PHP 8.0.11 is now released. This is a safe version that fixes CVE-2021-21706; all users of PHP 8.0 are officially encouraged to upgrade to this version. The specific updates are as follows:

Core:
​​​​Fixed bug #81302 (removed the stream position after the stream filter).
Fixed bug #81346 (Non-seekable streams do not update position after writing).
Fixed bug #73122 (integer overflow when concatenating strings).
GD
Fixed bug #53580 (gdImageCopyResampled caused the color to change during the resizing process).
Opcache:
Fixed bug #81353 (segfault with preloaded and statically bound closures).
Shmop
Fixed bug #81407 (shmop_open cannot connect, causing php to crash).
Standard:
Fixed bug #71542 (disk_total_space does not apply to relative paths).
Fixed bug #81400 (unterminated string in dns_get_record() results).
SysVMsg:
Fixed bug #78819 (heap overflow in msg_send).
XML:
Fixed bug #81351 (xml_parse may fail, but there is no error code).
Zip:
Fixed bug #80833 (ZipArchive::getStream does not use setPassword).
Fixed bug #81420 (ZipArchive::extractTo is extracted outside destination).

Update instructions: https://www.php.net/ChangeLog-8.php#8.0.1

PHP 8.0.11 现已发布,这是一个安全版本,修复了 CVE-2021-21706;官方鼓励所有 PHP 8.0 用户升级到此版本。具体更新内容如下:

Core:
​​​​修复了 bug #81302(移除 stream filter 后的 stream position)。
修复了 bug #81346(Non-seekable streams 在写入后不更新位置)。
修复了 bug #73122(串联字符串时整数溢出)。
GD
修复了 bug #53580(在调整大小的过程中,gdImageCopyResampled 导致颜色改变)。
Opcache:
修复了 bug #81353(带有预加载和静态绑定闭包的 segfault)。
Shmop
修复了 bug #81407(shmop_open 不能连接,导致 php 崩溃)。
Standard:
修复了 bug #71542(disk_total_space 不适用于相对路径)。
修复了 bug #81400(dns_get_record() results 中未终止的字符串)。
SysVMsg:
修复了 bug #78819(msg_send 中的堆溢出)。
XML:
修复了 bug #81351(xml_parse 可能会失败,但没有错误代码)。
Zip:
修复了 bug #80833(ZipArchive::getStream 不使用 setPassword)。
修复了 bug #81420(ZipArchive::extractTo 在 destination 之外提取)。

更新说明:https://www.php.net/ChangeLog-8.php#8.0.1

发表评论

后才能评论