PHP 7.4.15, 7.3.27 and 8.0.2 released!

The PHP development team have just announced today the immediate availability of three PHP versions 7.4.15, 7.3.27 and 8.0.2 : Two security releases and one bugfix release.

Changes in the PHP 7.4.15 release include :

• Core:
  • Fixed bug #80523 (bogus parse error on >4GB source code).
  • Fixed bug #80384 (filter buffers entire read until file closed).
• Curl:
  • Fixed bug #80595 (Resetting POSTFIELDS to empty array breaks request).
• Date:
  • Fixed bug #80376 (last day of the month causes runway cpu usage.
• MySQLi:
  • Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to interpret bit columns).
  • Fixed bug #64638 (Fetching resultsets from stored procedure with cursor fails).
  • Fixed bug #72862 (segfault using prepared statements on stored procedures that use a cursor).
  • Fixed bug #77935 (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP with a cursor).
• Phar:
  • Fixed bug #77565 (Incorrect locator detection in ZIP-based phars).
  • Fixed bug #69279 (Compressed ZIP Phar extractTo() creates garbage files).
• SOAP:
  • Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702)

Changes in the PHP 7.3.27 include :

SOAP:

• Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702)

And finally changes in the PHP 8.0.2 include :

• Core:
  • Fixed bug #80523 (bogus parse error on >4GB source code).
  • Fixed bug #80384 (filter buffers entire read until file closed).
  • Fixed bug #80596 (Invalid union type TypeError in anonymous classes).
  • Fixed bug #80617 (GCC throws warning about type narrowing in ZEND_TYPE_INIT_CODE).
• BCMath:
  • Fixed bug #80545 (bcadd(‘a’, ‘a’) doesn’t throw an exception).
• Curl:
  • Fixed bug #80595 (Resetting POSTFIELDS to empty array breaks request).
• Date:
  • Fixed bug #80376 (last day of the month causes runway cpu usage).
• DOM:
  • Fixed bug #80537 (Wrong parameter type in DOMElement::removeAttributeNode stub).
• Filter:
  • Fixed bug #80584 (0x and 0X are considered valid hex numbers by filter_var()).
• GMP:
  • Fixed bug #80560 (Strings containing only a base prefix return 0 object).
• Intl:
  • Fixed bug #80644 (Missing resource causes subsequent get() calls to fail).
• MySQLi:
  • Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to interpret bit columns).
  • Fixed bug #64638 (Fetching resultsets from stored procedure with cursor fails).
  • Fixed bug #72862 (segfault using prepared statements on stored procedures that use a cursor).
  • Fixed bug #77935 (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP with a cursor).
• ODBC:
  • Fixed bug #80592 (all floats are the same in ODBC parameters).
• Opcache:
  • Fixed bug #80422 (php_opcache.dll crashes when using Apache 2.4 with JIT).
• PDO_Firebird:
  • Fixed bug #80521 (Parameters with underscores no longer recognized).
• Phar:
  • Fixed bug #76929 (zip-based phar does not respect phar.require_hash).
  • Fixed bug #77565 (Incorrect locator detection in ZIP-based phars).
  • Fixed bug #69279 (Compressed ZIP Phar extractTo() creates garbage files).
• Phpdbg:
  • Reverted fix for bug #76813 (Access violation near NULL on source operand).
• SOAP:
  • Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702)

Overall more than 20 bugs fixed in the PHP 8.0.2 and 7.4.15. The 7.3.27 received just one security bugfix related to SoapClient. You are encouraged to upgrade your PHP version to the latest available one.

More information at https://www.php.net/