April 2025Maintenance release, fixing CVE security issues for PHP.Backported PHP CVE fixesPHP version 7.4.33.10, 7.3.33.16, 7.2.34.24, 7.1.33.26 CVE fixesLibXMLFixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714)Fixed GHSA-p3x9-6h7p-cgfc: libxml streams use wrong content-type header when requesting a redirected resource. (CVE-2025-1219)StreamsFixed GHSA-hgf54-96fm-v528: Stream HTTP wrapper header check might omit basic auth header. (CVE-2025-1736)Fixed GHSA-52jp-hrpf-2jff: Stream HTTP wrapper truncates redirect location to 1024 bytes. (CVE-2025-1861)Fixed GHSA-pcmh-g36c-qc44: Streams HTTP wrapper does not fail for headers without colon. (CVE-2025-1734)Fixed GHSA-v8xr-gpvj-cx9g: Header parser of http stream wrapper does not handle folded headers. (CVE-2025-1217)
