Contains only PHP and installer/packaging fixes/changes; no changes in Zend Server.
Backported PHP 7.1.33.21, 7.2.34.17, 7.3.33.9 CVE Fixes
- Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823)
- Phar: Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in
phar_dir_read()
). (CVE-2023-3824)
Backported PHP 7.1.33.20, 7.2.34.16, 7.3.33.8 CVE Fixes
- Soap: Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (CVE-2023-3247)
Backported PHP 7.1.33.19, 7.2.34.15, 7.3.33.7 CVE Fixes
- Intl: Fixed bug #72809 (Locale::lookup() wrong result with canonicalize option).
Windows
- Updated Apache v.2.4.57 in Zend Server Windows installation package