PHP version 7.1.33.13.
Changes
- Adds TLS v1.2 support for mysqlnd.
Backported CVE fixes
- Fix #79971: special character is breaking the path in xml function CVE-2021-2170729
- Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation) CVE-2021-2170305
- Fix #81420:
ZipArchive::extractToextracts outside of destination CVE-2021-2170602 - Fix #81211: Symlinks are followed when creating PHAR archive
- Fix #76448: Stack buffer overflow in
firebird_info_cbCVE-2021-21704 - Fix #76449: SIGSEGV in
firebird_handle_doer - Fix #76450: SIGSEGV in
firebird_stmt_execute - Fix #76452: Crash while parsing blob data in
firebird_fetch_blob - Fix #81122: SSRF bypass in
FILTER_VALIDATE_URLCVE-2021-2170503 - Fix #80710:
imap_mail_compose()header injection