More tags »
Not logged in
PHP Version 5.2.3 Released
on Friday, 01 June 2007, 05:51
Views: 5878, comments: 0
PHP version 5.2.3 has been released. This release continues to improve the security and the stability of the 5.X branch and all users are strongly encouraged to upgrade.
Quoting the announcement:
The PHP development team would like to announce the immediate availability of PHP 5.2.3. This release continues to improve the security and the stability of the 5.X branch as well as addressing two regressions introduced by the previous 5.2 releases. These regressions relate to the timeout handling over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in certain conditions. All users are encouraged to upgrade to this release
Security Enhancements and Fixes in PHP 5.2.3:
* Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)
* Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)
* Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)
* Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)
* Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
* Added mysql_set_charset() to allow runtime altering of connection encoding.
The key improvements of PHP 5.2.3 include:
* Improved compilation of heredocs and interpolated strings.
* Optimized out a couple of per-request syscalls.
* Optimized digest generation in md5() and sha1() functions.
* Fixed bug #41236 (Regression in timeout handling of non-blocking SSL connections during reads and writes)
* Fixed bug #39542 (Behavior of require/include different to < 5.2.0)
* Fixed bug #41293 (Fixed creation of HTTP_RAW_POST_DATA when there is no default post handler)
* Fixed bug #41347 (checkdnsrr() segfaults on empty hostname)
* Fixed bug #41353 (crash in openssl_pkcs12_read() on invalid input)
* Fixed bug #41403 (json_decode cannot decode floats if localeconv decimal_point is not '.')
* Fixed bug #41421 (Uncaught exception from a stream wrapper segfaults)
* Fixed bug #41504 (json_decode() incorrectly decodes JSON arrays with empty string keys).
Over 40 other bugs fixed.
The new release can be downloaded here. You might also be interested in the changelog.
PHP Version 5.2.2 (RC1) Released for Testing
PHP Version 5.2.4 Released
PHP Version 5.2.4 (RC1) Released for Testing
PHP Version 5.2.2 Released
PHP Version 5.2.1 Released
Symfony 1.0.4 Released
CodeIgniter 1.5.4 Released
Zend Framework 1.0.0 RC2 Released
Prado 3.1.0 Released
Zend Framework 1.0.0 RC3 Released
Zend Framework 1.0.1 Released
Zend Framework 1.0.0 Production Released
Symfony 1.0.5 Released
Symfony 1.0.6 Released
Learning PHP Data Objects
Exceptions in __autoload()
SimpleXML, DOM and Encodings
i18n with PHP5: Pitfalls
2008 PHP Quebec Conference Call for Papers
Most Important Feature of PHP 5?
PHP5 More Secure than PHP4
Zend Framework 1.0.0 RC1 Released
Prado 3.1.0 RC Released
Zend Platform 3.0 Released
Symfony 1.0 Released
Zend Framework 0.8.0 Released
Solar 0.26.0 Released
PHP Conference UK 2007 Registration Open
Zend Platform 3.0 Beta for Windows Released
Symfony 1.0 Beta 4 Released
International PHP Conference Call for Papers Announced
Solar 0.27.0 and 0.27.1 Released
Zend Core 2.0 Released
Zend Framework 0.9.3 Beta Released
Zend Core 2.0.1 for Oracle and IBM Released
Prado 3.1.0 Alpha Released
Symfony 1.0.2 Released
Prado 3.1.0 Beta Released
Zend Framework 0.9.0 Beta Released
Zend Framework 0.9.1 Beta Released
Prado 3.0.7 Released
Symfony 1.0.3 Released