diff options
author | Derick Rethans <github@derickrethans.nl> | 2020-09-29 11:11:51 +0100 |
---|---|---|
committer | Derick Rethans <github@derickrethans.nl> | 2020-09-29 11:14:02 +0100 |
commit | d84f56a4a736506623f5800b9d51a34da19c50ef (patch) | |
tree | 85101d95c8a84df518b24c2e235c570fd02859cb | |
parent | d99c01953528dac2b16b6831e08055cd28ef8c21 (diff) | |
download | php-git-d84f56a4a736506623f5800b9d51a34da19c50ef.tar.gz |
NEWS maintenance
-rw-r--r-- | NEWS | 9 | ||||
-rw-r--r-- | UPGRADING | 4 |
2 files changed, 8 insertions, 5 deletions
@@ -2,10 +2,9 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? ????, PHP 7.4.11 - -17 Sep 2020, PHP 7.4.11RC1 - - Core: + . Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` + cookies can be sent). (CVE-2020-7070) (Stas) . Fixed bug #79979 (passing value to by-ref param via CUFA crashes). (cmb, Nikita) . Fixed bug #80037 (Typed property must not be accessed before initialization @@ -29,6 +28,10 @@ PHP NEWS . Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode handlers changed). (SammyK) +- OpenSSL: + . Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 + bytes IV). (CVE-2020-7069) (Jakub Zelenka) + - PDO: . Fixed bug #80027 (Terrible performance using $query->fetch on queries with many bind parameters (Matteo) @@ -126,8 +126,8 @@ DOM: The new signature is also (LSP) compatible with older PHP versions. - SAPI: - . Starting with 7.4.12, incoming cookie names are not url-decoded. This was never - required by the standard, outgoing cookie names aren't encoded and this leads + . Starting with 7.4.11, incoming cookie names are not url-decoded. This was never + required by the standard, outgoing cookie names aren't encoded and this leads to security issues (CVE-2020-7070). - SPL: |