PHP 8.0.12, 7.4.25 (CVE)

Erulezz

Verified User
Joined
Sep 14, 2015
Messages
569
Location
Arnhem, NL
22 Oct 2021

PHP 7.4.25 Released!

The PHP development team announces the immediate availability of PHP 7.4.25. This is a security release.
All PHP 7.4 users are encouraged to upgrade to this version.
For source downloads of PHP 7.4.25 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

21 Oct 2021

PHP 8.0.12 Released!

The PHP development team announces the immediate availability of PHP 8.0.12. This is a security fix release.
All PHP 8.0 users are encouraged to upgrade to this version.
For source downloads of PHP 8.0.12 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.
 

Erulezz

Verified User
Joined
Sep 14, 2015
Messages
569
Location
Arnhem, NL
@smtalk PHP imagick extension has also been updated to v3.5.1 with full PHP8 support, latest in CB is 3.4.4.

ImageMagick also has a newer version: latest version is 7.1.0-10

--

And while where at it :LOL:, Composer has also been updated to 2.1.9
 
Last edited:

wattie

Verified User
Joined
May 31, 2008
Messages
1,215
Location
Bulgaria
Just look how to devs work on it:

"There's not that much rush though as we classify those as a low security impact because one needs to have access to the worker first. Basically it's a problem just for the shared hostings but most users shoudl not be impacted. Still security issue though."

and after somebody disagreed and suggested that CVE must be given, the same guy said:

"Yeah it's probably more medium so it should get CVE."

and later even:

"Also I decided to target only 7.4+ as 7.3 will be soon out of security support"

I am speachless. Even 7.3 is still in security support, they did not patch it... And this is a security patch which is related to root priviledge escallation!!!
 

nielsh

Verified User
Joined
May 15, 2015
Messages
48
I spoke with Martynas regarding this in a ticket and he backported the security fix in PHP 5.6+ from rev 2769 so it should be a recompile now to resolve it!
 

CyberCr33p

New member
Joined
Oct 27, 2021
Messages
2
Looks like tommorow they will release 7.3.22 with the patch.

Also the same patch works for 7.2 and 7.1 but doesn't work for PHP 5.6.

As I am not using DirectAdmin, is any way to see the patch for 5.6?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
10,226
Location
LT, EU
CustomBuild patches versions 5.6 and up automatically.
 

meliux

Verified User
Joined
Jul 5, 2008
Messages
12
Got an auto update notification this morning...

PHP 5.6: 5.6.40 to 5.6.40 update is available.
PHP 7.3: 7.3.31 to 7.3.31 update is available.

Looks like both versions downloaded a new patch file, fpm_scoreboard_proc_oob_fix_v4_5.6.patch and fpm_scoreboard_proc_oob_fix_v4.patch respectively.
Do those version numbers seem right?
 
Top