Contains only PHP and installer/packaging fixes/changes.


  • Adds support for Rocky Linux 8 (x68_64 only)
    • ZS Repository Installer script updated to allow usage with Rocky Linux 8.

Backported PHP CVE fixes

  • PHP version,,, CVE fixes
    • Standard
      • Fixed bug GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix. (CVE-2024-2756)
      • Fixed bug GHSA-h746-cjrr-wfmr: password_verify can erroneously return true, opening ATO risk. (CVE-2024-3096)
  • PHP version CVE fix
    • Standard
      • Fixed bug GHSA-pc52-254m-w9w7: Command injection via array-ish $command parameter of proc_open. (CVE-2024-1874)

Known issues

RHEL 8 upgrade may fail with the message:

Problem: cannot install the best update candidate for package liboci8-zend-

This problem is related to RHEL RPM package dependency resolving, and cannot be fixed in Zend Server packaging. Dependency package libaio from RHEL repository does not install for unknown reasons.

Solution: Enter the following command when this error message has been displayed, and then retry the upgrade.

sudo yum install libaio-0.3.112-1.el8.i686 liboci8-zend