Zend Server 2021.4.4
Maintenance release, fixing CVE security issues for PHP.
Backported CVE fixes
-
PHP versions 7.4.33.12, 7.3.33.18, 7.2.34.26, 7.1.33.28
-
PDO
- Added test for GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) (Jakub Zelenka). No fixes required.
-
Standard
- Fixed GHSA-www2-q4fc-65wf (Null byte termination in
dns_get_record()). (ndossche) - Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in
array_merge()). (CVE-2025-14178) (ndossche)
- Fixed GHSA-www2-q4fc-65wf (Null byte termination in