DOM -&gt; cloneNode).</li>
56+
</ul></li>
57+
<li>EXIF:
58+
<ul>
59+
<li>Fixed bug <?php githubissuel('php/php-src', 16409); ?> (Segfault in exif_thumbnail when not dealing with a real file).</li>
60+
</ul></li>
61+
<li>FFI:
62+
<ul>
63+
<li>Fixed bug <?php githubissuel('php/php-src', 16397); ?> (Segmentation fault when comparing FFI object).</li>
64+
</ul></li>
65+
<li>Filter:
66+
<ul>
67+
<li>Fixed bug <?php githubissuel('php/php-src', 16523); ?> (FILTER_FLAG_HOSTNAME accepts ending hyphen).</li>
68+
</ul></li>
69+
<li>FPM:
70+
<ul>
71+
<li>Fixed bug <?php githubissuel('php/php-src', 16628); ?> (FPM logs are getting corrupted with this log statement).</li>
72+
</ul></li>
73+
<li>GD:
74+
<ul>
75+
<li>Fixed bug <?php githubissuel('php/php-src', 16334); ?> (imageaffine overflow on matrix elements).</li>
76+
<li>Fixed bug <?php githubissuel('php/php-src', 16427); ?> (Unchecked libavif return values).</li>
77+
<li>Fixed bug <?php githubissuel('php/php-src', 16559); ?> (UBSan abort in ext/gd/libgd/gd_interpolation.c:1007).</li>
78+
</ul></li>
79+
<li>GMP:
80+
<ul>
81+
<li>Fixed floating point exception bug with gmp_pow when using large exposant values. (David Carlier).</li>
82+
<li>Fixed bug <?php githubissuel('php/php-src', 16411); ?> (gmp_export() can cause overflow).</li>
83+
<li>Fixed bug <?php githubissuel('php/php-src', 16501); ?> (gmp_random_bits() can cause overflow).</li>
84+
<li>Fixed gmp_pow() overflow bug with large base/exponents.</li>
85+
<li>Fixed segfaults and other issues related to operator overloading with GMP objects.</li>
86+
</ul></li>
87+
<li>LDAP:
88+
<ul>
89+
<li>Fixed bug <?php githubsecurityl('php/php-src', 'g665-fm4p-vhff'); ?> (OOB access in ldap_escape). (CVE-2024-8932)</li>
90+
</ul></li>
91+
<li>MBstring:
92+
<ul>
93+
<li>Fixed bug <?php githubissuel('php/php-src', 16361); ?> (mb_substr overflow on start/length arguments).</li>
94+
</ul></li>
95+
<li>MySQLnd:
96+
<ul>
97+
<li>Fixed bug <?php githubsecurityl('php/php-src', 'h35g-vwh6-m678'); ?> (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)</li>
98+
</ul></li>
99+
<li>Opcache:
100+
<ul>
101+
<li>Fixed bug <?php githubissuel('php/php-src', 16408); ?> (Array to string conversion warning emitted in optimizer).</li>
102+
</ul></li>
103+
<li>OpenSSL:
104+
<ul>
105+
<li>Fixed bug <?php githubissuel('php/php-src', 16357); ?> (openssl may modify member types of certificate arrays).</li>
106+
<li>Fixed bug <?php githubissuel('php/php-src', 16433); ?> (Large values for openssl_csr_sign() $days overflow).</li>
107+
<li>Fix various memory leaks on error conditions in openssl_x509_parse().</li>
108+
</ul></li>
109+
<li>PDO DBLIB:
110+
<ul>
111+
<li>Fixed bug <?php githubsecurityl('php/php-src', '5hqh-c84r-qjcv'); ?> (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)</li>
112+
</ul></li>
113+
<li>PDO Firebird:
114+
<ul>
115+
<li>Fixed bug <?php githubsecurityl('php/php-src', '5hqh-c84r-qjcv'); ?> (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)</li>
116+
</ul></li>
117+
<li>PDO ODBC:
118+
<ul>
119+
<li>Fixed bug <?php githubissuel('php/php-src', 16450); ?> (PDO_ODBC can inject garbage into field values).</li>
120+
</ul></li>
121+
<li>Phar:
122+
<ul>
123+
<li>Fixed bug <?php githubissuel('php/php-src', 16406); ?> (Assertion failure in ext/phar/phar.c:2808).</li>
124+
</ul></li>
125+
<li>PHPDBG:
126+
<ul>
127+
<li>Fixed bug <?php githubissuel('php/php-src', 16174); ?> (Empty string is an invalid expression for ev).</li>
