Author: Pierrick Charron (adoy)
Date: 2024-06-06T11:00:34-04:00
Commit:
https://github.com/php/web-php/commit/a92ee283914fc8bc3313372cee33cf85702330f0
Raw diff:
https://github.com/php/web-php/commit/a92ee283914fc8bc3313372cee33cf85702330f0.diff
Announce 8.2.20
Changed paths:
A archive/entries/2024-06-06-3.xml
A releases/8_2_20.php
M ChangeLog-8.php
M archive/archive.xml
M include/releases.inc
M include/version.inc
Diff:
diff --git a/ChangeLog-8.php b/ChangeLog-8.php
index e01e71366b..517da92804 100644
--- a/ChangeLog-8.php
+++ b/ChangeLog-8.php
@@ -786,6 +786,83 @@
<a id="PHP_8_2"></a>
+<section class="version" id="8.2.20"><!-- {{{ 8.2.20 -->
+<h3>Version 8.2.20</h3>
+<b><?php release_date('06-Jun-2024'); ?></b>
+<ul><li>CGI:
+<ul>
+ <li>Fixed buffer limit on Windows, replacing read call usage by _read.</li>
+ <li>Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument
Injection in PHP-CGI). (CVE-2024-4577)</li>
+</ul></li>
+<li>CLI:
+<ul>
+ <li>Fixed bug <?php githubissuel('php/php-src', 14189); ?> (PHP Interactive
shell input state incorrectly handles quoted heredoc literals.).</li>
+</ul></li>
+<li>Core:
+<ul>
+ <li>Fixed bug <?php githubissuel('php/php-src', 13970); ?> (Incorrect
validation of #[Attribute] flags type for non-compile-time expressions).</li>
+ <li>Fixed bug <?php githubissuel('php/php-src', 14140); ?> (Floating point
bug in range operation on Apple Silicon hardware).</li>
+</ul></li>
+<li>DOM:
+<ul>
+ <li>Fix crashes when entity declaration is removed while still having entity
references.</li>
+ <li>Fix references not handled correctly in C14N.</li>
+ <li>Fix crash when calling childNodes next() when iterator is exhausted.</li>
+ <li>Fix crash in ParentNode::append() when dealing with a fragment
containing text nodes.</li>
+</ul></li>
+<li>FFI:
+<ul>
+ <li>Fixed bug <?php githubissuel('php/php-src', 14215); ?> (Cannot use
FFI::load on CRLF header file with apache2handler).</li>
+</ul></li>
+<li>Filter:
+<ul>
+ <li>Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var
FILTER_VALIDATE_URL). (CVE-2024-5458)</li>
+</ul></li>
+<li>FPM:
+<ul>
+ <li>Fix bug <?php githubissuel('php/php-src', 14175); ?> (Show decimal
number instead of scientific notation in systemd status).</li>
+</ul></li>
+<li>Hash:
+<ul>
+ <li>ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__`
(Saki Takamachi)</li>
+</ul></li>
+<li>Intl:
+<ul>
+ <li>Fixed build regression on systems without C++17 compilers.</li>
+</ul></li>
+<li>Ini:
+<ul>
+ <li>Fixed bug <?php githubissuel('php/php-src', 14100); ?> (Corrected
spelling mistake in php.ini files).</li>
+</ul></li>
+<li>MySQLnd:
+<ul>
+ <li>Fix bug <?php githubissuel('php/php-src', 14255); ?> (mysqli_fetch_assoc
reports error from nested query).</li>
+</ul></li>
+<li>Opcache:
+<ul>
+ <li>Fixed bug <?php githubissuel('php/php-src', 14109); ?> (Fix accidental
persisting of internal class constant in shm).</li>
+</ul></li>
+<li>OpenSSL:
+<ul>
+ <li>The openssl_private_decrypt function in PHP, when using PKCS1 padding
(OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin
Attack unless it is used with an OpenSSL version that includes the changes from
this pull request: https://github.com/openssl/openssl/pull/13817
(rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have
also been backported to stable versions of various Linux distributions, as well
as to the PHP builds provided for Windows since the previous release. All
distributors and builders should ensure that this version is used to prevent
PHP from being vulnerable.</li>
+</ul></li>
+<li>Standard:
+<ul>
+ <li>Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874).
(CVE-2024-5585)</li>
+</ul></li>
+<li>XML:
+<ul>
+ <li>Fixed bug <?php githubissuel('php/php-src', 14124); ?> (Segmentation
fault with XML extension under certain memory limit).</li>
+</ul></li>
+<li>XMLReader:
+<ul>
+ <li>Fixed bug <?php githubissuel('php/php-src', 14183); ?>
(XMLReader::open() can't be overridden).</li>
+</ul></li>
+</ul>
+<!-- }}} --></section>
+
+
+
<section class="version" id="8.2.19"><!-- {{{ 8.2.19 -->
<h3>Version 8.2.19</h3>
<b><?php release_date('09-May-2024'); ?></b>
diff --git a/archive/archive.xml b/archive/archive.xml
index d7dbf9518f..cb372231ec 100644
--- a/archive/archive.xml
+++ b/archive/archive.xml
@@ -9,6 +9,7 @@
<uri>http://php.net/contact</uri>
<email>php-webmaster@lists.php.net</email>
</author>
+ <xi:include href="entries/2024-06-06-3.xml"/>
<xi:include href="entries/2024-06-06-2.xml"/>
<xi:include href="entries/2024-06-06-1.xml"/>
<xi:include href="entries/2024-05-09-2.xml"/>
diff --git a/archive/entries/2024-06-06-3.xml b/archive/entries/2024-06-06-3.xml
new file mode 100644
index 0000000000..d30bb006d2
--- /dev/null
+++ b/archive/entries/2024-06-06-3.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<entry xmlns="http://www.w3.org/2005/Atom";>
+ <title>PHP 8.2.20 Released!</title>
+ <id>https://www.php.net/archive/2024.php#2024-06-06-3</id>
+ <published>2024-06-06T14:56:47+00:00</published>
+ <updated>2024-06-06T14:56:47+00:00</updated>
+ <link href="https://www.php.net/index.php#2024-06-06-3"; rel="alternate"
type="text/html"/>
+ <link href="https://www.php.net/archive/2024.php#2024-06-06-3"; rel="via"
type="text/html"/>
+ <category term="releases" label="New PHP release"/>
+ <category term="frontpage" label="PHP.net frontpage news"/>
+ <content type="xhtml">
+ <div xmlns="http://www.w3.org/1999/xhtml";><p>The PHP development team
announces the immediate availability of PHP 8.2.20. This is a security
release.</p>
+
+<p>All PHP 8.2 users are encouraged to upgrade to this version.</p>
+
+<p>For source downloads of PHP 8.2.20 please visit our <a
href="https://www.php.net/downloads.php";>downloads page</a>,
+Windows source and binaries can be found on <a
href="https://windows.php.net/download/";>windows.php.net/download/</a>.
