ea-php82-php (8.2.30-1+1.2.cpanel) stable; urgency=low

  * EA-13297: Update ea-php82 from v8.2.29 to v8.2.30
  * Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180)
  *Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178)
  * Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177)

 -- Cory McIntire <cory.mcintire@webpros.com>  Thu, 18 Dec 2025 00:00:00 -0000

ea-php82-php (8.2.29-3) stable; urgency=low

  * EA-13088: Update php-litespeed to 8.3

 -- Chris Castillo <chris.castillo@webpros.com>  Tue, 23 Sep 2025 00:00:00 -0000

ea-php82-php (8.2.29-2) stable; urgency=low

  * EA4-122: map u24 libodbc for PHP extension

 -- Dan Muey <daniel.muey@webpros.com>  Wed, 10 Sep 2025 00:00:00 -0000

ea-php82-php (8.2.29-1) stable; urgency=low

  * EA-12996: Update ea-php82 from v8.2.28 to v8.2.29
  * Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220)
  * Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix). (CVE-2025-6491)
  * Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during escaping). (CVE-2025-1735)

 -- Cory McIntire <cory.mcintire@webpros.com>  Thu, 03 Jul 2025 00:00:00 -0000

ea-php82-php (8.2.28-1) stable; urgency=low

  * EA-12772: Update ea-php82 from v8.2.27 to v8.2.28
  * Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736)
  * Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861)
  * Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734)
  * Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). (CVE-2025-1217)
  * Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). (CVE-2025-1219)
  * Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235)

 -- Cory McIntire <cory.mcintire@webpros.com>  Thu, 13 Mar 2025 00:00:00 -0000

ea-php82-php (8.2.27-1) stable; urgency=low

  * EA-12617: Update ea-php82 from v8.2.26 to v8.2.27

 -- Cory McIntire <cory@cpanel.net>  Thu, 19 Dec 2024 00:00:00 -0000

ea-php82-php (8.2.26-1) stable; urgency=low

  * EA-12577: Update ea-php82 from v8.2.25 to v8.2.26
  * (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)
  * (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)
  * (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)
  * (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)
  * (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)
  * (OOB access in ldap_escape). (CVE-2024-8932)

 -- Cory McIntire <cory@cpanel.net>  Thu, 21 Nov 2024 00:00:00 -0000

ea-php82-php (8.2.25-2) stable; urgency=low

  * ZC-12246: Correct conffiles for Ubuntu

 -- Julian Brown <julian.brown@cpanel.net>  Fri, 25 Oct 2024 00:00:00 -0000

ea-php82-php (8.2.25-1) stable; urgency=low

  * EA-12499: Update ea-php82 from v8.2.24 to v8.2.25

 -- Cory McIntire <cory@cpanel.net>  Thu, 24 Oct 2024 00:00:00 -0000

ea-php82-php (8.2.24-1) stable; urgency=low

  * EA-12423: Update ea-php82 from v8.2.23 to v8.2.24
  * Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026)
  * Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925)
  * Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926)
  * Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927)

 -- Cory McIntire <cory@cpanel.net>  Thu, 26 Sep 2024 00:00:00 -0000

ea-php82-php (8.2.23-1) stable; urgency=low

  * EA-12399: Update ea-php82 from v8.2.22 to v8.2.23

 -- Cory McIntire <cory@cpanel.net>  Fri, 20 Sep 2024 00:00:00 -0000

ea-php82-php (8.2.22-2) stable; urgency=low

  * ZC-12153: make opcache INI a configfile for debs

 -- Dan Muey <dan@cpanel.net>  Tue, 17 Sep 2024 00:00:00 -0000

ea-php82-php (8.2.22-1) stable; urgency=low

  * EA-12308: Update ea-php82 from v8.2.21 to v8.2.22

 -- Cory McIntire <cory@cpanel.net>  Thu, 01 Aug 2024 00:00:00 -0000

ea-php82-php (8.2.21-1) stable; urgency=low

  * EA-12275: Update ea-php82 from v8.2.20 to v8.2.21

 -- Cory McIntire <cory@cpanel.net>  Tue, 09 Jul 2024 00:00:00 -0000

ea-php82-php (8.2.20-1) stable; urgency=low

  * EA-12194: Update ea-php82 from v8.2.19 to v8.2.20
  * Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577)
  * Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458)
  * Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585)
  * The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack

