Contains only PHP and installer/packaging fixes/changes; no changes in Zend Server.

Backported PHP 7.1.33.21, 7.2.34.17, 7.3.33.9 CVE Fixes

  • Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823)
  • Phar: Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)

Backported PHP 7.1.33.20, 7.2.34.16, 7.3.33.8 CVE Fixes

  • Soap: Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (CVE-2023-3247)

Backported PHP 7.1.33.19, 7.2.34.15, 7.3.33.7 CVE Fixes

  • Intl: Fixed bug #72809 (Locale::lookup() wrong result with canonicalize option).

Windows

  • Updated Apache v.2.4.57 in Zend Server Windows installation package