Zend Server 2019.1.4

August 21, 2023

Contains only PHP and installer/packaging fixes/changes; no changes in Zend Server.

Backported PHP 7.1.33.21, 7.2.34.17, 7.3.33.9 CVE Fixes

Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823)
Phar: Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)

Backported PHP 7.1.33.20, 7.2.34.16, 7.3.33.8 CVE Fixes

Soap: Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (CVE-2023-3247)

Backported PHP 7.1.33.19, 7.2.34.15, 7.3.33.7 CVE Fixes

Intl: Fixed bug #72809 (Locale::lookup() wrong result with canonicalize option).

Windows

Updated Apache v.2.4.57 in Zend Server Windows installation package