archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Update NEWS with entries for security fixes

Browse source
This commit is contained in:
Jakub Zelenka 2025-03-07 13:40:40 +01:00
parent 0e715e71d9
commit 74d548bf58
No known key found for this signature in database
GPG key ID: 1C0779DC5C0A9DE4
1 changed files with 16 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

17
NEWS
View file

@ -1,6 +1,21 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.1.32
13 Mar 2025, PHP 8.1.32
- LibXML:
. Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714). (nielsdos)
. Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header
when requesting a redirected resource). (CVE-2025-1219) (timwolla)
- Streams:
. Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit
basic auth header). (CVE-2025-1736) (Jakub Zelenka)
. Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location
to 1024 bytes). (CVE-2025-1861) (Jakub Zelenka)
. Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers
without colon). (CVE-2025-1734) (Jakub Zelenka)
. Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not
handle folded headers). (CVE-2025-1217) (Jakub Zelenka)
- Windows:
. Fixed phpize for Windows 11 (24H2). (bwoebi)