search

esmero / archipelago-docker-images

This holds our master docker images used in Archipelago deployment
GNU General Public License v3.0
2 stars 3 forks source link

Update PHP image to 8.028 #56

Closed theMusician closed 1 year ago

theMusician commented 1 year ago

Hi,

It looks like PHP has several security updates since 8.024. Several are noted security concerns.

https://www.php.net/ChangeLog-8.php#8.0.28

Thank you,

Max

PHP Change log since 8.024

Version 8.0.27 05 Jan 2023

PDO/SQLite:
    Fixed bug [#81740](http://bugs.php.net/81740) (PDO::quote() may return unquoted string). (CVE-2022-31631)

Version 8.0.26 24 Nov 2022

CLI:
    Fixed bug [GH-9709](https://github.com/php/php-src/issues/9709) (Null pointer dereference with -w/-s options).
Core:
    Fixed bug [GH-9752](https://github.com/php/php-src/issues/9752) (Generator crashes when interrupted during argument evaluation with extra named params).
    Fixed bug [GH-9801](https://github.com/php/php-src/issues/9801) (Generator crashes when memory limit is exceeded during initialization).
    Fixed potential NULL pointer dereference in Windows shm*() functions.
    Fixed bug [GH-9750](https://github.com/php/php-src/issues/9750) (Generator memory leak when interrupted during argument evaluation.
Date:
    Fixed bug [GH-9763](https://github.com/php/php-src/issues/9763) (DateTimeZone ctr mishandles input and adds null byte if the argument is an offset larger than 100*60 minutes).
FPM:
    Fixed bug [GH-9754](https://github.com/php/php-src/issues/9754) (SaltStack (using Python subprocess) hangs when running php-fpm 8.1.11).
mysqli:
    Fixed bug [GH-9841](https://github.com/php/php-src/issues/9841) (mysqli_query throws warning despite using silenced error mode).
OpenSSL:
    Fixed bug [GH-8430](https://github.com/php/php-src/issues/8430) (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does not build).
SOAP:
    Fixed [GH-9720](https://github.com/php/php-src/issues/9720) (Null pointer dereference while serializing the response).

Version 8.0.25 27 Oct 2022

GD:
    Fixed bug [#81739](http://bugs.php.net/81739): OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)
Hash:
    Fixed bug [#81738](http://bugs.php.net/81738): buffer overflow in hash_update() on long parameter. (CVE-2022-37454)
Session:
    Fixed bug [GH-9583](https://github.com/php/php-src/issues/9583) (session_create_id() fails with user defined save handler that doesn't have a validateId() method).
Streams:
    Fixed bug [GH-9590](https://github.com/php/php-src/issues/9590) (stream_select does not abort upon exception or empty valid fd set).
aksm commented 1 year ago

Resolved by 3d012cd368672b8517e2405ae0110527590e3895.