[ANNOUNCE] PHP 5.2.3 Released :: ASPN Mail Archive

Recent Messages
List Archives
About the List
List Leaders
Subscription Options

View Subscriptions
Help

View by Topic
ActiveState
.NET Framework
Open Source
Perl
PHP
Python
Tcl
Web Services
XML & XSLT

View by Category
Database
General
SOAP
System Administration
Tools
User Interfaces
Web Programming
XML Programming

MyASPN >> Mail Archive >> php-announce

php-announce

[ANNOUNCE] PHP 5.2.3 Released
by Ilia Alshanetsky other posts by this author
May 31 2007 4:44PM messages near this date

confirm subscribe to php-announce@lists.php.net | [ANNOUNCE] PHP 5.2.2 and PHP 4.4.7 Released!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The PHP development team would like to announce the immediate  
availability of PHP 5.2.3. This release continues to improve the  
security and the stability of the 5.X branch as well as addressing  
two regressions introduced by the previous 5.2 releases. These  
regressions relate to the timeout handling over non-blocking SSL  
connections and the lack of HTTP_RAW_POST_DATA in certain conditions.  
All users are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.3
- ----------------------------------------------------------------

     * Fixed an integer overflow inside chunk_split() (by Gerhard  
Wagner, CVE-2007-2872)
     * Fixed possible infinite loop in imagecreatefrompng. (by Xavier  
Roche, CVE-2007-2756)
     * Fixed ext/filter Email Validation Vulnerability (MOPB-45 by  
Stefan Esser, CVE-2007-1900)
     * Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath 
()) (by bugs dot php dot net at chsc dot dk)
     * Improved fix for CVE-2007-1887 to work with non-bundled  
sqlite2 lib.
     * Added mysql_set_charset() to allow runtime altering of  
connection encoding.

The Key Improvements of PHP 5.2.3 Include
- ------------------------------------------------------------

     * Improved compilation of heredocs and interpolated strings.
     * Optimized out a couple of per-request syscalls.
     * Optimized digest generation in md5() and sha1() functions.

     * Fixed bug #41236 (Regression in timeout handling of non- 
blocking SSL connections during reads and writes)
     * Fixed bug #39542 (Behavior of require/include different to <  
5.2.0)
     * Fixed bug #41293 (Fixed creation of HTTP_RAW_POST_DATA when  
there is no default post handler)
     * Fixed bug #41347 (checkdnsrr() segfaults on empty hostname)
     * Fixed bug #41353 (crash in openssl_pkcs12_read() on invalid  
input)
     * Fixed bug #41403 (json_decode cannot decode floats if  
localeconv decimal_point is not '.')
     * Fixed bug #41421 (Uncaught exception from a stream wrapper  
segfaults)
     * Fixed bug #41504 (json_decode() incorrectly decodes JSON  
arrays with empty string keys).
     * Over 40 bug fixes.

For users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is  
available here (http://www.php.net/migration52), detailing the  
changes between those releases and PHP 5.2.3.

For a full list of changes in PHP 5.2.3, see the ChangeLog (http:// 
www.php.net/ChangeLog-5.php#5.2.3).


Ilia Alshanetsky
5.2 Release Master



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFGX1X8LKekh381/CERAjBxAKCXXcyFfACKzNIvFaSwqrQiljO4agCgnfgZ
wntxoge1BS5hpodTIoeP6EA=
=maBZ
-----END PGP SIGNATURE-----

-- 
PHP Announcements Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php