PHP version 7.1.33.13.
Changes
- Adds TLS v1.2 support for mysqlnd.
Backported CVE fixes
- Fix #79971: special character is breaking the path in xml function CVE-2021-2170729
- Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation) CVE-2021-2170305
- Fix #81420:
ZipArchive::extractTo
extracts outside of destination CVE-2021-2170602 - Fix #81211: Symlinks are followed when creating PHAR archive
- Fix #76448: Stack buffer overflow in
firebird_info_cb
CVE-2021-21704 - Fix #76449: SIGSEGV in
firebird_handle_doer
- Fix #76450: SIGSEGV in
firebird_stmt_execute
- Fix #76452: Crash while parsing blob data in
firebird_fetch_blob
- Fix #81122: SSRF bypass in
FILTER_VALIDATE_URL
CVE-2021-2170503 - Fix #80710:
imap_mail_compose()
header injection