Alaskalink.US - OnLine
Alaskalink.US LOGO     Jul. 12, 2024   News  |  Links  |  Photo  |  Alerts  |  Hosting  |  Home  |  Add to Favorites  |  Terms of Use  |   |  Contact US 
Like to Join Alaskalink.US? Use Contact US form
 
PHP: Hypertext Preprocessor

A popular general-purpose scripting language that is especially suited to web development.
Fast, flexible and pragmatic, PHP powers everything from your blog to the most popular websites in the world.

PHP 8.4.0 Alpha 1 available for testing

The PHP team is pleased to announce the first testing release of PHP 8.4.0, Alpha 1. This starts the PHP 8.4 release cycle, the rough outline of which is specified in the PHP Wiki.

For source downloads of PHP 8.4.0 Alpha 1 please visit the download page.

Please carefully test this version and report any issues found using the bug tracking system.

Please DO NOT use this version in production, it is an early test version.

For more information on the new features and other changes, you can read the NEWS file, or the UPGRADING file for a complete list of upgrading notes. These files can also be found in the release archive.

The next release will be Alpha 2, planned for 18 Jul 2024.

The signatures for the release can be found in the manifest or on the QA site.

Thank you for helping us make PHP better.

PHP 8.3.9 Released!

The PHP development team announces the immediate availability of PHP 8.3.9. This is a bug fix release.

All PHP 8.3 users are encouraged to upgrade to this version.

For source downloads of PHP 8.3.9 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.2.21 Released!

The PHP development team announces the immediate availability of PHP 8.2.21. This is a bug fix release.

All PHP 8.2 users are encouraged to upgrade to this version.

For source downloads of PHP 8.2.21 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.2.20 Released!

The PHP development team announces the immediate availability of PHP 8.2.20. This is a security release.

All PHP 8.2 users are encouraged to upgrade to this version.

For source downloads of PHP 8.2.20 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.3.8 Released!

The PHP development team announces the immediate availability of PHP 8.3.8. This is a security release.

All PHP 8.3 users are encouraged to upgrade to this version.

For source downloads of PHP 8.3.8 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.1.29 Released!

The PHP development team announces the immediate availability of PHP 8.1.29. This is a security release.

All PHP 8.1 users are encouraged to upgrade to this version.

For source downloads of PHP 8.1.29 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.3.7 Released!

The PHP development team announces the immediate availability of PHP 8.3.7. This is a bug fix release.

All PHP 8.3 users are encouraged to upgrade to this version.

For source downloads of PHP 8.3.7 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.2.19 Released!

The PHP development team announces the immediate availability of PHP 8.2.19. This is a bug fix release.

All PHP 8.2 users are encouraged to upgrade to this version.

For source downloads of PHP 8.2.19 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

Statement on glibc/iconv Vulnerability

EDIT 2024-04-25: Clarified when a PHP application is vulnerable to this bug.

Recently, a bug in glibc version 2.39 and older (CVE-2024-2961) was uncovered where a buffer overflow in character set conversions to the ISO-2022-CN-EXT character set can result in remote code execution.

This specific buffer overflow in glibc is exploitable through PHP, which exposes the iconv functionality of glibc to do character set conversions via the iconv extension. Although the bug is exploitable in the context of the PHP Engine, the bug is not in PHP. It is also not directly exploitable remotely.

The bug is exploitable, if and only if, the PHP application calls iconv functions or filters with user-supplied character sets.

Applications are not vulnerable if:

  • Glibc security updates from the distribution have been installed.
  • Or the iconv extension is not loaded.
  • Or the vulnerable character set has been removed from gconv-modules-extra.conf.
  • Or the application passes only specifically allowed character sets to iconv.

Moreover, when using a user-supplied character set, it is good practice for applications to accept only specific charsets that have been explicitly allowed by the application. One example of how this can be done is by using an allow-list and the array_search() function to check the encoding before passing it to iconv. For example: array_search($charset, $allowed_list, true)

There are numerous reports online with titles like "Mitigating the iconv Vulnerability for PHP (CVE-2024-2961)" or "PHP Under Attack". These titles are misleading as this is not a bug in PHP itself.

If your PHP application is vulnerable, we first recommend to check if your Linux distribution has already published patched variants of glibc. Debian, CentOS, and others, have already done so, and please upgrade as soon as possible.

Once an update is available in glibc, updating that package on your Linux machine will be enough to alleviate the issue. You do not need to update PHP, as glibc is a dynamically linked library.

