Note: 9.1.16 is the final release version for Zend Server 9.1.
PHP version 7.1.33.18.
Backported CVE fixes
- Core
- Fixed bug #81744 (
password_verify()
always return true with some hashes). (CVE-2023-0567) - Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568)
- Fixed bug #81744 (
- FPM
- Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)
- PDO/SQLite
- Fixed bug #81740 (
PDO::quote()
may return unquoted string). (CVE-2022-31631)
- Fixed bug #81740 (