PHP 5.2.8 Released

News, last technologies, release, services about the web and what is relative to it.
Post Reply
User avatar
Lakys
Site Admin
Site Admin
Posts: 5191
Joined: Sun Dec 12, 2004 3:30 am
Contact:

PHP 5.2.8 Released

Post by Lakys » Fri May 02, 2008 11:24 am

Ilia Alshanetsky wrote:The PHP development team would like to announce the immediate availability of PHP 5.2.6. This release focuses on improving the stability of the PHP 5.2.x branch with over 120 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.6:

* Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
* Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
* Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
* Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
* Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
* Upgraded bundled PCRE to version 7.6
Key enhancements in PHP 5.2.6 include:

* Fixed two possible crashes inside the posix extension.
* Fixed bug #44069 (Huge memory usage with concatenation using .
instead of .=)
* Fixed bug #44141 (private parent constructor callable through static function).
* Fixed bug #43589 (a possible infinite loop in bz2_filter.c).
* Fixed bug #43450 (Memory leak on some functions with implicit object __toString() call).
* Fixed bug #43201 (Crash on using uninitialized vals and __get/__set).
* Fixed bug #42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql).
* Fixed bug #42937 (__call() method not invoked when methods are called on parent from child class).
* Fixed bug #42736 (xmlrpc_server_call_method() crashes).
* Fixed bug #42369 (Implicit conversion to string leaks memory).
* Fixed bug #41562 (SimpleXML memory issue).
* Over 120 bug fixes.

For users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is available here (http://www.php.net/migration52), detailing the changes between those releases and PHP 5.2.6.
For a full list of changes in PHP 5.2.6, see the ChangeLog (http:// www.php.net/ChangeLog-5.php#5.2.6).

Ilia Alshanetsky
5.2 Release Master

User avatar
Lakys
Site Admin
Site Admin
Posts: 5191
Joined: Sun Dec 12, 2004 3:30 am
Contact:

PHP 5.2.8 Released

Post by Lakys » Tue Dec 09, 2008 12:40 pm

Here is a new quick release which replaces and cancels a broken 5.2.7.
Ilia Alshanetsky wrote: The PHP development team would like to announce the immediate availability of PHP 5.2.8. This release addresses a regression introduced by 5.2.7 in regard to the magic_quotes functionality, that was broken by an incorrect fix to the filter extension. All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively you can apply a work-around for the bug by changing "filter.default_flags=0" in php.ini.

For users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is available here (http://www.php.net/migration52), detailing the changes between those releases and PHP 5.2.8. For a full list of changes in PHP 5.2.8, see the ChangeLog (http://www.php.net/ChangeLog-5.php#5.2.8).

Ilia Alshanetsky
5.2 Release Master
For those who missed the previous announce here it is:
Ilia Alshanetsky wrote: The PHP development team would like to announce the immediate availability of PHP 5.2.7. This release focuses on improving the stability of the PHP 5.2.x branch with over 170 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.7:

* Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)
* Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz.
* Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
* Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
* Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz.
* Fixed safe_mode related security issues detailed in CVE-2008-2665 and CVE-2008-2666.
* Crash with URI/file..php (filename contains 2 dots) (Fixes
CVE-2008-3660)
* IMAP toolkit crash: rfc822.c legacy routine buffer overflow. (Fixes
CVE-2008-2829)

Some of the key enhancements in PHP 5.2.7 include:

* Fixed several memory leaks inside the readline and sqlite extensions
* A number of corrections relating to date parsing inside the date extension
* Fixed bugs relating to data retrieval in the PDO extension
* A series of crashes in various areas of code were resolved
* Several corrections were made to the strip_tags() function in terms of < and <?XML handling
* A number of bugs were fixed in extract() function when EXTR_REFS flag is being used
* Added the ability to log PHP errors to the SAPI (Ex. Apache log) logging facility
* Over 170 bug fixes.

For users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is available here (http://www.php.net/migration52), detailing the changes between those releases and PHP 5.2.7. For a full list of changes in PHP 5.2.7, see the ChangeLog (http://www.php.net/ChangeLog-5.php#5.2.7).

Ilia Alshanetsky
5.2 Release Master

Post Reply

Return to “News on the web”