If your Linux distribution has not published a patched version of glibc, there is no fix for this issue. However, there exists a workaround described in GLIBC Vulnerability on Servers Serving PHP which explains a way on how to remove the problematic character set from glibc. Perform this procedure for every gconv-modules-extra.conf file that is available on your system.

PHP users on Windows are not affected.

Therefore, a new version of PHP will not be released for this vulnerability.

PHP 8.1.28 Released!

The PHP development team announces the immediate availability of PHP 8.1.28. This is a security release.

All PHP 8.1 users are encouraged to upgrade to this version.

For source downloads of PHP 8.1.28 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.3.6 Released!

The PHP development team announces the immediate availability of PHP 8.3.6. This is a security release.

All PHP 8.3 users are encouraged to upgrade to this version.

For source downloads of PHP 8.3.6 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.2.18 Released!

The PHP development team announces the immediate availability of PHP 8.2.18. This is a security release.

All PHP 8.2 users are encouraged to upgrade to this version.

For source downloads of PHP 8.2.18 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.3.4 Released!

The PHP development team announces the immediate availability of PHP 8.3.4. This is a bug fix release.

All PHP 8.3 users are encouraged to upgrade to this version.

For source downloads of PHP 8.3.4 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.2.17 Released!

The PHP development team announces the immediate availability of PHP 8.2.17. This is a bug fix release.

All PHP 8.2 users are encouraged to upgrade to this version.

For source downloads of PHP 8.2.17 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.2.16 Released!

The PHP development team announces the immediate availability of PHP 8.2.16. This is a bug fix release.

All PHP 8.2 users are encouraged to upgrade to this version.

For source downloads of PHP 8.2.16 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.3.3 Released!

The PHP development team announces the immediate availability of PHP 8.3.3. This is a bug fix release.

All PHP 8.3 users are encouraged to upgrade to this version.

For source downloads of PHP 8.3.3 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.2.15 Released!

The PHP development team announces the immediate availability of PHP 8.2.15. This is a bug fix release.

All PHP 8.2 users are encouraged to upgrade to this version.

For source downloads of PHP 8.2.15 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.3.2 Released!

The PHP development team announces the immediate availability of PHP 8.3.2. This is a bug fix release.

All PHP 8.3 users are encouraged to upgrade to this version.

For source downloads of PHP 8.3.2 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.2.14 Released!

The PHP development team announces the immediate availability of PHP 8.2.14. This is a bug fix release.

All PHP 8.2 users are encouraged to upgrade to this version.

For source downloads of PHP 8.2.14 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.1.27 Released!

The PHP development team announces the immediate availability of PHP 8.1.27. This is a bug fix release.

All PHP 8.1 users are encouraged to upgrade to this version.

For source downloads of PHP 8.1.27 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.3.1 Released!

The PHP development team announces the immediate availability of PHP 8.3.1. This is a bug fix release.

All PHP 8.3 users are encouraged to upgrade to this version.

For source downloads of PHP 8.3.1 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.1.26 Released!

The PHP development team announces the immediate availability of PHP 8.1.26. This is a bug fix release.

All PHP 8.1 users are encouraged to upgrade to this version.

For source downloads of PHP 8.1.26 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.3.0 Released!

The PHP development team announces the immediate availability of PHP 8.3.0. This release marks the latest minor release of the PHP language.

PHP 8.3 comes with numerous improvements and new features such as:

For source downloads of PHP 8.3.0 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

The migration guide is available in the PHP Manual. Please consult it for the detailed list of new features and backward incompatible changes.

Kudos to all the contributors and supporters!

PHP 8.2.13 Released!

The PHP development team announces the immediate availability of PHP 8.2.13. This is a bug fix release.

All PHP 8.2 users are encouraged to upgrade to this version.

For source downloads of PHP 8.2.13 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 8.3.0 RC 6 available for testing

The PHP team is pleased to announce the release of PHP 8.3.0, RC 6. This is the sixth and final release candidate, continuing the PHP 8.3 release cycle, the rough outline of which is specified in the PHP Wiki.

For source downloads of PHP 8.3.0, RC 6 please visit the download page.

Please carefully test this version and report any issues found in the bug reporting system.

Please DO NOT use this version in production, it is an early test version.

For more information on the new features and other changes, you can read the NEWS file or the UPGRADING file for a complete list of upgrading notes. These files can also be found in the release archive.

The next release will be the production-ready, general availability release, planned for 23 November 2023.

The signatures for the release can be found in the manifest or on the QA site.

Thank you for helping us make PHP better.

Older News Entries

To Top