7.0.212017-07-06stable(Multiple [PATH=] and [HOST=] sections not properly parsed).74738(Undefined constants in array properties result in broken properties).74658Fixed misparsing of abstract unix domain socket names.(Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (CVE-2017-12934)74101CVE-2017-12934(Heap buffer overread (READ: 1) finish_nested_data from unserialize). (CVE-2017-12933)74111CVE-2017-12933(PHP INI Parsing Stack Buffer Overflow Vulnerability). (CVE-2017-11628)74603CVE-2017-11628(wddx_deserialize() heap out-of-bound read via php_parse_date()). (CVE-2017-11145)74819CVE-2017-11145(References to deleted XPath query results).69373(Buffer over-read into uninitialized memory). (CVE-2017-7890)74435CVE-2017-7890(Stack Buffer Overflow in msgfmt_parse_message). (CVE-2017-11362)73473CVE-2017-11362(Wrong reflection on Collator::getSortKey and collator_get_sort_key).74705(grapheme_strpos illegal memory access).73634Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)CVE-2017-9224Add TAF callback (PR #2459).(Segfault with opcache.memory_protect and validate_timestamp).74663(negative-size-param (-1) in memcpy in zif_openssl_seal()). (CVE-2017-11144)74651CVE-2017-11144(Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).74087Support Instant Client 12.2 in --with-pdo-oci configure option.(Segfault when cast Reflection object to string with undefined constant).74673(null coalescing operator failing with SplFixedArray).74478(Invalid Reflection signatures for random_bytes and random_int).74708(Heap buffer overflow in substr).73648(ftp:// wrapper ignores context arg).74598(Phar::__construct reflection incorrect).74386(Incorrect conversion array with WSDL_CACHE_MEMORY).74679(stream_socket_get_name() returns '\0').74556security