PHP version


  • Adds TLS v1.2 support for mysqlnd.

Backported CVE fixes

  • Fix #79971: special character is breaking the path in xml function CVE-2021-2170729
  • Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation) CVE-2021-2170305
  • Fix #81420: ZipArchive::extractTo extracts outside of destination CVE-2021-2170602
  • Fix #81211: Symlinks are followed when creating PHAR archive
  • Fix #76448: Stack buffer overflow in firebird_info_cb CVE-2021-21704
  • Fix #76449: SIGSEGV in firebird_handle_doer
  • Fix #76450: SIGSEGV in firebird_stmt_execute
  • Fix #76452: Crash while parsing blob data in firebird_fetch_blob
  • Fix #81122: SSRF bypass in FILTER_VALIDATE_URL CVE-2021-2170503
  • Fix #80710: imap_mail_compose() header injection