This is the list of bugfixes, found in minor versions of PHP that may impact your code.
Title | 7.3 | 7.2 | 7.1 | 7.0 | php-src | Bugs | CVE |
---|---|---|---|---|---|---|---|
Opcache causes incorrect "undefined variable" errors | - | 7.1.18 | 7.1.18 | 7.1.18 | - | #76281 | - |
DateTime::diff gives wrong diff when the actual diff is less than 1 second | - | 7.2.14 | - | - | - | #77097 | - |
Issue with re-binding on SQLite3 | - | 7.2.14 | - | - | - | #77051 | - |
Year component overflow with date formats "c", "o", "r" and "y" | - | 7.2.12 | 7.1.24 | - | - | #75851 | - |
U_ARGUMENT_TYPE_MISMATCH | - | 7.2.12 | 7.1.24 | - | - | #76942 | - |
tidy::getOptDoc() not available on Windows | - | 7.2.12 | 7.1.24 | - | - | #77027 | - |
fractions in `diff()` are not correctly normalized | - | 7.2.12 | - | - | - | #77007 | - |
ReflectionFunction::invoke does not invoke closure with object scope | - | 7.2.12 | - | - | - | #66430 | - |
Wrong exception being thrown when using ReflectionMethod | - | 7.2.11 | 7.1.23 | - | - | #74454 | - |
Memory leak when fetching a BLOB field | - | 7.2.9 | - | - | - | #76488 | - |
Possible Memory Leak using PDO::CURSOR_SCROLL option | - | 7.2.9 | - | - | - | #75402 | - |
Segmentation fault when using `output_add_rewrite_var` | - | 7.2.9 | - | - | - | #76643 | - |
ZipArchive memory leak (OVERWRITE flag and empty archive) | - | 7.2.9 | - | - | - | #76524 | - |
NoRewindIterator segfault 11 | - | 7.2.7 | - | - | - | #76367 | - |
Intl compilation fails with icu4c 61.1 | - | 7.2.5 | - | - | - | #76153 | - |
mbstring does not build with Oniguruma 6.8.1 | - | 7.2.5 | - | - | - | #76113 | - |
Access violation when using opcache | - | 7.2.5 | - | - | - | #76094 | - |
wrong unicode mapping in some charsets | - | 7.2.4 | 7.1.15 | 7.0.29 | - | #62545 | - |
Assertion failure in live range DCE due to block pass misoptimization | - | 7.2.4 | 7.1.15 | 7.0.29 | - | #75969 | - |
Segmentation fault in buildFromIterator when directory name contains a \n | - | 7.2.4 | 7.1.15 | 7.0.29 | - | #76085 | - |
Timezone gets truncated when formatted | - | 7.2.3 | 7.1.15 | - | - | #75857 | - |
Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null` | - | 7.2.3 | 7.1.15 | - | - | #75928 | - |
deal with leading slash while adding files correctly | - | 7.2.3 | 7.1.15 | - | - | #65414 | - |
strange behavior of AppendIterator | - | 7.2.3 | 7.1.15 | - | - | #74519 | - |
Phar::extractTo() does not accept specific directories to be extracted | - | 7.2.3 | - | - | - | #54289 | - |
opcache segfault when installing Bitrix | - | 7.2.3 | - | - | - | #75729 | - |
SoapClient generates E_ERROR even if exceptions=1 is used | - | 7.2.2 | 7.1.14 | - | - | #70469 | - |
RecursiveArrayIterator does not traverse arrays by reference | - | 7.2.2 | 7.1.14 | - | - | #75717 | - |
RecursiveArrayIterator doesn't have constants from parent class | - | 7.2.2 | 7.1.14 | - | - | #75242 | - |
RecursiveArrayIterator does not iterate object properties | - | 7.2.2 | 7.1.14 | - | - | #73209 | - |
Using @ crashes php7.2-fpm | - | 7.2.2 | - | - | - | #75698 | - |
remove file name from output to avoid XSS | - | 7.2.1 | 7.1.13 | - | - | #74782 | - |
Segfault with libzip 1.3.1 | - | 7.2.1 | 7.1.13 | - | - | #75540 | - |
Invalid opcode 138/1/1 | - | 7.2.1 | - | - | - | #75556 | - |
MessageFormatter::formatMessage memory corruption with 11+ named placeholders | - | - | 7.1.22 | - | - | #74484 | - |
RegexIterator pregFlags are NULL instead of 0 | - | - | 7.1.22 | - | - | #68175 | - |
Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option | - | - | 7.1.22 | - | - | #65988 | - |
Undefined property: DateInterval::$f | - | - | 7.1.20 | - | - | #76462 | - |
Integer Underflow when unserializing GMP and possible other classes | - | - | 7.1.20 | - | - | #74670 | - |
PHP crashes with core dump when throwing exception in error handler | - | - | 7.1.20 | - | - | #76536 | - |
