Wednesday, May 03, 2006

PHP 5.1.3. Release Announcement

The PHP development team is proud to announce the release of PHP 5.1.3. This release combines small number of feature enhancements with a significant amount of bug fixes and resolves a number of security issues. All PHP users are encouraged to upgrade to this release as soon as possible.

The security issues resolved include the following:

  • Disallow certain characters in session names.
  • Fixed a buffer overflow inside the wordwrap() function.
  • Prevent jumps to parent directory via the 2nd parameter of the tempnam() function.
  • Enforce safe_mode for the source parameter of the copy() function.
  • Fixed cross-site scripting inside the phpinfo() function.
  • Fixed offset/length parameter validation inside the substr_compare() function.
  • Fixed a heap corruption inside the session extension.
  • Fixed a bug that would allow variable to survive unset().

The feature enhancements include the following notables:

  • The use of the var keyword to declare properties no longer raises a deprecation E_STRICT.
  • FastCGI interface was completely reimplemented.
  • Multitude of improvements to the SPL, SimpleXML, GD, CURL and Reflection extensions.
  • Support for many additional date formats added to the strtotime() function.
  • A number of performance improvements added to the engine and the core extensions.
  • Added imap_savebody() that allows message body to be written to a file.
  • Added lchown() and lchgrp() to change user/group ownership of symlinks.
  • Upgraded bundled PCRE library to version 6.6

The release also includes over 120 bug fixes with a focus on:

  • Make auto_globals_jit work without too many INI changes.
  • Fixed tiger hash algorithm generating wrong results on big endian platforms.
  • Fixed a number of errors in the SOAP extension.
  • Fixed recursion handling in the serialize() functionality.
  • Make is_*() function account of open_basedir restrictions.
  • Fixed a number of crashes in the DOM and PDO extensions.
  • Addressed a number of regressions in the strtotime() function.
  • Make memory_limit work in Win32 systems.
  • Fixed a deadlock in the sqlite extension caused by the sqlite_fetch_column_types() function.
  • Fixed memory leaks in the realpath() cache.
For a full list of changes in PHP 5.1.3, see the ChangeLog

No comments: