PHP version 7.3.18 (14 May 2020)
Core:
- Fixed bug php#78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048) (cmb)
- Fixed bug php#78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048) (cmb)
- Fixed bug php#79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference on !CS constant). (Nikita)
- Fixed bug php#79477 (casting object into array creates references). (Nikita)
- Fixed bug php#79470 (PHP incompatible with 3rd party file system on demand). (cmb)
- Fixed bug php#78784 (Unable to interact with files inside a VFS for Git repository). (cmb)
DOM:
- Fixed bug php#78221 (DOMNode::normalize() doesn't remove empty text nodes). (cmb)
FCGI:
- Fixed bug php#79491 (Search for .user.ini extends up to root dir). (cmb)
MBString:
- Fixed bug php#79441 (Segfault in mb_chr() if internal encoding is unsupported). (Girgias)
OpenSSL:
- Fixed bug php#79497 (stream_socket_client() throws an unknown error sometimes with <1s timeout). (Joe Cai)
Phar:
- Fix bug php#79503 (Memory leak on duplicate metadata). (cmb)
SimpleXML:
- Fixed bug php#79528 (Different object of the same xml between 7.4.5 and 7.4.4). (cmb)
Standard:
- Fixed bug php#79468 (SIGSEGV when closing stream handle with a stream filter appended). (dinosaur)