VSI-AXPVMS-PERL528-V0528-1-1-RELNOTE.PDF

Perl v5.28.1 is a maintenance release that addresses issues found in v5.28.0, primarily focusing on security vulnerabilities and bug fixes.

Key highlights include:

• Security Fixes: Two critical vulnerabilities were patched:

  • [CVE-2018-18311] An integer overflow in Perl_my_setenv() that could lead to a buffer overflow and segmentation fault when handling environment variables.
  • [CVE-2018-18312] A heap-buffer-overflow write in S_regatom (during regular expression compilation) that could allow arbitrary code execution via crafted regexes.

• No Incompatible Changes: The release explicitly states there are no changes intentionally incompatible with Perl 5.28.0.

• Selected Bug Fixes: Several issues were resolved, including:

  • An index() optimization incorrectly triggering warnings in when clauses.
  • Incorrect matching of decimal digits in script runs (e.g., 1\N{THAI DIGIT FIVE} matching (*sr:\d+)).
  • A directory handle leak in the new in-place editing code.

• Module Update: Module::CoreList was upgraded to version 5.20181129_28.

This release represents approximately five months of development, incorporating about 6,100 lines of changes across 44 files from 12 authors. Users upgrading from versions earlier than 5.28.0 are advised to first review the perl5280delta document.