On 4/11/24 08:55, Athos Ribeiro wrote:
On Thu, Apr 11, 2024 at 08:03:31AM -0700, ericm...@php.net wrote:
The PHP development team announces the immediate availability of PHP
8.3.6. This is a security release that addresses CVE-2024-1874,
CVE-2024-2756, CVE-2024-3096, and CVE-2024-2757.
Thank you!!!
May I ask what happened to 8.3.5 and why it was never released?
--
8.3.5 was frozen at the RC1 stage and we elected to include the fixes
for the aforementioned CVEs in this release, bumping things instead to
8.3.6 to avoid any confusion as to why someting was in a stable release
that /wasn't/ included in the RC. This is rare but does happen.
