PHP version 7.4.11 (01 Oct 2020)

Core:

• Fixed bug #79699 (PHP parses encoded cookie names so malicious __Host- cookies can be sent). (CVE-2020-7070) (Stas)
• Fixed bug #79979 (passing value to by-ref param via CUFA crashes). (cmb, Nikita)
• Fixed bug #80037 (Typed property must not be accessed before initialization when __get() declared). (Nikita)
• Fixed bug #80048 (Bug #69100 has not been fixed for Windows). (cmb)
• Fixed bug #80049 (Memleak when coercing integers to string via variadic argument). (Nikita)

Calendar:

• Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing). (Andy Postnikov)

OPcache:

• Fixed bug #80002 (calc free space for new interned string is wrong). (t-matsuno)
• Fixed bug #80046 (FREE for SWITCH_STRING optimized away). (Nikita)
• Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode handlers changed). (SammyK)

OpenSSL:

• Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069) (Jakub Zelenka)

PDO:

• Fixed bug #80027 (Terrible performance using $query->fetch on queries with many bind parameters (Matteo)

Standard:

• Fixed bug #79986 (str_ireplace bug with diacritics characters). (cmb)
• Fixed bug #80077 (getmxrr test bug). (Rainer Jung)
• Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer). (cmb)
• Fixed bug #80067 (Omitting the port in bindto setting errors). (cmb)