PHP.net news & announcements
|
|
-
PHP 5.3.4 Released!
The PHP development team is proud to announce the immediate release of PHP
5.3.4. This is a maintenance release in the 5.3 series, which includes a
large number of bug fixes.
Security Enhancements and Fixes in PHP 5.3.4:
- Fixed crash in zip extract method (possible CWE-170).
- Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).
- Fixed a possible double free in imap extension (Identified by Mateusz
Kocielski). (CVE-2010-4150).
- Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
(CVE-2010-3709).
- Fixed possible flaw in open_basedir (CVE-2010-3436).
- Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
- Fixed symbolic resolution support when the target is a DFS share.
- Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
large amount of data) (CVE-2010-3710).
Key Bug Fixes in PHP 5.3.4 include:
- Added stat support for zip stream.
- Added follow_location (enabled by default) option for the http stream
support.
- Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
- Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect
zend multibyte at runtime.
- Multiple improvements to the FPM SAPI.
- Over 100 other bug fixes.
For users upgrading from PHP 5.2 there is a migration guide
available here, detailing
the changes between those releases and PHP 5.3.
For a full list of changes in PHP 5.3.4, see the
ChangeLog. For source downloads
please visit our downloads page, Windows
binaries can be found on windows.php.net/download/.
-
PHP 5.2.15 Released!
The PHP development team would like to announce the immediate
availability of PHP 5.2.15. This release marks the end of support
for PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.
This release focuses on improving the security and stability of the
PHP 5.2.x branch with a small number, of predominatly security fixes.
Security Enhancements and Fixes in PHP 5.2.15:
- Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE.
- Fixed crash in zip extract method (possible CWE-170).
- Fixed a possible double free in imap extension.
- Fixed possible flaw in open_basedir (CVE-2010-3436).
- Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
- Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data).
Key enhancements in PHP 5.2.15 include:
- Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4).
- Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object).
To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a
migration guide available on http://php.net/migration53, details the changes between
PHP 5.2 and PHP 5.3.
For a full list of changes in PHP 5.2.15 see the ChangeLog at
http://www.php.net/ChangeLog-5.php#5.2.15.
-
Confoo
-
PHP'n Rio 10
-
Zend / PHP Conference
The 6th Annual Zend/PHP Conference will bring together PHP developers and
IT managers from around the world to discuss PHP best practices and explore
new technologies.
At ZendCon, you'll learn from a variety of technical sessions in 9 tracks,
renowned speakers, in-depth tutorials, an Exhibit Hall featuring industry
leaders and unique networking opportunities.
-
Learn PHP best practices for architecture, design and development
-
Discover new advances in the PHP language and how to best harness them
-
Gain insights from peers, PHP luminaries, community members and
thought-leaders
-
Discover how to deploy and scale large PHP applications
-
Explore new technologies like NoSQL and Cloud Computing
-
Learn how to effectively leverage Zend Framework and the changes coming
in Zend Framework 2.0
Register now so you don't miss out on the most popular tutorials and
savings. And join us at the 2010 Zend/PHP Conference - the largest
gathering of the PHP community!
|