The PHP development team announces three new versions: 7.2.29, 7.3.16, 7.4.4. All versions has been released at March 19 and available immediately at their download page. For every releases, there are many improvements and bug fixes. All PHP users are encouraged to upgrade to this version.
But if you want to use precompiled one, you must wait for your distribution to provide it.
PHP 7.2.29 Changelog
- Core:
- Fixed bug #79329 (get_headers() silently truncates after a null byte) (CVE-2020-7066) (cmb)
- EXIF:
- Fixed bug #79282 (Use-of-uninitialized-value in exif) (CVE-2020-7064) (Nikita)
PHP 7.3.16 Changelog
- Core:
- Fixed bug #63206 (restore_error_handler does not restore previous errors mask).
- COM:
- Fixed bug #66322 (COMPersistHelper::SaveToFile can save to wrong location).
- Fixed bug #79242 (COM error constants don't match com_exception codes on x86).
- Fixed bug #79248 (Traversing empty VT_ARRAY throws com_exception).
- Fixed bug #79299 (com_print_typeinfo prints duplicate variables).
- Fixed bug #79332 (php_istreams are never freed).
- Fixed bug #79333 (com_print_typeinfo() leaks memory).
- DOM:
- Enchant:
- Fixed bug #79311 (enchant_dict_suggest() fails on big endian architecture).
- EXIF:
- Fixed bug #79282 (Use-of-uninitialized-value in exif). (CVE-2020-7064)
- MBstring:
- Fixed bug #79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full). (CVE-2020-7065)
- MySQLi:
- Fixed bug #64032 (mysqli reports different client_version).
- PCRE:
- Fixed bug #79188 (Memory corruption in preg_replace/preg_replace_callback and unicode).
- PDO_ODBC:
- Fixed bug #79038 (PDOStatement::nextRowset() leaks column values).
- Reflection:
- Fixed bug #79062 (Property with heredoc default value returns false for getDocComment).
- SQLite3:
- Fixed bug #79294 (::columnType() may fail after SQLite3Stmt::reset()).
- Standard:
PHP 7.4.4 Changelog
- Core:
- COM:
- Fixed bug #66322 (COMPersistHelper::SaveToFile can save to wrong location).
- Fixed bug #79242 (COM error constants don't match com_exception codes on x86).
- Fixed bug #79247 (Garbage collecting variant objects segfaults).
- Fixed bug #79248 (Traversing empty VT_ARRAY throws com_exception).
- Fixed bug #79299 (com_print_typeinfo prints duplicate variables).
- Fixed bug #79332 (php_istreams are never freed).
- Fixed bug #79333 (com_print_typeinfo() leaks memory).
- CURL:
- DOM:
- Enchant:
- Fixed bug #79311 (enchant_dict_suggest() fails on big endian architecture).
- EXIF:
- Fixed bug #79282 (Use-of-uninitialized-value in exif) (CVE-2020-7064).
- Fileinfo:
- Fixed bug #79283 (Segfault in libmagic patch contains a buffer overflow).
- FPM:
- MBstring:
- Fixed bug #79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full) (CVE-2020-7065).
- MySQLi:
- Fixed bug #64032 (mysqli reports different client_version).
- MySQLnd:
- Implemented FR #79275 (Support auth_plugin_caching_sha2_password on Windows).
- Opcache:
- Fixed bug #79252 (preloading causes php-fpm to segfault during exit).
- PCRE:
- PDO_ODBC:
- Fixed bug #79038 (PDOStatement::nextRowset() leaks column values).
- Reflection:
- Fixed bug #79062 (Property with heredoc default value returns false for getDocComment).
- SQLite3:
- Fixed bug #79294 (::columnType() may fail after SQLite3Stmt::reset()).
- Standard:
- Zip:
- Fixed bug #79315 (ZipArchive::addFile doesn't honor start/length parameters).