+The list of changes is recorded in the <a
href="https://www.php.net/ChangeLog-8.php#8.2.20";>ChangeLog</a>.
+</p> </div>
+ </content>
+</entry>
diff --git a/include/releases.inc b/include/releases.inc
index 321ae7d3a6..5aa8483385 100644
--- a/include/releases.inc
+++ b/include/releases.inc
@@ -2,6 +2,42 @@
$OLDRELEASES = array (
8 =>
array (
+ '8.2.19' =>
+ array (
+ 'announcement' =>
+ array (
+ 'English' => '/releases/8_2_19.php',
+ ),
+ 'tags' =>
+ array (
+ ),
+ 'date' => '09 May 2024',
+ 'source' =>
+ array (
+ 0 =>
+ array (
+ 'filename' => 'php-8.2.19.tar.gz',
+ 'name' => 'PHP 8.2.19 (tar.gz)',
+ 'sha256' =>
'8bfdd20662b41a238a5acd84fab3e05c36a685fcb56e6d8ac18eeb87057ab2bc',
+ 'date' => '09 May 2024',
+ ),
+ 1 =>
+ array (
+ 'filename' => 'php-8.2.19.tar.bz2',
+ 'name' => 'PHP 8.2.19 (tar.bz2)',
+ 'sha256' =>
'3c18f7ce51b7c7b26b797e1f97079d386b30347eb04e817f5e6c8e9b275e2a6a',
+ 'date' => '09 May 2024',
+ ),
+ 2 =>
+ array (
+ 'filename' => 'php-8.2.19.tar.xz',
+ 'name' => 'PHP 8.2.19 (tar.xz)',
+ 'sha256' =>
'aecd63f3ebea6768997f5c4fccd98acbf897762ed5fc25300e846197a9485c13',
+ 'date' => '09 May 2024',
+ ),
+ ),
+ 'museum' => false,
+ ),
'8.3.7' =>
array (
'announcement' =>
diff --git a/include/version.inc b/include/version.inc
index 7bdfdcdf7a..8cf9e4c58d 100644
--- a/include/version.inc
+++ b/include/version.inc
@@ -32,13 +32,13 @@ $RELEASES = (function () {
/* PHP 8.2 Release */
$data['8.2'] = [
- 'version' => '8.2.19',
- 'date' => '09 May 2024',
- 'tags' => [], // Set to ['security'] for security releases.
+ 'version' => '8.2.20',
+ 'date' => '06 Jun 2024',
+ 'tags' => ['security'], // Set to ['security'] for security releases.
'sha256' => [
- 'tar.gz' =>
'8bfdd20662b41a238a5acd84fab3e05c36a685fcb56e6d8ac18eeb87057ab2bc',
- 'tar.bz2' =>
'3c18f7ce51b7c7b26b797e1f97079d386b30347eb04e817f5e6c8e9b275e2a6a',
- 'tar.xz' =>
'aecd63f3ebea6768997f5c4fccd98acbf897762ed5fc25300e846197a9485c13',
+ 'tar.gz' =>
'05a4365f7bc6475ac4fef65dde13886913dbc0036e63895d369c1fc6e8206107',
+ 'tar.bz2' =>
'5dec6fa61c7b9c47aa1d76666be651f2642ed2bcf6cd8638c57e3571ce2aac61',
+ 'tar.xz' =>
'4474cc430febef6de7be958f2c37253e5524d5c5331a7e1765cd2d2234881e50',
]
];
diff --git a/releases/8_2_20.php b/releases/8_2_20.php
new file mode 100644
index 0000000000..64ec632ce0
--- /dev/null
+++ b/releases/8_2_20.php
@@ -0,0 +1,16 @@
+<?php
+$_SERVER['BASE_PAGE'] = 'releases/8_2_20.php';
+include_once __DIR__ . '/../include/prepend.inc';
+site_header('PHP 8.2.20 Release Announcement');
+?>
+<h1>PHP 8.2.20 Release Announcement</h1>
+
+<p>The PHP development team announces the immediate availability of PHP
8.2.20. This is a security release.</p>
+
+<p>All PHP 8.2 users are encouraged to upgrade to this version.</p>
+
+<p>For source downloads of PHP 8.2.20 please visit our <a
href="https://www.php.net/downloads.php";>downloads page</a>,
+Windows source and binaries can be found on <a
href="https://windows.php.net/download/";>windows.php.net/download/</a>.
+The list of changes is recorded in the <a
href="https://www.php.net/ChangeLog-8.php#8.2.20";>ChangeLog</a>.
+</p>
+<?php site_footer();