ReflectionProperty#getValue() incorrectly works with inherited classes | - | - | 7.1.20 | - | - | #75231 | - |
self keyword leads to incorrectly generated TypeError when in closure in trait | - | - | 7.1.14 | - | - | #75079 | - |
Enchant still reports version 1.1.0 | - | - | 7.1.12 | 7.0.26 | - | #75365 | - |
Exif extension has built in revision version | - | - | 7.1.12 | 7.0.26 | - | #75301 | - |
UConverter::setDestinationEncoding changes source instead of destination | - | - | 7.1.12 | 7.0.26 | - | #75317 | - |
debug info of Closures of internal functions contain garbage argument names | - | - | 7.1.11 | 7.0.25 | - | #75290 | - |
error: 'zend_hash_key' has no member named 'arKey' in apache2handler | - | - | 7.1.11 | 7.0.25 | - | #75311 | - |
The parameter of UConverter::getAliases() is not optional | - | - | 7.1.11 | 7.0.25 | - | #75318 | - |
arcfour encryption stream filter crashes php | - | - | 7.1.11 | 7.0.25 | - | #72535 | - |
applied upstream patch for CVE-2016-1283 | - | - | 7.1.11 | 7.0.25 | - | #75207 | - |
SplDoublyLinkedList::setIteratorMode masks intern flags | - | - | 7.1.11 | 7.0.25 | - | #73629 | - |
Data corruption when reading fields of bit type | - | - | 7.1.11 | - | - | #75018 | - |
Request hangs and not finish | - | - | 7.1.11 | - | - | #75255 | - |
Type 'bit' is fetched as unexpected string | - | - | 7.1.11 | - | - | #75177 | - |
BC math handles minus zero incorrectly | - | - | 7.1.10 | 7.0.24 | - | #46781 | - |
libgd/gd_interpolation.c:1786: suspicious if ? | - | - | 7.1.10 | 7.0.24 | - | #75139 | - |
incorrect behavior of AppendIterator::append in foreach loop | - | - | 7.1.10 | 7.0.24 | - | #75173 | - |
AppendIterator::append() is broken when appending another AppendIterator | - | - | 7.1.10 | - | - | #75155 | - |
Fixed finding CURL on systems with multiarch support | - | - | 7.1.9 | 7.0.23 | - | #74125 | - |
include_path has a 4096 char limit in some cases | - | - | 7.1.9 | 7.0.23 | - | #74991 | - |
null pointer dereference in _function_string | - | - | 7.1.9 | 7.0.23 | - | #74949 | - |
Unserialize ArrayIterator broken | - | - | 7.1.9 | 7.0.23 | - | #74669 | - |
Crash in recursive iterator destructors | - | - | 7.1.9 | 7.0.23 | - | #75015 | - |
Main CWD initialized with wrong codepage | - | - | 7.1.9 | - | - | #75063 | - |
Url Rewriting (trans_sid) not working on urls that start with "#" | - | - | 7.1.9 | - | - | #74892 | - |
Appending AppendIterator leads to segfault | - | - | 7.1.9 | - | - | #74977 | - |
References to deleted XPath query results | - | - | 7.1.7 | 7.0.21 | - | #69373 | - |
Stack Buffer Overflow in msgfmt_parse_message | - | - | 7.1.7 | 7.0.21 | - | #73473 | - |
Wrong reflection on Collator::getSortKey and collator_get_sort_key | - | - | 7.1.7 | 7.0.21 | - | #74705 | - |
Segfault with opcache.memory_protect and validate_timestamp | - | - | 7.1.7 | 7.0.21 | - | #74663 | - |
Segfault when cast Reflection object to string with undefined constant | - | - | 7.1.7 | 7.0.21 | - | #74673 | - |
null coalescing operator failing with SplFixedArray | - | - | 7.1.7 | 7.0.21 | - | #74478 | - |
ftp:// wrapper ignores context arg | - | - | 7.1.7 | 7.0.21 | - | #74598 | - |
Phar::__construct reflection incorrect | - | - | 7.1.7 | 7.0.21 | - | #74386 | - |
Incorrect conversion array with WSDL_CACHE_MEMORY | - | - | 7.1.7 | 7.0.21 | - | #74679 | - |
implement clone for DatePeriod and DateInterval | - | - | 7.1.7 | - | - | #74639 | - |
PharData always creates new files with mode 0666 | - | - | - | 7.0.33 | - | #77022 | - |
Heap Buffer Overflow (READ: 4) in phar_parse_pharfile | - | - | - | 7.0.33 | - | #77143 | - |
Null Pointer Dereference in timelib_time_clone | - | - | - | 7.0.23 | - | #75002 | - |
grapheme_strpos illegal memory access | - | - | - | 7.0.21 | - | #73634 | - |
