Команда разработки PHP сообщает о выпуске обновлений для веток 5.3 и 5.2.
Fixed crash in zip extract method (possible CWE-170).
Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).
Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
Fixed symbolic resolution support when the target is a DFS share.
Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).
Added stat support for zip stream.
Added follow_location (enabled by default) option for the http stream support.
Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.
Multiple improvements to the FPM SAPI.
Over 100 other bug fixes.
Для пользователей, который обновляются с PHP 5.2 доступно руководство по миграции, детально описывающее процесс переноса приложений на PHP 5.3.
Полный список изменений в PHP 5.3.4 смотрите в ченжлоге.
Скачать в виде исходного ко��а
Скачать бинарники для Windows
Выход обновления 5.2.15 означает окончание поддержки ветки 5.2. Всем пользователям PHP 5.2 рекомендуется обновиться до PHP 5.3.
Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE.
Fixed crash in zip extract method (possible CWE-170).
Fixed a possible double free in imap extension.
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data).
Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4).
Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object).
Полный список изменений в PHP 5.2.15 смотрите в ченжлоге.
PHP 5.3.4
Security Enhancements and Fixes in PHP 5.3.4:
Fixed crash in zip extract method (possible CWE-170).
Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).
Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
Fixed symbolic resolution support when the target is a DFS share.
Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).
Key Bug Fixes in PHP 5.3.4 include:
Added stat support for zip stream.
Added follow_location (enabled by default) option for the http stream support.
Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.
Multiple improvements to the FPM SAPI.
Over 100 other bug fixes.
Для пользователей, который обновляются с PHP 5.2 доступно руководство по миграции, детально описывающее процесс переноса приложений на PHP 5.3.
Полный список изменений в PHP 5.3.4 смотрите в ченжлоге.
Скачать в виде исходного ко��а
Скачать бинарники для Windows
PHP 5.2.15
Выход обновления 5.2.15 означает окончание поддержки ветки 5.2. Всем пользователям PHP 5.2 рекомендуется обновиться до PHP 5.3.
Security Enhancements and Fixes in PHP 5.2.15:
Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE.
Fixed crash in zip extract method (possible CWE-170).
Fixed a possible double free in imap extension.
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data).
Key enhancements in PHP 5.2.15 include:
Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4).
Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object).
Полный список изменений в PHP 5.2.15 смотрите в ченжлоге.
