Deprecated support for IBM i v7r2 due to openssl 1.1.1 deprecation by IBM. All IBM i >= v7r3 must use at least OSS base 7.3 to be able to install/upgrade.
Fixed
- Zend Server Z-Ray Database Queries failed to update placeholder value bindings in queries view when PDOStatement::bindValue() was called multiple times for the same placeholder.
- JQD excessive memory consumption when jobs failed in combination with redirects
- JQD crashes when running HTTPS jobs when Zend Server was used in cluster mode with MySQL database
- e-mail configuration testing
- Fixed e-mail notifications for Zend Server JobQueue events
- Monitor rules import, e-mail address export/import in monitoring rules
Added
- PHP directive max_multipart_body_parts in Zend Server GUI. Parameter has been added as PHP security fix
Changed
- Zend Server GUI, Plugins Gallery, change the plugin's package download url from static.zend.com to api-plugins.zend.com
Updated
PHP Extensions
- Linux
- memcached 3.2.0
- mongodb (php-specific) 1.19.1/1.16.2/1.11.1
- redis 6.0.2
- ssh2 1.4.1
- Windows
- imagick 3.7.0
- redis 6.0.2 (php >= 7.2) PHP and Zend Server dependency components
- Linux, IBM i (selected components only)
- lighttpd 1.4.76
- zlib 1.3.1
- libxml2 2.11.8
- libssh2 (where needed) 1.11.0
- openldap (selected distros only) 2.5.18
- freetype 2.13.2
- libimagic 6.9.13.11
- libsodium 1.0.20
- libzip 1.10.1
- xerces 3.2.5
- IBM i builds linked with OpenSSL 3.
- Windows
- httpd 2.4.62
- libzip 1.10.1
- curl 8.10.1
- imagemagick 7.1.0-18
Backported PHP CVE fixes
PHP 7.4.33.7 changes
CGI
- Fixed bug GHSA-p99j-rfp4-xqvq: Bypass of CVE-2024-4577, Parameter Injection Vulnerability. (CVE-2024-8926)
- Fixed bug GHSA-94p6-54jq-9mwp: cgi.force_redirect configuration is bypassable due to the environment variable collision. (CVE-2024-8927)
FPM
- Fixed bug GHSA-865w-9rf3-2wh5: Logs from childrens may be altered. (CVE-2024-9026)
SAPI
- Fixed bug GHSA-9pqp-7h25-4f32: Erroneous parsing of multipart form data. (CVE-2024-8925)
PHP 7.3.33.12, 7.2.34.20, 7.1.33.24 changes
CGI
- Fixed bug GHSA-p99j-rfp4-xqvq: Bypass of CVE-2024-4577, Parameter Injection Vulnerability. (CVE-2024-8926)
- Fixed bug GHSA-94p6-54jq-9mwp: cgi.force_redirect configuration is bypassable due to the environment variable collision. (CVE-2024-8927)
SAPI
- Fixed bug GHSA-9pqp-7h25-4f32: Erroneous parsing of multipart form data. (CVE-2024-8925)