ZendPHP December 2025 Second Releases
PHP Version PHP 8.0.30.8 Changes
-
Opcache
- Reset global pointers to prevent use-after-free in
zend_jit_status(). (Florian Engelhardt)
- Reset global pointers to prevent use-after-free in
-
PDO
- Added test for GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) (Jakub Zelenka). No fixes required.
-
Standard
- Fixed GHSA-www2-q4fc-65wf (Null byte termination in
dns_get_record()). (ndossche) - Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in
array_merge()). (CVE-2025-14178) (ndossche) - Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in
getimagesize). (CVE-2025-14177) (ndossche)
- Fixed GHSA-www2-q4fc-65wf (Null byte termination in
PHP Version PHP 7.4.33.12 Changes
-
PDO
- Added test for GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) (Jakub Zelenka). No fixes required.
-
Standard
- Fixed GHSA-www2-q4fc-65wf (Null byte termination in
dns_get_record()). (ndossche) - Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in
array_merge()). (CVE-2025-14178) (ndossche)
- Fixed GHSA-www2-q4fc-65wf (Null byte termination in
PHP Version PHP 7.3.33.18 Changes
-
PDO
- Added test for GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) (Jakub Zelenka). No fixes required.
-
Standard
- Fixed GHSA-www2-q4fc-65wf (Null byte termination in
dns_get_record()). (ndossche) - Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in
array_merge()). (CVE-2025-14178) (ndossche). Test update only, no code fixes
- Fixed GHSA-www2-q4fc-65wf (Null byte termination in
PHP Version PHP 7.2.34.26 Changes
-
PDO
- Added test for GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) (Jakub Zelenka). No fixes required.
-
Standard
- Fixed GHSA-www2-q4fc-65wf (Null byte termination in
dns_get_record()). (ndossche) - Add test for GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in
array_merge()). (CVE-2025-14178) (ndossche) No fix required
- Fixed GHSA-www2-q4fc-65wf (Null byte termination in