PHP5: Articles, News, Tutorials, Interviews, Software and more
Featured Article:
Learning PHP Data Objects
Sun, 28 Nov 2021
 Home   About   Contribute   Contact Us   Polls 
Top Tags
ajax article codeigniter conference dom namespace news onphp5 oop php5 poll prado security solar sqlite symfony unicode zend core zend framework zend platform
More tags »

Not logged in
Login | Register


PHP Version 5.2.1 Released

« Zend Platform 3.0 Released PHP5 More Secure than PHP4 »

By dennisp on Saturday, 10 February 2007, 09:37
Published under: news   php5
Views: 5879, comments: 0

PHP version 5.2.1 has been released. This release is a major stability and security enhancement of the 5.X branch, and all users are strongly encouraged to upgrade to it as soon as possible.

Quoting the announcement:

Security Enhancements and Fixes in PHP 5.2.1:

  • Fixed possible safe_mode & open_basedir bypasses inside the session extension.
  • Prevent search engines from indexing the phpinfo() page.
  • Fixed a number of input processing bugs inside the filter extension.
  • Fixed unserialize() abuse on 64 bit systems with certain input strings.
  • Fixed possible overflows and stack corruptions in the session extension.
  • Fixed an underflow inside the internal sapi_header_op() function.
  • Fixed allocation bugs caused by attempts to allocate negative values in some code paths.
  • Fixed possible stack overflows inside zip, imap & sqlite extensions.
  • Fixed several possible buffer overflows inside the stream filters.
  • Fixed non-validated resource destruction inside the shmop extension.
  • Fixed a possible overflow in the str_replace() function.
  • Fixed possible clobbering of super-globals in several code paths.
  • Fixed a possible information disclosure inside the wddx extension.
  • Fixed a possible string format vulnerability in
  • print() functions on 64 bit systems.
  • Fixed a possible buffer overflow inside mail() and ibase_{delete,add,modify}_user() functions.
  • Fixed a string format vulnerability inside the odbc_result_all() function.
  • Memory limit is now enabled by default.
  • Added internal heap protection.
  • Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.

The majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely. However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module. Therefore, we strongly advise all users of PHP, regardless of the version to upgrade to 5.2.1 release as soon as possible.

You can download this release here.

Related articles

PHP Version 5.2.4 Released
PHP Version 5.2.3 Released
PHP Version 5.2.4 (RC1) Released for Testing
PHP Version 5.2.2 (RC1) Released for Testing
PHP Version 5.2.2 Released
Symfony 1.0.4 Released
Zend Framework 1.0.0 RC2 Released
Zend Framework 1.0.0 RC3 Released
Prado 3.1.0 Released
Zend Framework 1.0.0 Production Released
Symfony 1.0.5 Released
CodeIgniter 1.5.4 Released
Symfony 1.0.6 Released
Learning PHP Data Objects
Advocating Namespaces
Exceptions in __autoload()
SimpleXML, DOM and Encodings
i18n with PHP5: Pitfalls
2008 PHP Quebec Conference Call for Papers
Most Important Feature of PHP 5?
PHP5 More Secure than PHP4
Zend Framework 1.0.1 Released
Symfony 1.0.3 Released
Zend Platform 3.0 Released
Symfony 1.0 Released
Zend Framework 0.8.0 Released
Solar 0.27.0 and 0.27.1 Released
Solar 0.26.0 Released
PHP Conference UK 2007 Registration Open
Zend Platform 3.0 Beta for Windows Released
Symfony 1.0 Beta 4 Released
International PHP Conference Call for Papers Announced
Zend Core 2.0 Released
Zend Framework 0.9.0 Beta Released
Zend Core 2.0.1 for Oracle and IBM Released
Prado 3.1.0 RC Released
Prado 3.1.0 Alpha Released
Zend Framework 0.9.3 Beta Released
Symfony 1.0.2 Released
Zend Framework 0.9.1 Beta Released
Prado 3.0.7 Released
Prado 3.1.0 Beta Released
Zend Framework 1.0.0 RC1 Released

© 2021 onPHP5.com