Update NEWS

This commit is contained in:
Ben Ramsey 2024-04-09 23:41:29 -05:00
parent 0ba5229a3f
commit de4f7f9321
No known key found for this signature in database
GPG Key ID: F9C39DC0B9698544

7
NEWS
View File

@ -2,6 +2,13 @@ PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.1.28
- Standard:
. Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command
parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
. Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
. Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
21 Dec 2023, PHP 8.1.27