PHP version 7.2.21 (01 Aug 2019)

Date:

• Fixed bug #69044 (discrepency between time and microtime). (krakjoe)

EXIF:

• Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042) (Stas)
• Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041) (Stas)

Fileinfo:

• Fixed bug #78183 (finfo_file shows wrong mime-type for .tga file). (Joshua Westerheide)

FTP:

• Fixed bug #77124 (FTP with SSL memory leak). (Nikita)

Libxml:

• Fixed bug #78279 (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)). (Nikita)

LiteSpeed:

• Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode). (George Wang)
• Fixed bug #76058 (After "POST data can't be buffered", using php://input makes huge tmp files). (George Wang)

Openssl:

• Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported socket-to-stream). (Nikita)

OPcache:

• Fixed bug #78189 (file cache strips last character of uname hash). (cmb)
• Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM). (cmb)
• Fixed bug #78291 (opcache_get_configuration doesn't list all directives). (Andrew Collington)

Phar:

• Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN). (cmb)

Phpdbg:

• Fixed bug #78297 (Include unexistent file memory leak). (Nikita)

PDO_Sqlite:

• Fixed bug #78192 (SegFault when reuse statement after schema has changed). (Vincent Quatrevieux)

Standard:

• Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit). (cmb)
• Fixed bug #78269 (password_hash uses weak options for argon2). (Remi)

XMLRPC:

• Fixed bug #78173 (XML-RPC mutates immutable objects during encoding). (Asher Baker)