Invalid Reflection signatures for random_bytes and random_int | - | - | - | 7.0.21 | - | #74708 | - |
Heap buffer overflow in substr | - | - | - | 7.0.21 | - | #73648 | - |
PDO MySQL segfaults with persistent connection | 7.3.2 | - | - | - | - | #77289 | - |
Segmentation Fault when executing method with an empty parameter | 7.3.2 | - | - | - | - | #77410 | - |
wrong reflection on Collator::sortWithSortKeys | - | - | 7.1.6 | 7.0.20 | - | #74468 | - |
mysqli::change_user() doesn't accept null as $database argument w/strict_types | - | - | 7.1.6 | 7.0.20 | - | #74547 | - |
SIGSEGV with opcache.revalidate_path enabled | - | - | 7.1.6 | 7.0.20 | - | #74596 | - |
Phar::webPhar() does not handle requests sent through PUT and DELETE method | - | - | 7.1.6 | 7.0.20 | - | #51918 | - |
Wrong reflection on XMLReader::expand | - | - | 7.1.6 | 7.0.20 | - | #74457 | - |
__DIR__ wrong for unicode character | - | - | 7.1.6 | - | - | #74589 | - |
Wrong reflection on DOMNode::cloneNode | - | - | 7.1.5 | 7.0.19 | - | #74416 | - |
phar method parameters reflection correction | - | - | 7.1.5 | 7.0.19 | - | #74383 | - |
multiple catch freezes in some cases | - | - | 7.1.5 | - | - | #74444 | - |
Intl does not support DateTimeImmutable | - | - | 7.1.5 | - | - | #65683 | - |
IntlDateFormatter->format() doesn't return microseconds/fractions | - | - | 7.1.5 | - | - | #74298 | - |
Segmentation error while running a script in CLI mode | - | - | 7.1.5 | - | - | #74456 | - |
foreach infinite loop | - | - | 7.1.5 | - | - | #74431 | - |
Opcached version produces a nested array | - | - | 7.1.5 | - | - | #74442 | - |
yield fromLABEL is over-greedy | - | - | 7.1.4 | 7.0.18 | - | #74302 | - |
NAN check fails on Alpine Linux with musl | - | - | 7.1.3 | 7.0.17 | - | #73954 | - |
Segfault with nested generators | - | - | 7.1.3 | - | - | #74157 | - |
incorrect reflection for SQLite3::enableExceptions | - | - | - | 7.0.19 | - | #74413 | - |
DateTime wrong when date string is negative | - | - | - | 7.0.17 | - | #73294 | - |
wrong timestamp when call setTimeZone multi times with UTC offset | - | - | - | 7.0.17 | - | #73489 | - |
$date->modify('Friday this week') doesn't return a Friday if $date is a Sunday | - | - | - | 7.0.17 | - | #73942 | - |
Cannot fetch multiple values with group in ini file | - | - | - | 7.0.11 | - | #70825 | - |
Cannot upload file using ftp_put to FTPES with require_ssl_reuse | - | - | - | 7.0.11 | - | #70195 | - |
microtime() leaks memory | - | - | - | 7.0.10 | - | #72024 | - |
implode() inserts garbage into resulting string when joins very big integer | - | - | - | 7.0.7 | - | #72100 | - |
Including a file with anonymous classes multiple times leads to fatal error | - | - | - | 7.0.7 | - | #72014 | - |
yield from does not count EOLs | - | - | - | 7.0.5 | - | #71724 | - |
Buffer over-write in finfo_open with malformed magic file | - | - | - | 7.0.5 | - | #71527 | CVE-2015-8865 |
PharData fails to open specific file | - | - | - | 7.0.5 | - | #71317 | - |
Variable references on array elements don't work when using count | - | - | - | 7.0.4 | - | #71529 | - |
Built-in HTTP server, we can download file in web by bug | - | - | - | 7.0.4 | - | #71559 | - |
finfo throws notice for specific python file | - | - | - | 7.0.4 | - | #71434 | - |
An integer overflow bug in php_implode() could lead heap overflow, make crashes | - | - | - | 7.0.4 | - | #71449 | - |
exec functions ignore length but look for NULL termination | - | - | - | 7.0.3 | - | #71039 | - |
Upgraded bundled PCRE library to 8.38. | - | - | - | 7.0.3 | - | # | CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394 |
pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL | - | - | - | 7.0.0 | - | #60509 | - |
Allow "dirname" to go up various times | - | - | - | 7.0.0 | - | #70112 | - |
exec does not strip all whitespace | - | - | - | 7.0.0 | - | #70018 | - |