ea-php83-php (8.3.30-2+4.1.cpanel) stable; urgency=low

  * EA4-230: Use system libxml2 in PHP 8.3
  * Wed Jan 21 2026 Cory McIntire <cory.mcintire@webpros.com> - 8.3.30-1
  * EA-13322: Update ea-php83 from v8.3.29 to v8.3.30
  * Thu Dec 18 2025 Dan Muey <daniel.muey@webpros.com> - 8.3.29-1
  * EA-13295: Update ea-php83 from v8.3.28 to v8.3.29
  * Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180)
  * Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178)
  * Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177)

 -- Gary Stanley <gary.stanley@webpros.com>  Thu, 22 Jan 2026 00:00:00 -0000

ea-php83-php (8.3.28-1) stable; urgency=low

  * EA-13266: Update ea-php83 from v8.3.27 to v8.3.28

 -- Cory McIntire <cory.mcintire@webpros.com>  Thu, 20 Nov 2025 00:00:00 -0000

ea-php83-php (8.3.27-2) stable; urgency=low

  * EA-13088: Update php-litespeed to 8.3

 -- Chris Castillo <chris.castillo@webpros.com>  Thu, 06 Nov 2025 00:00:00 -0000

ea-php83-php (8.3.27-1) stable; urgency=low

  * EA-13230: Update ea-php83 from v8.3.26 to v8.3.27

 -- Cory McIntire <cory.mcintire@webpros.com>  Tue, 28 Oct 2025 00:00:00 -0000

ea-php83-php (8.3.26-1) stable; urgency=low

  * EA-13170: Update ea-php83 from v8.3.25 to v8.3.26

 -- Cory McIntire <cory.mcintire@webpros.com>  Tue, 07 Oct 2025 00:00:00 -0000

ea-php83-php (8.3.25-1) stable; urgency=low

  * EA-13082: Update ea-php83 from v8.3.23 to v8.3.25

 -- Jared Wright <jared.wright@webpros.com>  Tue, 23 Sep 2025 00:00:00 -0000

ea-php83-php (8.3.23-2) stable; urgency=low

  * EA4-122: map u24 libodbc for PHP extension

 -- Dan Muey <daniel.muey@webpros.com>  Wed, 10 Sep 2025 00:00:00 -0000

ea-php83-php (8.3.23-1) stable; urgency=low

  * EA-13000: Update ea-php83 from v8.3.22 to v8.3.23
  * Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during escaping). (CVE-2025-1735)
  * Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix). (CVE-2025-6491)
  * Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220)

 -- Cory McIntire <cory.mcintire@webpros.com>  Thu, 03 Jul 2025 00:00:00 -0000

ea-php83-php (8.3.22-1) stable; urgency=low

  * EA-12917: Update ea-php83 from v8.3.21 to v8.3.22

 -- Cory McIntire <cory.mcintire@webpros.com>  Thu, 05 Jun 2025 00:00:00 -0000

ea-php83-php (8.3.21-1) stable; urgency=low

  * EA-12852: Update ea-php83 from v8.3.20 to v8.3.21

 -- Cory McIntire <cory.mcintire@webpros.com>  Thu, 08 May 2025 00:00:00 -0000

ea-php83-php (8.3.20-1) stable; urgency=low

  * EA-12807: Update ea-php83 from v8.3.19 to v8.3.20

 -- Cory McIntire <cory.mcintire@webpros.com>  Thu, 10 Apr 2025 00:00:00 -0000

ea-php83-php (8.3.19-1) stable; urgency=low

  * EA-12769: Update ea-php83 from v8.3.17 to v8.3.19
  * Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736)
  * Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861)
  * Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734)
  * Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). (CVE-2025-1217)
  * Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). (CVE-2025-1219)
  * Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235)

 -- Cory McIntire <cory.mcintire@webpros.com>  Thu, 13 Mar 2025 00:00:00 -0000

ea-php83-php (8.3.17-1) stable; urgency=low

  * EA-12708: Update ea-php83 from v8.3.16 to v8.3.17

 -- Cory McIntire <cory.mcintire@webpros.com>  Thu, 13 Feb 2025 00:00:00 -0000

ea-php83-php (8.3.16-1) stable; urgency=low

  * EA-12650: Update ea-php83 from v8.3.15 to v8.3.16

 -- Cory McIntire <cory@cpanel.net>  Thu, 16 Jan 2025 00:00:00 -0000

ea-php83-php (8.3.15-1) stable; urgency=low

  * EA-12618: Update ea-php83 from v8.3.14 to v8.3.15

 -- Cory McIntire <cory@cpanel.net>  Thu, 19 Dec 2024 00:00:00 -0000

ea-php83-php (8.3.14-1) stable; urgency=low

  * EA-12578: Update ea-php83 from v8.3.13 to v8.3.14
  * (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)
  * (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)
  * (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)
  * (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)
  * (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)
  * (OOB access in ldap_escape). (CVE-2024-8932)