 -- Cory McIntire <cory@cpanel.net>  Thu, 06 Jun 2024 00:00:00 -0000

ea-php82-php (8.2.19-1) stable; urgency=low

  * EA-12141: Update ea-php82 from v8.2.18 to v8.2.19

 -- Cory McIntire <cory@cpanel.net>  Thu, 09 May 2024 00:00:00 -0000

ea-php82-php (8.2.18-2) stable; urgency=low

  * ZC-11730: Add GD support for AVIF format on Ubuntu 22 and higher

 -- Brian Mendoza <brian.mendoza@cpanel.net>  Thu, 11 Apr 2024 00:00:00 -0000

ea-php82-php (8.2.18-1) stable; urgency=low

  * EA-12085: Update ea-php82 from v8.2.17 to v8.2.18
  * Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874)
  * Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
  * Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)

 -- Cory McIntire <cory@cpanel.net>  Thu, 11 Apr 2024 00:00:00 -0000

ea-php82-php (8.2.17-2) stable; urgency=low

  * ZC-11561: Add GD support for AVIF format on RHEL 8 and newer (RHEL only)

 -- Brian Mendoza <brian.mendoza@cpanel.net>  Thu, 21 Mar 2024 00:00:00 -0000

ea-php82-php (8.2.17-1) stable; urgency=low

  * EA-12016: Update ea-php82 from v8.2.16 to v8.2.17

 -- Cory McIntire <cory@cpanel.net>  Thu, 14 Mar 2024 00:00:00 -0000

ea-php82-php (8.2.16-1) stable; urgency=low

  * EA-11977: Update ea-php82 from v8.2.15 to v8.2.16

 -- Cory McIntire <cory@cpanel.net>  Thu, 15 Feb 2024 00:00:00 -0000

ea-php82-php (8.2.15-1) stable; urgency=low

  * EA-11919: Update ea-php82 from v8.2.14 to v8.2.15

 -- Cory McIntire <cory@cpanel.net>  Thu, 18 Jan 2024 00:00:00 -0000

ea-php82-php (8.2.14-1) stable; urgency=low

  * EA-11893: Update ea-php82 from v8.2.13 to v8.2.14

 -- Travis Holloway <t.holloway@cpanel.net>  Wed, 03 Jan 2024 00:00:00 -0000

ea-php82-php (8.2.13-4) stable; urgency=low

  * EA-10753: Have snmp module require 'snmp-mibs-downloader' for deb

 -- Travis Holloway <t.holloway@cpanel.net>  Mon, 18 Dec 2023 00:00:00 -0000

ea-php82-php (8.2.13-3) stable; urgency=low

  * EA-11821: Patch to build with the latest ea-libxml2

 -- Tim Mullin <tim@cpanel.net>  Thu, 30 Nov 2023 00:00:00 -0000

ea-php82-php (8.2.13-2) stable; urgency=low

  * ZC-11419: Correct Ubuntu build issues

 -- Julian Brown <julian.brown@cpanel.net>  Tue, 28 Nov 2023 00:00:00 -0000

ea-php82-php (8.2.13-1) stable; urgency=low

  * EA-11823: Update ea-php82 from v8.2.12 to v8.2.13

 -- Cory McIntire <cory@cpanel.net>  Thu, 23 Nov 2023 00:00:00 -0000

ea-php82-php (8.2.12-1) stable; urgency=low

  * EA-11774: Update ea-php82 from v8.2.11 to v8.2.12

 -- Cory McIntire <cory@cpanel.net>  Thu, 26 Oct 2023 00:00:00 -0000

ea-php82-php (8.2.11-1) stable; urgency=low

  * EA-11717: Update ea-php82 from v8.2.10 to v8.2.11

 -- Cory McIntire <cory@cpanel.net>  Mon, 02 Oct 2023 00:00:00 -0000

ea-php82-php (8.2.10-1) stable; urgency=low

  * EA-11658: Update ea-php82 from v8.2.9 to v8.2.10

 -- Cory McIntire <cory@cpanel.net>  Thu, 31 Aug 2023 00:00:00 -0000

ea-php82-php (8.2.9-1) stable; urgency=low

  * EA-11619: Update ea-php82 from v8.2.8 to v8.2.9
  * Libxml:
  Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823)
  * Phar:
  Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)

 -- Cory McIntire <cory@cpanel.net>  Wed, 16 Aug 2023 00:00:00 -0000

ea-php82-php (8.2.8-1) stable; urgency=low

  * EA-11539: Update ea-php82 from v8.2.7 to v8.2.8

 -- Cory McIntire <cory@cpanel.net>  Fri, 07 Jul 2023 00:00:00 -0000

ea-php82-php (8.2.7-1) stable; urgency=low

  * EA-11478: Update ea-php82 from v8.2.6 to v8.2.7
  * Fixed bug GHSA-76gg-c692-v2mw
  * (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP).

