[ol9_appstream] php-8.0.30-3.el9_6.aarch64

PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

Changelog (Show File list) (Show related packages)

• Thu Mar 13 2025 Remi Collet <rcollet@redhat.com> - 8.0.30-3

  - Fix libxml streams use wrong `content-type` header when requesting a redirected resource
    CVE-2025-1219
  - Fix Stream HTTP wrapper header check might omit basic auth header
    CVE-2025-1736
  - Fix Stream HTTP wrapper truncate redirect location to 1024 bytes
    CVE-2025-1861
  - Fix Streams HTTP wrapper does not fail for headers without colon
    CVE-2025-1734
  - Fix Header parser of `http` stream wrapper does not handle folded headers
    CVE-2025-1217

• Tue Jan 21 2025 Remi Collet <rcollet@redhat.com> - 8.0.30-2

  - Fix Leak partial content of the heap through heap buffer over-read
    CVE-2024-8929
  - Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
    CVE-2024-11234
  - Fix Single byte overread with convert.quoted-printable-decode filter
    CVE-2024-11233
  - Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
    CVE-2024-8927
  - Fix Logs from childrens may be altered
    CVE-2024-9026
  - Fix Erroneous parsing of multipart form data
    CVE-2024-8925
  - Fix filter bypass in filter_var FILTER_VALIDATE_URL
    CVE-2024-5458
  - Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
    CVE-2024-2756
  - Fix password_verify can erroneously return true opening ATO risk
    CVE-2024-3096

• Fri Oct 06 2023 Remi Collet <rcollet@redhat.com> - 8.0.30-1

  - rebase to 8.0.30
  - Resolves: RHEL-11946