php

PHP 5.4.10 is now available for download.What’s new in this release?

Fixes:

Segfault in gc_collect_cycles
parse_ini_file() with INI_SCANNER_RAW removes quotes from value
wrong called method as callback with inheritance
config.guess file does not have AIX 7 defined, shared objects are not created
Crasher in tt-rss backend.php
ob_start callback gets passed empty string
Poor date() performance
Datetime::format(‘u’) sometimes wrong by 1 microsecond
DISABLE_AUTHENTICATOR ignores array
use php_next_utf8_char and remove duplicate implementation
missing header

(more…)

PHP 5.4.9 is now available for download.What’s new in this release?

Fixes:
zend_mm_heap corrupted with traits
((un)serialize leaves dangling pointers, causes crashes
PHP fails to open Windows deduplicated files
Handle leak in is_readable on windows
Curl silently accepts boolean true for SSL_VERIFYHOST
Load multiple magic files from a directory under Windows
Missing context check on libxml_set_streams_context causes memleak
max_input_vars doesn’t filter variables when mbstring.encoding_translation = On
Add ORA-00028 to the PHP_OCI_HANDLE_ERROR macro
Corruption of hash tables
Segfault in zend_gc with SF2 testsuite
Upgrade PCRE to 8.31
buffer overflow in use of SQLGetDiagRec
Emulate prepares behave strangely with PARAM_BOOL
Phar fails to write an openssl based signature
stream_get_line return contains delimiter string
ReflectionClass::getTraitAliases incorrectly resolves traitnames
(more…)

PHP 5.4.8 is now available for download.What’s new in this release?

Changed response to unknown HTTP method to 501 according to RFC.
Support HTTP PATCH method.
Added optional second argument for assert() to specify custom message.
Support building PHP with the native client toolchain.
Added –offline option for tests.
(more…)

PHP 5.4.7 is now available for download.This release fixes over 20 bugs. What’s new in this release?

Fixes:

segfault while build with zts and GOTO vm-kind
Only one directive is loaded from “Per Directory Values” Windows registry
parse_url() does not recognize //
stdint.h included on platform where HAVE_STDINT_H is not set
register_shutdown_function and extending class
Calling exit() in a shutdown function does not return the exit value
dangling pointers made by zend_disable_class
munmap() is called with the incorrect length
Segfault when using traits a lot
implementing __toString and a cast to string fails
Fatal error raised by var_export() not caught by error handler
Stat and Dir stream wrapper methods do not call constructor
(more…)

PHP 5.4.6 is now available for download.This release fixes over 20 bugs.What’s new in this release?

Fixes:

readline extension compilation fails with sapi/cli/cli.h: No such file.
Allow access to name of constant used as default value
Get namespaces from current node
ArrayIterator::count() from IteratorIterator instance gives Segmentation fault
ArrayIterator gives misleading notice on next() when moved to the end
segfault in php_stream_wrapper_log_error with ZTS build
ob_gzhandler always conflicts with zlib.output_compression
(more…)

PHP 5.4.5 is now available for download.This release fixes over 30 bugs.What’s new in this release?

Fixes:

Crypt SHA256/512 Segfaults With Malformed Salt
ReflectionMethod random corrupt memory on high concurrent
serialize() generates wrong reference to the object
compile failure: (S) Arguments missing for built-in function __memcmp
Using traits with method aliases appears to result in crash during execution
parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon
potential overflow in _php_stream_scandir
information leak in ext exi
php-fpm segfaults (null passed to strstr)
Add process.priority to set nice(2) priorities
when using unix sockets, multiples FPM instances
php-fpm exits with status 0 on some failures to start
Unable to cross-compile PHP with –enable-fpm
php-fpm is not allowed to run as root
php-fpm should not fail with commented ‘user’
FPM drops connection while receiving some binary values in FastCGI requests
fpm don’t send error log to fastcgi clients). (fat) for non-root start
FPM pools can listen on the same address). (fat) can be launched without errors
Erealloc in iconv.c unsafe
(more…)

PHP 5.4.4 is now available for download.The release fixes multiple security issues (over 30 bugs).

Implemented FR -Need CLI web-server support for files with .htm & svg extensions
Improved performance while sending error page
Fixed functions related to current script failed when chdir() in cli sapi
Fixed missing bound check in iptcparse()
Fixed CURLOPT_COOKIEFILE ” raises open_basedir restriction
Fixed json_encode() incorrectly truncates/discards information
(more…)

PHP 5.4.3 is now available for download.

Fixed Buffer Overflow in apache_request_headers (mod_php and php-fpm are not vulnerable to this attack)
Fixed Improve fix for PHP-CGI query string parameter vulnerability (PHP 5.3 series is not vulnerable to  this issue)
(more…)

PHP 5.4.2 is now available for download.
Fixed PHP-CGI query string parameter vulnerability.(unnoticed for at least 8 years).If you are using Apache mod_cgi to run PHP you may be vulnerable. To see if you are, just add ?-s to the end of any of your URLs. If you see your source code, you are vulnerable. If your site renders normally, you are not.
(more…)

PHP 5.4.0 is now available for download.what’s new in this version?

New language syntax including Traits, shortened array syntax
Improved performance and reduced memory consumption
Support for multibyte languages now available in all builds of PHP at the flip of a runtime switch
Built-in webserver in CLI mode to simplify development workflows and testing
Cleaner code base thanks to the removal of multiple deprecated language features
Many more improvements and fixes

(more…)