Note: 9.1.16 is the final release version for Zend Server 9.1.

PHP version

Backported CVE fixes

  • Core
    • Fixed bug #81744 (password_verify() always return true with some hashes). (CVE-2023-0567)
    • Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568)
  • FPM
    • Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)
  • PDO/SQLite
    • Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)