128+
</ul></li>
129+
<li>Reflection:
130+
<ul>
131+
<li>Fixed bug <?php githubissuel('php/php-src', 16601); ?> (Memory leak in Reflection constructors).</li>
132+
</ul></li>
133+
<li>Session:
134+
<ul>
135+
<li>Fixed bug <?php githubissuel('php/php-src', 16385); ?> (Unexpected null returned by session_set_cookie_params).</li>
136+
<li>Fixed bug <?php githubissuel('php/php-src', 16290); ?> (overflow on cookie_lifetime ini value).</li>
137+
</ul></li>
138+
<li>SOAP:
139+
<ul>
140+
<li>Fixed bug <?php githubissuel('php/php-src', 16318); ?> (Recursive array segfaults soap encoding).</li>
141+
<li>Fixed bug <?php githubissuel('php/php-src', 16429); ?> (Segmentation fault access null pointer in SoapClient).</li>
142+
</ul></li>
143+
<li>Sockets:
144+
<ul>
145+
<li>Fixed bug with overflow socket_recvfrom $length argument.</li>
146+
</ul></li>
147+
<li>SPL:
148+
<ul>
149+
<li>Fixed bug <?php githubissuel('php/php-src', 16337); ?> (Use-after-free in SplHeap).</li>
150+
<li>Fixed bug <?php githubissuel('php/php-src', 16464); ?> (Use-after-free in SplDoublyLinkedList::offsetSet()).</li>
151+
<li>Fixed bug <?php githubissuel('php/php-src', 16479); ?> (Use-after-free in SplObjectStorage::setInfo()).</li>
152+
<li>Fixed bug <?php githubissuel('php/php-src', 16478); ?> (Use-after-free in SplFixedArray::unset()).</li>
153+
<li>Fixed bug <?php githubissuel('php/php-src', 16588); ?> (UAF in Observer-&gt;serialize).</li>
154+
<li>Fix <?php githubissuel('php/php-src', 16477); ?> (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor).</li>
155+
<li>Fixed bug <?php githubissuel('php/php-src', 16589); ?> (UAF in SplDoublyLinked-&gt;serialize()).</li>
156+
<li>Fixed bug <?php githubissuel('php/php-src', 14687); ?> (segfault on SplObjectIterator instance).</li>
157+
<li>Fixed bug <?php githubissuel('php/php-src', 16604); ?> (Memory leaks in SPL constructors).</li>
158+
<li>Fixed bug <?php githubissuel('php/php-src', 16646); ?> (UAF in ArrayObject::unset() and ArrayObject::exchangeArray()).</li>
159+
</ul></li>
160+
<li>Standard:
161+
<ul>
162+
<li>Fixed bug <?php githubissuel('php/php-src', 16293); ?> (Failed assertion when throwing in assert() callback with bail enabled).</li>
163+
</ul></li>
164+
<li>Streams:
165+
<ul>
166+
<li>Fixed bug <?php githubsecurityl('php/php-src', 'c5f2-jwm7-mmq2'); ?> (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)</li>
167+
<li>Fixed bug <?php githubsecurityl('php/php-src', 'r977-prxv-hc43'); ?> (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)</li>
168+
</ul></li>
169+
<li>SysVMsg:
170+
<ul>
171+
<li>Fixed bug <?php githubissuel('php/php-src', 16592); ?> (msg_send() crashes when a type does not properly serialized).</li>
172+
</ul></li>
173+
<li>SysVShm:
174+
<ul>
175+
<li>Fixed bug <?php githubissuel('php/php-src', 16591); ?> (Assertion error in shm_put_var).</li>
176+
</ul></li>
177+
<li>XMLReader:
178+
<ul>
179+
<li>Fixed bug <?php githubissuel('php/php-src', 16292); ?> (Segmentation fault in ext/xmlreader/php_xmlreader.c).</li>
180+
</ul></li>
181+
<li>Zlib:
182+
<ul>
183+
<li>Fixed bug <?php githubissuel('php/php-src', 16326); ?> (Memory management is broken for bad dictionaries.) (cmb)</li>
184+
</ul></li>
185+
</ul>
186+
<!-- }}} --></section>
187+
188+
189+
11190
<section class="version" id="8.3.13"><!-- {{{ 8.3.13 -->
12191
<h3>Version 8.3.13</h3>
13192
<b><?php release_date('24-Oct-2024'); ?></b>

