September 2024ZendPHP ChangesSupport ended for IBM i = V7R2PHP is now built with OpenSSL v3. OpenSSL 3 is available from IBM i v7r3 OpenSource base rpm repositories.NOTE FOR USERS ON IBM i : due to packaging issues by IBM, postgresql12-libpq package upgrade may not complete properly (missing symbolic links for libraries) and causes PHP postgreql extensions to not load. Fix: yum reinstall postgresql12-libpqCommunity CVE FixesPHP version 8.3.12, 8.2.24, 8.1.30 CVE fixesCGIFixed bug GHSA-p99j-rfp4-xqvq: Bypass of CVE-2024-4577, Parameter Injection Vulnerability. (CVE-2024-8926)Fixed bug GHSA-94p6-54jq-9mwp: cgi.force_redirect configuration is bypassable due to the environment variable collision. (CVE-2024-8927)FPMFixed bug GHSA-865w-9rf3-2wh5: Logs from childrens may be altered. (CVE-2024-9026)SAPIFixed bug GHSA-9pqp-7h25-4f32: Erroneous parsing of multipart form data. (CVE-2024-8925)Backported PHP CVE FixesPHP version 7.2.34.20, 7.3.33.12, 7.4.33.7, 8.0.30.3 CVE fixesCGIFixed bug GHSA-p99j-rfp4-xqvq: Bypass of CVE-2024-4577, Parameter Injection Vulnerability. (CVE-2024-8926)Fixed bug GHSA-94p6-54jq-9mwp: cgi.force_redirect configuration is bypassable due to the environment variable collision. (CVE-2024-8927)SAPIFixed bug GHSA-9pqp-7h25-4f32: Erroneous parsing of multipart form data. (CVE-2024-8925)PHP version 7.4.33.7, 8.0.30.3 CVE fixesFPMFixed bug GHSA-865w-9rf3-2wh5: Logs from childrens may be altered. (CVE-2024-9026)Community FixesPHP version 8.3.12 fixesCoreFixed bug GH-15408: MSan false-positve on zend_max_execution_timer.Fixed bug GH-15515: Configure error grep illegal option q.Fixed bug GH-15514: Configure error: genif.sh: syntax error.Fixed bug GH-15565: --disable-ipv6 during compilation produces error EAI_SYSTEM not found.Fixed bug GH-15587: CRC32 API build error on arm 32-bit.Fixed bug GH-15330: Do not scan generator frames more than once.Fixed uninitialized lineno in constant AST of internal enums.CurlFIxed bug GH-15547: curl_multi_select overflow on timeout argument.DOMFixed bug GH-15551: Segmentation fault (access null pointer) in ext/dom/xml_common.h.Fixed bug GH-15654: Signed integer overflow in ext/dom/nodelist.c.FileinfoFixed bug GH-15752: Incorrect error message for finfo_file with an empty filename argument.MySQLndFixed bug GH-15432: Heap corruption when querying a vector.OpcacheFixed bug GH-15661: Access null pointer in Zend/Optimizer/zend_inference.c.Fixed bug GH-15658: Segmentation fault in Zend/zend_vm_execute.h.StandardFixed bug GH-15552: Signed integer overflow in ext/standard/scanf.c.StreamsFixed bug GH-15628: php_stream_memory_get_buffer() not zero-terminated.PHP version 8.2.24 fixesCoreFixed bug GH-15408: MSan false-positve on zend_max_execution_timer.Fixed bug GH-15515: Configure error grep illegal option q.Fixed bug GH-15514: Configure error: genif.sh: syntax error.Fixed bug GH-15565: --disable-ipv6 during compilation produces error EAI_SYSTEM not found.Fixed bug GH-15587: CRC32 API build error on arm 32-bit.Fixed bug GH-15330: Do not scan generator frames more than once.Fixed uninitialized lineno in constant AST of internal enums.CurlFIxed bug GH-15547: curl_multi_select overflow on timeout argument.DOMFixed bug GH-15551: Segmentation fault (access null pointer) in ext/dom/xml_common.h.FileinfoFixed bug GH-15752: Incorrect error message for finfo_file with an empty filename argument.MySQLndFixed bug GH-15432: Heap corruption when querying a vector.OpcacheFixed bug GH-15661: Access null pointer in Zend/Optimizer/zend_inference.c.Fixed bug GH-15658: Segmentation fault in Zend/zend_vm_execute.h.SOAPFixed bug #73182: PHP SOAPClient does not support stream context HTTP headers in array form.StandardFixed bug GH-15552: Signed integer overflow in ext/standard/scanf.c.StreamsFixed bug GH-15628: php_stream_memory_get_buffer() not zero-terminated.
