Deux versions correctives sont disponibles : les 8.4.18 et 8.5.3. Ce sont des bug fix. Ces versions corrige 28 bugs dans le core, la timelib, le DOM, OpenSSL, etc. 

Les principaux bugs fixés sont :

• Fixed bug GH-20837 (NULL dereference when calling ob_start() in shutdown function triggered by bailout in php_output_lock_error()).
• Fix OSS-Fuzz #471533782 (Infinite loop in GC destructor fiber).
• Fix OSS-Fuzz #472563272 (Borked block_pass JMP[N]Z optimization).
• Fixed bug GH-GH-20914 (Internal enums can be cloned and compared).
• Fix OSS-Fuzz #474613951 (Leaked parent property default value).
• Fixed bug GH-20766 (Use-after-free in FE_FREE with GC interaction).
• Fix OSS-Fuzz #471486164 (Broken by-ref assignment to uninitialized hooked backing value).
• Fix OSS-Fuzz #438780145 (Nested finally with repeated return type check may uaf).
• Fixed bug GH-20905 (Lazy proxy bailing __clone assertion).
• Fixed bug GH-20479 (Hooked object properties overflow).
• Fix memory leaks when sk_X509_new_null() fails.
• Fix crash when in openssl_x509_parse() when i2s_ASN1_INTEGER() fails.
• Fix crash in openssl_x509_parse() when X509_NAME_oneline() fails.
• Fixed bug #74357 (lchown fails to change ownership of symlink with ZTS) (Jakub Zelenka)
• Fixed bug GH-20843 (var_dump() crash with nested objects) (David Carlier)

Pour en savoir plus : https://www.php.net/index.php