PHP 7.1.28、7.2.17、7.3.4 发布，主要是安全更新时间：2019.04.08 来源：开源中国

PHP是一种通用开源脚本语言。语法吸收了C语言、Java和Perl的特点，利于学习，使用广泛，主要适用于Web开发领域。PHP 独特的语法混合了C、Java、Perl以及PHP自创的语法。它可以比CGI或者Perl更快速地执行动态网页。近日发布了三个更新版本，这三个版本主要都是安全方面的更新，详细改进记录如下：

Version 7.1.28

04 Apr 2019

EXIF:

Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s).

Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).

SQLite3:

Added sqlite3.defensive INI directive.

Version 7.3.4

04 Apr 2019

Core:

Fixed bug #77738 (Nullptr deref in zend_compile_expr).

Fixed bug #77660 (Segmentation fault on break 2147483648).

Fixed bug #77652 (Anonymous classes can lose their interface information).

Fixed bug #77345 (Stack Overflow caused by circular reference in garbage collection).

Fixed bug #76956 (Wrong value for 'syslog.filter' documented in php.ini).

Apache2Handler:

Fixed bug #77648 (BOM in sapi/apache2handler/php_functions.c).

Bcmath:

Fixed bug #77742 (bcpow() implementation related to gcc compiler optimization).

CLI Server:

Fixed bug #77722 (Incorrect IP set to $_SERVER['REMOTE_ADDR'] on the localhost).

COM:

Fixed bug #77578 (Crash when php unload).

EXIF:

Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s).

Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).

FPM:

Fixed bug #77677 (FPM fails to build on AIX due to missing WCOREDUMP).

GD:

Fixed bug #77700 (Writing truecolor images as GIF ignores interlace flag).

MySQLi:

Fixed bug #77597 (mysqli_fetch_field hangs scripts).

Opcache:

Fixed bug #77743 (Incorrect pi node insertion for jmpznz with identical successors).

PCRE:

Fixed bug #76127 (preg_split does not raise an error on invalid UTF-8).

Phar:

Fixed bug #77697 (Crash on Big_Endian platform).

phpdbg:

Fixed bug #77767 (phpdbg break cmd aliases listed in help do not match actual aliases).

sodium:

Fixed bug #77646 (sign_detached() strings not terminated).

SQLite3:

Added sqlite3.defensive INI directive.

Standard:

Fixed bug #77664 (Segmentation fault when using undefined constant in custom wrapper).

Fixed bug #77669 (Crash in extract() when overwriting extracted array).

Fixed bug #76717 (var_export() does not create a parsable value for PHP_INT_MIN).

Fixed bug #77765 (FTP stream wrapper should set the directory as executable).

下载地址：

https://www.php.net/downloads.php