11PHP NEWS
22|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
3- ?? ??? ???? , PHP 8.4.5
3+ 13 Mar 2025 , PHP 8.4.5
44
55- BCMath:
66 . Fixed bug GH-17398 (bcmul memory leak). (SakiTakamachi)
@@ -21,6 +21,8 @@ PHP NEWS
2121 (DanielEScherzer)
2222 . Fixed bug GH-17866 (zend_mm_heap corrupted error after upgrading from
2323 8.4.3 to 8.4.4). (nielsdos)
24+ . Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown
25+ causes Use-After-Free). (CVE-2024-11235) (ilutov)
2426
2527- DOM:
2628 . Fixed bug GH-17609 (Typo in error message: Dom\NO_DEFAULT_NS instead of
@@ -49,6 +51,11 @@ PHP NEWS
4951 . Fixed bug GH-17704 (ldap_search fails when $attributes contains a
5052 non-packed array with numerical keys). (nielsdos, 7u83)
5153
54+ - LibXML:
55+ . Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714). (nielsdos)
56+ . Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header
57+ when requesting a redirected resource). (CVE-2025-1219) (timwolla)
58+
5259- MBString:
5360 . Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables).
5461 (cmb)
@@ -90,6 +97,14 @@ PHP NEWS
9097- Streams:
9198 . Fixed bug GH-17650 (realloc with size 0 in user_filters.c). (nielsdos)
9299 . Fix memory leak on overflow in _php_stream_scandir(). (nielsdos)
100+ . Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit
101+ basic auth header). (CVE-2025-1736) (Jakub Zelenka)
102+ . Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location
103+ to 1024 bytes). (CVE-2025-1861) (Jakub Zelenka)
104+ . Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers
105+ without colon). (CVE-2025-1734) (Jakub Zelenka)
106+ . Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not
107+ handle folded headers). (CVE-2025-1217) (Jakub Zelenka)
93108
94109- Windows:
95110 . Fixed phpize for Windows 11 (24H2). (Bob)
0 commit comments