-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The PHP development team would like to announce the immediate  
availability of PHP 5.2.1. This release is a major stability and  
security enhancement of the 5.X branch, and all users are strongly  
encouraged to upgrade to it as soon as possible.

Security Enhancements and Fixes in PHP 5.2.1:

* Fixed possible safe_mode & open_basedir bypasses inside the session  
extension.
* Prevent searchs engine from indexing the phpinfo() page.
* Fixed a number of input processing bugs inside the filter extension.
* Fixed unserialize() abuse on 64 bit systems with certain input  
strings.
* Fixed possible overflows and stack corruptions in the session  
extension.
* Fixed an underflow inside the internal sapi_header_op() function.
* Fixed allocation bugs caused by attempts to allocate negative  
values in some code paths.
* Fixed possible stack overflows inside zip, imap & sqlite extensions.
* Fixed several possible buffer overflows inside the stream filters.
* Fixed non-validated resource destruction inside the shmop extension.
* Fixed a possible overflow in the str_replace() function.
* Fixed possible clobbering of super-globals in several code paths.
* Fixed a possible information disclosure inside the wddx extension.
* Fixed a possible string format vulnerability in *print() functions  
on 64 bit systems.
* Fixed a possible buffer overflow inside mail() and ibase_ 
{delete,add,modify}_user() functions.
* Fixed a string format vulnerability inside the odbc_result_all()  
function.
* Memory limit is now enabled by default.
* Added internal heap protection.
* Extended filter extension support for $_SERVER in CGI and apache2  
SAPIs.
The majority of the security vulnerabilities discovered and resolved  
can in most cases be only abused by local users and cannot be  
triggered remotely. However, some of the above issues can be  
triggered remotely in certain situations, or exploited by malicious  
local users on shared hosting setups utilizing PHP as an Apache  
module. Therefore, we strongly advise all users of PHP, regardless of  
the version to upgrade to 5.2.1 release as soon as possible. PHP  
4.4.5 with equivalent security corrections will be available shortly.

The key improvements of PHP 5.2.1 include:

* Several performance improvements in the engine, streams API and  
some Windows specific optimizations.
* PDO_MySQL now uses buffered queries by default and emulates  
prepared statements to bypass limitations of MySQL's prepared  
statement API.
* Many improvements and enhancements to the filter and zip extensions.
* Memory limit is now always enabled, this includes Windows builds,  
with a default limit of 128 megabytes.
* Added several performance optimizations using faster Win32 APIs  
(this change means that PHP no longer supports Windows 98).
* FastCGI speed optimized build of PHP for Windows made available for  
downloading.
* Over 180 bug fixes.
For users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is  
available at http://www.php.net/UPDATE_5_2.txt, detailing the changes  
between those releases and PHP 5.2.1.

For a full list of changes in PHP 5.2.1, see the ChangeLog (http:// 
www.php.net/ChangeLog-5.php#5.2.1).


Ilia Alshanetsky
PHP 5.2 Release Master
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFFy855LKekh381/CERAt9WAKCathnXwfnCVpxJW3d9/oTzT3TRkwCglIrf
xvRWrYoU2Z0RRLexOL0c8x0=
=rxtJ
-----END PGP SIGNATURE-----

-- 
PHP Announcements Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php