 -- Cory McIntire <cory@cpanel.net>  Thu, 21 Nov 2024 00:00:00 -0000

ea-php83-php (8.3.13-2) stable; urgency=low

  * ZC-12246: Correct conffiles on Ubuntu

 -- Julian Brown <julian.brown@cpanel.net>  Fri, 25 Oct 2024 00:00:00 -0000

ea-php83-php (8.3.13-1) stable; urgency=low

  * EA-12497: Update ea-php83 from v8.3.12 to v8.3.13

 -- Cory McIntire <cory@cpanel.net>  Thu, 24 Oct 2024 00:00:00 -0000

ea-php83-php (8.3.12-1) stable; urgency=low

  * EA-12410: Update ea-php83 from v8.3.11 to v8.3.12
  * Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026)
  * Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925)
  * Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926)
  * Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927)

 -- Cory McIntire <cory@cpanel.net>  Thu, 26 Sep 2024 00:00:00 -0000

ea-php83-php (8.3.11-1) stable; urgency=low

  * ZC-12149: Update from v8.3.10 to v8.3.11

 -- Julian Brown <julian.brown@cpanel.net>  Mon, 23 Sep 2024 00:00:00 -0000

ea-php83-php (8.3.10-2) stable; urgency=low

  * ZC-12153: make opcache INI a configfile for debs

 -- Dan Muey <dan@cpanel.net>  Thu, 05 Sep 2024 00:00:00 -0000

ea-php83-php (8.3.10-1) stable; urgency=low

  * EA-12305: Update ea-php83 from v8.3.9 to v8.3.10

 -- Cory McIntire <cory@cpanel.net>  Thu, 01 Aug 2024 00:00:00 -0000

ea-php83-php (8.3.9-1) stable; urgency=low

  * EA-12276: Update ea-php83 from v8.3.8 to v8.3.9

 -- Cory McIntire <cory@cpanel.net>  Tue, 09 Jul 2024 00:00:00 -0000

ea-php83-php (8.3.8-1) stable; urgency=low

  * EA-12193: Update ea-php83 from v8.3.7 to v8.3.8
  * Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577)
  * Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458)
  * Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585)
  * The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack

 -- Cory McIntire <cory@cpanel.net>  Thu, 06 Jun 2024 00:00:00 -0000

ea-php83-php (8.3.7-1) stable; urgency=low

  * EA-12145: Update ea-php83 from v8.3.6 to v8.3.7

 -- Dan Muey <dan@cpanel.net>  Tue, 04 Jun 2024 00:00:00 -0000

ea-php83-php (8.3.6-2) stable; urgency=low

  * ZC-11730: Add GD support for AVIF format on Ubuntu 22 and higher

 -- Brian Mendoza <brian.mendoza@cpanel.net>  Thu, 11 Apr 2024 00:00:00 -0000

ea-php83-php (8.3.6-1) stable; urgency=low

  * EA-12086: Update ea-php83 from v8.3.4 to v8.3.6
  * Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874)
  * Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
  * Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)
  * Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some inputs). (CVE-2024-2757)

 -- Cory McIntire <cory@cpanel.net>  Thu, 11 Apr 2024 00:00:00 -0000

ea-php83-php (8.3.4-2) stable; urgency=low

  * ZC-11561: Add GD support for AVIF format on RHEL 8 and newer (RHEL only)

 -- Brian Mendoza <brian.mendoza@cpanel.net>  Thu, 21 Mar 2024 00:00:00 -0000

ea-php83-php (8.3.4-1) stable; urgency=low

  * EA-12018: Update ea-php83 from v8.3.3 to v8.3.4

 -- Cory McIntire <cory@cpanel.net>  Thu, 14 Mar 2024 00:00:00 -0000

ea-php83-php (8.3.3-1) stable; urgency=low

  * EA-11978: Update ea-php83 from v8.3.2 to v8.3.3

 -- Cory McIntire <cory@cpanel.net>  Thu, 15 Feb 2024 00:00:00 -0000

ea-php83-php (8.3.2-1) stable; urgency=low

  * EA-11920: Update ea-php83 from v8.3.1 to v8.3.2

 -- Cory McIntire <cory@cpanel.net>  Thu, 18 Jan 2024 00:00:00 -0000

ea-php83-php (8.3.1-1) stable; urgency=low

  * EA-11894: Update ea-php83 from v8.3.0 to v8.3.1

 -- Cory McIntire <cory@cpanel.net>  Thu, 04 Jan 2024 00:00:00 -0000

ea-php83-php (8.3.0-4) stable; urgency=low

  * EA-10753: Have snmp module require 'snmp-mibs-downloader' for deb

 -- Travis Holloway <t.holloway@cpanel.net>  Mon, 18 Dec 2023 00:00:00 -0000

ea-php83-php (8.3.0-3) stable; urgency=low

  * ZC-11475: Build on CentOS 7

 -- Julian Brown <julian.brown@cpanel.net>  Thu, 14 Dec 2023 00:00:00 -0000

ea-php83-php (8.3.0-2) stable; urgency=low

  * ZC-11183, ZC-11175: Initial Build

 -- Julian Brown <julian.brown@cpanel.net>  Mon, 27 Nov 2023 00:00:00 -0000