archive/archive.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
<uri>http://php.net/contact</uri>
1010
<email>[email protected]</email>
1111
</author>
12+
<xi:include href="entries/2024-11-21-2.xml"/>
1213
<xi:include href="entries/2024-11-21-1.xml"/>
1314
<xi:include href="entries/2024-11-07-1.xml"/>
1415
<xi:include href="entries/2024-10-24-3.xml"/>

archive/entries/2024-11-21-2.xml

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
<?xml version="1.0" encoding="utf-8"?>
2+
<entry xmlns="http://www.w3.org/2005/Atom">
3+
<title>PHP 8.3.14 Released!</title>
4+
<id>https://www.php.net/archive/2024.php#2024-11-21-2</id>
5+
<published>2024-11-21T04:17:35+00:00</published>
6+
<updated>2024-11-21T04:17:35+00:00</updated>
7+
<link href="https://www.php.net/index.php#2024-11-21-2" rel="alternate" type="text/html"/>
8+
<link href="https://www.php.net/archive/2024.php#2024-11-21-2" rel="via" type="text/html"/>
9+
<category term="releases" label="New PHP release"/>
10+
<category term="frontpage" label="PHP.net frontpage news"/>
11+
<content type="xhtml">
12+
<div xmlns="http://www.w3.org/1999/xhtml"><p>The PHP development team announces the immediate availability of PHP 8.3.14. This is a security release.</p>
13+
14+
<p>All PHP 8.3 users are encouraged to upgrade to this version.</p>
15+
16+
<p>For source downloads of PHP 8.3.14 please visit our <a href="https://www.php.net/downloads.php">downloads page</a>,
17+
Windows source and binaries can be found on <a href="https://windows.php.net/download/">windows.php.net/download/</a>.
18+
The list of changes is recorded in the <a href="https://www.php.net/ChangeLog-8.php#8.3.14">ChangeLog</a>.
19+
</p> </div>
20+
</content>
21+
</entry>

include/releases.inc

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,42 @@
22
$OLDRELEASES = array (
33
8 =>
44
array (
5+
'8.3.13' =>
6+
array (
7+
'announcement' =>
8+
array (
9+
'English' => '/releases/8_3_13.php',
10+
),
11+
'tags' =>
12+
array (
13+
),
14+
'date' => '24 Oct 2024',
15+
'source' =>
16+
array (
17+
0 =>
18+
array (
19+
'filename' => 'php-8.3.13.tar.gz',
20+
'name' => 'PHP 8.3.13 (tar.gz)',
21+
'sha256' => 'ffe34317d2688ed3161809c90ca4135c84ebfdfd12a46880a264d7d1e1d7739a',
22+
'date' => '24 Oct 2024',
23+
),
24+
1 =>
25+
array (
26+
'filename' => 'php-8.3.13.tar.bz2',
27+
'name' => 'PHP 8.3.13 (tar.bz2)',
28+
'sha256' => 'c7791c82e1a554ccaf84a40ba71cc1417ba9af67fb5b39780837fd7c7eb6f124',
29+
'date' => '24 Oct 2024',
30+
),
31+
2 =>
32+
array (
33+
'filename' => 'php-8.3.13.tar.xz',
34+
'name' => 'PHP 8.3.13 (tar.xz)',
35+
'sha256' => '89adb978cca209124fe53fd6327bc4966ca21213a7fa2e9504f854e340873018',
36+
'date' => '24 Oct 2024',
37+
),
38+
),
39+
'museum' => false,
40+
),
541
'8.2.25' =>
642
array (
743
'announcement' =>

include/version.inc

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -20,13 +20,13 @@ $RELEASES = (function () {
2020

2121
/* PHP 8.3 Release */
2222
$data['8.3'] = [
23-
'version' => '8.3.13',
24-
'date' => '24 Oct 2024',
25-
'tags' => [], // Set to ['security'] for security releases.
23+
'version' => '8.3.14',
24+
'date' => '21 Nov 2024',
25+
'tags' => ['security'], // Set to ['security'] for security releases.
2626
'sha256' => [
27-
'tar.gz' => 'ffe34317d2688ed3161809c90ca4135c84ebfdfd12a46880a264d7d1e1d7739a',
28-
'tar.bz2' => 'c7791c82e1a554ccaf84a40ba71cc1417ba9af67fb5b39780837fd7c7eb6f124',
29-
'tar.xz' => '89adb978cca209124fe53fd6327bc4966ca21213a7fa2e9504f854e340873018',
27+
'tar.gz' => 'e4ee602c31e2f701c9f0209a2902dd4802727431246a9155bf56dda7bcf7fb4a',
28+
'tar.bz2' => 'f56fa669ce4c01452a2921f40034d779d8c2b97d0749493ad4781813b9221cf8',
29+
'tar.xz' => '58b4cb9019bf70c0cbcdb814c7df79b9065059d14cf7dbf48d971f8e56ae9be7',
3030
]
3131
];
3232

releases/8_3_14.php

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
<?php
2+
$_SERVER['BASE_PAGE'] = 'releases/8_3_14.php';
3+
include_once __DIR__ . '/../include/prepend.inc';
4+
site_header('PHP 8.3.14 Release Announcement');
5+
?>
6+
<h1>PHP 8.3.14 Release Announcement</h1>
7+
8+
<p>The PHP development team announces the immediate availability of PHP 8.3.14. This is a security release.</p>
9+
10+
<p>All PHP 8.3 users are encouraged to upgrade to this version.</p>
11+
12+
<p>For source downloads of PHP 8.3.14 please visit our <a href="https://www.php.net/downloads.php">downloads page</a>,
13+
Windows source and binaries can be found on <a href="https://windows.php.net/download/">windows.php.net/download/</a>.
14+
The list of changes is recorded in the <a href="https://www.php.net/ChangeLog-8.php#8.3.14">ChangeLog</a>.
15+
</p>
16+
<?php site_footer();

0 commit comments

Comments
 (0)