join in here
RSS

php

Minggu, Januari 16, 2011 |

PHP 5.3.5 and 5.2.17 Released!

 affected by running this script from the
ged to upgrade to 5.2.16 or 5.3.4.
To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a migration guide available on http://php.net/migration53, details the changes between PHP 5.2 and PHP 5.3.
For a full list of changes in PHP 5.2.16 see the ChangeLog at http://www.php.net/Ch
[06-Jan-2011]
The PHP development team would like to announce the immediate availability of PHP 5.3.5 and 5.2.17.
This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers.
The problem is known to only affect x86 32-bit PHP processes, regardless of whether the system hosting PHP is 32-bit or 64-bit. You can test whether your system is
command line.
All users of PHP are strongly advised to update to these versions immediately.

PHP 5.2.16 Released!

The PHP development team would like to announce the immediate av16-Dec-2010]
ailability of PHP 5.2.16. This release marks the end of support for PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.
This release focuses on addressing a regression in open_basedir implementation introduced in 5.2.15 in addition to fixing a crash inside PDO::pgsql on data retrieval when the server is down. All users who have upgraded to 5.2.15 and are utilizing open_basedir are strongly encoura

PHP 5.3.4 Released!

[10-Dec-2010]
The PHP development team is proud to announce the immediate release of PHP 5.3.4. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.
Security Enhancements and Fixes in PHP 5.3.4:
  • Fixed crash in zip extract method (possible CWE-170).
  • Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).
  • Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
  • Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
  • Fixed possible flaw in open_basedir (CVE-2010-3436).
  • Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
  • Fixed symbolic resolution support when the target is a DFS share.
  • Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).
Key Bug Fixes in PHP 5.3.4 include:
  • Added stat support for zip stream.
  • Added follow_location (enabled by default) option for the http stream support.
  • Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
  • Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.
  • Multiple improvements to the FPM SAPI.
  • Over 100 other bug fixes.
For users upgrading from PHP 5.2 there is a migration guide available here, detailing the changes between those releases and PHP 5.3.
For a full list of changes in PHP 5.3.4, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/

PHP 5.2.15 Released!

[09-Dec-2010]
The PHP development team would like to announce the immediate availability of PHP 5.2.15. This release marks the end of support for PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.
This release focuses on improving the security and stability of the PHP 5.2.x branch with a small number, of predominatly security fixes.
Security Enhancements and Fixes in PHP 5.2.15:
  • Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE.
  • Fixed crash in zip extract method (possible CWE-170).
  • Fixed a possible double free in imap extension.
  • Fixed possible flaw in open_basedir (CVE-2010-3436).
  • Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
  • Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data).
Key enhancements in PHP 5.2.15 include:
  • Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4).
  • Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object).
To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a migration guide available on http://php.net/migration53, details the changes between PHP 5.2 and PHP 5.3.
For a full list of changes in PHP 5.2.15 see the ChangeLog at http://www.php.net/ChangeLog-5.php#5.2.15.

PHP 5.3.3 Released!

[22-Jul-2010]
The PHP development team would like to announce the immediate availability of PHP 5.3.3. This release focuses on improving the stability and security of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users are encouraged to upgrade to this release.
Backwards incompatible change:
  • Methods with the same name as the last element of a namespaced class name will no longer be treated as constructor. This change doesn't affect non-namespaced classes. <?php
    namespace Foo;
    class Bar {
        public function Bar() {
            // treated as constructor in PHP 5.3.0-5.3.2
            // treated as regular method in PHP 5.3.3
        }
    }
    ?>
    There is no impact on migration from 5.2.x because namespaces were only introduced in PHP 5.3.
Security Enhancements and Fixes in PHP 5.3.3:
  • Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).
  • Fixed a possible resource destruction issues in shm_put_var().
  • Fixed a possible information leak because of interruption of XOR operator.
  • Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.
  • Fixed a possible memory corruption in ArrayObject::uasort().
  • Fixed a possible memory corruption in parse_str().
  • Fixed a possible memory corruption in pack().
  • Fixed a possible memory corruption in substr_replace().
  • Fixed a possible memory corruption in addcslashes().
  • Fixed a possible stack exhaustion inside fnmatch().
  • Fixed a possible dechunking filter buffer overflow.
  • Fixed a possible arbitrary memory access inside sqlite extension.
  • Fixed string format validation inside phar extension.
  • Fixed handling of session variable serialization on certain prefix characters.
  • Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
  • Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
  • Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.
  • Fixed possible buffer overflows when handling error packets in mysqlnd.




  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS
Diposting oleh new

0 komentar:

Posting Komentar

terimakasih

Langganan: Posting Komentar (Atom)
anjing hlhlh lhl;hlh; ;h;lhlhl; jj;