WIKINDX / Bugs and feature requests / #472 Switch PHP minimum version to 8.1

#472 Switch PHP minimum version to 8.1

Milestone: 6.9.1

Status: closed

Owner: Stéphane Aulery

Labels: None

Found in: Unknown

Type: Upkeep

PHP: 8.1

Database: Unknown

OS: Unknown

Release cycle: Unknown

Updated: 2024-04-14

Created: 2022-05-04

Creator: Stéphane Aulery

Private: No

Should be done when 8.4 will be released (End of year 2024).

Depending on the severity of the CVEs corrected by PHP 8.2 and PHP 8.3, accelerate the minimum version upgrade.

PHP 8.3.6

Standard:

    Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874)
    Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
    Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)

PHP 8.2.18

Standard:

    Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874)
    Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
    Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)

Description has changed:

Diff:

--- old
+++ new
@@ -1 +1,22 @@
 Should be done when 8.4 will be released (End of year 2024).
+
+Depending on the severity of the CVEs corrected by PHP 8.2 and PHP 8.3, accelerate the minimum version upgrade.
+
+PHP 8.3.6
+~~~
+Standard:
+
+    Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874)
+    Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
+    Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)
+~~~
+
+
+PHP 8.2.18
+~~~
+Standard:
+
+    Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874)
+    Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
+    Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)
+~~~

status: open --> need-info
Database: Unknow --> Unknown
OS: Unknow --> Unknown
Release cycle: --> Unknown

Stéphane Aulery - 2024-04-14

status: need-info --> closed

Target: Unknown --> 6.9.1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Switch PHP minimum version to 8.1

Virtual Research Environment / On-line Bibliography Manager

Target

Found in

Searches

Help

#472 Switch PHP minimum version to 8.1

Related

Discussion