Contains only PHP and installer/packaging fixes/changes.

Backported PHP CVE fixes:

  • PHP version,, CVE fixes:
    • Standard:
      • Fixed bug GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix. (CVE-2024-2756)
      • Fix bug GHSA-h746-cjrr-wfmr: password_verify can erroneously return true, opening ATO risk. (CVE-2024-3096)

Known issues

RHEL 8 upgrade may fail with the message:

Problem: cannot install the best update candidate for package liboci8-zend-

This problem is related to RHEL rpm package dependency resolving and cannot be fixed in Zend Server packaging. Dependency package libaio from the RHEL repository does not install, for reasons unknown to us. A possible reason is the Oracle library dependency requiring the i686 package instead of the distro default.

Solution: Enter the following command when this error message has been displayed and then retry the upgrade:

sudo yum install libaio-0.3.112-1.el8.i686 liboci8-zend