Innovate faster and cut risk with PHP experts from Zend Services.
See How Zend Helps Leading Hosting Providers Keep Their Managed Sites on Secure PHP
Learn PHP from PHP experts with free, on-demand, and instructor led courses.
Submit support requests and browse self-service resources.
PHP 7.1 backported CVE fixes only
PHP version 220.127.116.11 CVE fixes- Core: . Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567) . Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568)
- FPM: . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)
PHP version 18.104.22.168 CVE fixes:
- PDO/SQLite: . Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
Note: 9.1.16 is the final release version for Zend Server 9.1
PHP update to 22.214.171.124
CVE fixes:- mysqlnd: . Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)- pgsql . Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)
PHP update to 126.96.36.199. Includes TLS v1.2 support for mysqlnd.PHP Changes:
14 Mar 2022, PHP 188.8.131.52
- main/streams . Set TLS value to TLS_ANY to support TLS 1.2 servers
26 Nov 2021, PHP 184.108.40.206
- Fix #79971: special character is breaking the path in xml function CVE-2021-21707
29 Oct 2021, PHP 220.127.116.11
- Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation) CVE-2021-21703
05 Oct 2021, PHP 18.104.22.168
- Fix #81420: ZipArchive::extractTo extracts outside of destination CVE-2021-21706
02 Sep 2021, PHP 22.214.171.124
- Fix #81211: Symlinks are followed when creating PHAR archive
08 Jul 2021, PHP 126.96.36.199
- Fix #76448: Stack buffer overflow in firebird_info_cb CVE-2021-21704 - Fix #76449: SIGSEGV in firebird_handle_doer - Fix #76450: SIGSEGV in firebird_stmt_execute
- Fix #76452: Crash while parsing blob data in firebird_fetch_blob - Fix #81122: SSRF bypass in FILTER_VALIDATE_URL CVE-2021-21705
03 May 2021, PHP 188.8.131.52
- ext/imap . Fix #80710: imap_mail_compose() header injection
Latest backported security fixes in PHP 184.108.40.206 are:
Latest backported changes in PHP v. 220.127.116.11 are:
Read all about our Zend Server 9.1 features and capabilities in the What's New page.
For detailed installation instructions for all supported operating systems, please refer to the Zend Server 9.1 Installation Guide.
Click here for specific IBMi notes
Limitations and Known Issues
The following issues are known at the time of the Zend Server 9.1 release:
Note: For more information please refer to the online documentation.
IBMi specific release notes