The PHP development team announces three new versions: 7.2.27, 7.3.14, 7.4.2. All versions has been released at January 23 and available immediately at their download page. For every releases, there are many improvements and bug fixes. All PHP users are encouraged to upgrade to this version.
But if you want to use precompiled one, you must wait for your distribution to provide it.
PHP 7.2.27 Changelog
- Mbstring:
- Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
- Session:
- Fixed bug #79091 (heap use-after-free in session_create_id()).
- Standard:
- Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059)
PHP 7.3.14 Changelog
- Core:
- Fixed bug #78999 (Cycle leak when using function result as temporary).
- CURL:
- Fixed bug #79033 (Curl timeout error with specific url and post).
- Date:
- Fixed bug #79015 (undefined-behavior in php_date.c).
- DBA:
- Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).
- Fileinfo:
- Fixed bug #74170 (locale information change after mime_content_type).
- GD:
- Libxml:
- Fixed bug #79029 (Use After Free's in XMLReader / XMLWriter).
- Mbstring:
- Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
- OPcache:
- Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR).
- Pcntl:
- Fixed bug #78402 (Converting null to string in error message is bad DX).
- PDO_PgSQL:
- Session:
- Fixed bug #79091 (heap use-after-free in session_create_id()).
- Shmop:
- Fixed bug #78538 (shmop memory leak).
- Standard:
PHP 7.4.2 Changelog
- Core:
- Preloading support on Windows has been disabled.
- Fixed bug #79022 (class_exists returns True for classes that are not ready to be used).
- Fixed bug #78929 (plus signs in cookie values are converted to spaces).
- Fixed bug #78973 (Destructor during CV freeing causes segfault if opline never saved).
- Fixed bug #78776 (Abstract method implementation from trait does not check "static").
- Fixed bug #78999 (Cycle leak when using function result as temporary).
- Fixed bug #79008 (General performance regression with PHP 7.4 on Windows).
- Fixed bug #79002 (Serializing uninitialized typed properties with __sleep makes unserialize throw).
- CURL:
- Date:
- Fixed bug #79015 (undefined-behavior in php_date.c).
- DBA:
- Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).
- Exif:
- Fixed bug #79046 (NaN to int cast undefined behavior in exif).
- Fileinfo:
- Fixed bug #74170 (locale information change after mime_content_type).
- GD:
- Libxml:
- Fixed bug #79029 (Use After Free's in XMLReader / XMLWriter).
- Mbstring:
- Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
- OPcache:
- Fixed bug #78961 (erroneous optimization of re-assigned $GLOBALS).
- Fixed bug #78950 (Preloading trait method with static variables).
- Fixed bug #78903 (Conflict in RTD key for closures results in crash).
- Fixed bug #78986 (Opcache segfaults when inheriting ctor from immutable into mutable class).
- Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR).
- Fixed bug #79055 (Typed property become unknown with OPcache file cache).
- Pcntl:
- Fixed bug #78402 (Converting null to string in error message is bad DX).
- PDO_PgSQL:
- Session:
- Shmop:
- Fixed bug #78538 (shmop memory leak).
- Sqlite3:
- Fixed bug #79056 (sqlite does not respect PKG_CONFIG_PATH during compilation).
- Spl:
- Fixed bug #78976 (SplFileObject::fputcsv returns -1 on failure).
- Standard: