Search results matching tag 'release'

PHP 5.2.11 released!

pierrejoye — Fri, 18 Sep 2009 07:24:38 GMT

The PHP development team would like to announce the immediate availability of PHP 5.2.11. This release focuses on improving the stability of the PHP 5.2.x branch with over 75 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.11:

Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
Fixed sanity check for the color index in imagecolortransparent(). (Pierre)
Added missing sanity checks around exif processing. (Ilia)
Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)

Further details about the PHP 5.2.11 release can be found in the release announcement, and the full list of changes are available in the ChangeLog

On windows the libcurl library has been updated to its latest version which fix the following flaw http://curl.haxx.se/docs/adv_20090812.html. The libcurl is used only by the cURL functions.

5.2.9-2 released

pierrejoye — Wed, 08 Apr 2009 09:10:37 GMT

The PHP Development Team would like to announce the availability of a new Windows build for PHP - PHP 5.2.9-2

This release focuses on fixing security flaws in the included OpenSSL library (CVE-2009-0590, CVE-2009-0591 and CVE-2009-0789). The security advisory is available here.

The OpenSSL library has been updated to 0.9.8k, which includes fixes for these flaws.

Note: Only the Windows binaries are affected. There are no changes to the PHP sources, therefore no source releases are necessary.

Binaries are available in our downloads page

PHP 5.3.0RC1 is out!

pierrejoye — Wed, 25 Mar 2009 14:52:06 GMT

The PHP development team is proud to announce the availability of the first release candidate of PHP 5.3.0 (PHP 5.3.0RC1). This release marks the final phase in a major improvement in the 5.X series, which includes a large number of new features, bug fixes and security enhancements.

The key features of the PHP 5.3 branch include:

Support for namespaces
Under the hood performance improvements
Late static binding
Lambda functions and closures
Syntax additions: NOWDOC, limited GOTO, ternary short cut "?:" and __callStatic()
Optional garbage collection for cyclic references
Optional mysqlnd PHP native replacement for libmysql
Improved windows support including VC6 and VC9 binaries
More consistent float rounding
Deprecation notices are now handle via E_DEPRECATED (part of E_ALL) instead of the E_STRICT error level
Several enhancements to enable more flexiblity in php.ini (and ini parsing in general)
New bundled extensions: ext/phar, ext/intl, ext/fileinfo, ext/sqlite3, ext/enchant
Countless bug fixes and improvements to existing extensions in particular to: ext/openssl, ext/spl and ext/date

This release also drops several extensions and unifies usage of internal APIs. Users should be aware of the following known backwards compatibility breaks:

Parameter parsing API unification will cause some functions to behave more or less strict when it comes to type juggling
Removed the following extensions: ext/mhash (see ext/hash), ext/msql, ext/pspell (see ext/enchant), ext/sybase (see ext/sybase_ct)
Moved the following extensions to PECL: ext/ming, ext/fbsql, ext/ncurses, ext/fdf
Removed zend.ze1_compatibility_mode
See the upgrading guide for other minor changes

All users of PHP, especially those using earlier PHP 5 releases are advised to test this release as the final release of PHP 5.3.0 will eventually obsolete the 5.2 branch of PHP.

For users upgrading from previous PHP 5 releases there is an upgrading guide available here, detailing the changes between those releases and PHP 5.3.0.

Please also note that we are aware of issues surrounding float/integer handling in some edge cases (some of which have been introduced in PHP 5.2.0), as well as a crash bug in NSAPI, that will be fixed in PHP 5.3.0RC2. These issues however do not prevent wide spread testing of PHP 5.3.0RC1 as users can now rely on the feature set and implementation decisions no longer being changed.

For a full list of changes in PHP 5.3.0, see the CVS NEWS file.

PHP 5.2.9-1 released! cURL security fix

pierrejoye — Sat, 14 Mar 2009 17:15:57 GMT

The PHP Development Team would like to announce the availability of a new Windows build of PHP - PHP 5.2.9-1

This release focuses on fixing a security flaw introduced by the cURL library (CVE-2009-0037). Please see the following for a full description: http://curl.haxx.se/docs/adv_20090303.html

Please note that the affected features are disabled when open_basedir or safe_mode are enabled.

Note: Only the Windows packages are affected and no change in PHP sources has been made.

Binaries are available in our downloads page

PHP 5.2.9 released!

pierrejoye — Fri, 27 Feb 2009 00:32:05 GMT

The PHP development team would like to announce the immediateavailability of PHP 5.2.9. This release focuses on improving the stability ofthe PHP 5.2.x branch with over 50 bug fixes, several of which are security related.All users of PHP are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.9:

Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. Reported by Hamid Ebadi, APA Laboratory (Fixes CVE-2008-5498). (Scott)
Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre)
Fixed explode() behavior with empty string to respect negative limit. (Shire)
Fixed a segfault when malformed string is passed to json_decode(). (Scott)

Further details about the PHP 5.2.9 can be found in the release announcement for 5.2.9 the full list of changes is available in the ChangeLog for PHP 5.