 -- Cory McIntire <cory@cpanel.net>  Thu, 08 Jun 2023 00:00:00 -0000

ea-php82-php (8.2.6-5) stable; urgency=low

  * EA-11447: Increase default php memory_limit for new installs from 32M to 128M

 -- Travis Holloway <t.holloway@cpanel.net>  Tue, 30 May 2023 00:00:00 -0000

ea-php82-php (8.2.6-4) stable; urgency=low

  * ZC-10931: Link statically against libc-client

 -- Julian Brown <julian.brown@cpanel.net>  Thu, 18 May 2023 00:00:00 -0000

ea-php82-php (8.2.6-3) stable; urgency=low

  * ZC-10950: Fix build problems

 -- Julian Brown <julian.brown@cpanel.net>  Wed, 17 May 2023 00:00:00 -0000

ea-php82-php (8.2.6-2) stable; urgency=low

  * ZC-10936: Clean up Makefile and remove debug-package-nil

 -- Brian Mendoza <brian.mendoza@cpanel.net>  Tue, 16 May 2023 00:00:00 -0000

ea-php82-php (8.2.6-1) stable; urgency=low

  * EA-11413: Update ea-php82 from v8.2.5 to v8.2.6

 -- Cory McIntire <cory@cpanel.net>  Thu, 11 May 2023 00:00:00 -0000

ea-php82-php (8.2.5-2) stable; urgency=low

  * ZC-10873: Simplify the libidn deps, for building on Ubuntu 20 and 22

 -- Julian Brown <julian.brown@cpanel.net>  Tue, 18 Apr 2023 00:00:00 -0000

ea-php82-php (8.2.5-1) stable; urgency=low

  * EA-11355: Update ea-php82 from v8.2.4 to v8.2.5

 -- Cory McIntire <cory@cpanel.net>  Thu, 13 Apr 2023 00:00:00 -0000

ea-php82-php (8.2.4-1) stable; urgency=low

  * EA-11301: Update ea-php82 from v8.2.3 to v8.2.4

 -- Cory McIntire <cory@cpanel.net>  Thu, 16 Mar 2023 00:00:00 -0000

ea-php82-php (8.2.3-1) stable; urgency=low

  * EA-11226: Update ea-php82 from v8.2.2 to v8.2.3
  * Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567)
  * Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568)
  * Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)

 -- Cory McIntire <cory@cpanel.net>  Tue, 14 Feb 2023 00:00:00 -0000

ea-php82-php (8.2.2-2) stable; urgency=low

  * EA-11212: Fix PKG_CONFIG_PATH

 -- Tim Mullin <tim@cpanel.net>  Tue, 07 Feb 2023 00:00:00 -0000

ea-php82-php (8.2.2-1) stable; urgency=low

  * EA-11200: Update ea-php82 from v8.2.1 to v8.2.2

 -- Cory McIntire <cory@cpanel.net>  Thu, 02 Feb 2023 00:00:00 -0000

ea-php82-php (8.2.1-3) stable; urgency=low

  * EA-11075: Correct default value description for log_errors in php.ini

 -- Tim Mullin <tim@cpanel.net>  Wed, 18 Jan 2023 00:00:00 -0000

ea-php82-php (8.2.1-2) stable; urgency=low

  * ZC-10585: Build for CentOS7

 -- Brian Mendoza <brian.mendoza@cpanel.net>  Mon, 09 Jan 2023 00:00:00 -0000

ea-php82-php (8.2.1-1) stable; urgency=low

  * EA-11136: Update ea-php82 from v8.2.0 to v8.2.1
  * PDO::quote() may return unquoted string). (CVE-2022-31631)

 -- Cory McIntire <cory@cpanel.net>  Thu, 05 Jan 2023 00:00:00 -0000

ea-php82-php (8.2.0-4) stable; urgency=low

  * ZC-10495: Update to official PHP 8.2 release

 -- Brian Mendoza <brian.mendoza@cpanel.net>  Mon, 12 Dec 2022 00:00:00 -0000

ea-php82-php (8.2.0-3) stable; urgency=low

  * EA-11039: Ensure php.ini is marked as a config file on debian based systems

 -- Travis Holloway <t.holloway@cpanel.net>  Wed, 16 Nov 2022 00:00:00 -0000

ea-php82-php (8.2.0-2) stable; urgency=low

  * ZC-10364: ZC-10364: Update to new php_litespeed

 -- Julian Brown <julian.brown@cpanel.net>  Wed, 02 Nov 2022 00:00:00 -0000

ea-php82-php (8.2.0-1) stable; urgency=low

  * ZC-10359: Initial Build

 -- Brian Mendoza <brian.mendoza@cpanel.net>  Fri, 07 Oct 2022 00:00:00 -0000

