December 22, 2009 at 22:43

PHP release 5.2.12

    The PHP development team announced the release of PHP 5.2.12. This release focuses on improving the reliability of the PHP 5.2.X branch, adding more than 60 fixes to it, some of which are related to security. All users of PHP branch 5.2 are encouraged to upgrade to this version.

    Security enhancements and fixes in PHP 5.2.12:
    • Fixed the ability to bypass the limitations of the safe_mode configuration variable in the tempnam () function.
    • Fixed the ability to bypass the limitations of the open_basedir configuration variable in the posix_mkfifo () function.
    • Added configuration variable max_file_uploads, which sets a limit on the number of files downloaded per request up to 20 by default. This is to prevent denial of service attacks by creating an excessive number of temporary files.
    • Added protection against damage to the $ _SESSION superglobal variable and improved verification of the session.save_path configuration variable.
    • Bug fixed # 49785 (insufficient string check in the htmlspecialchars () function).

    Key improvements in PHP 5.2.12 include:
    • Fixed useless setitimer initialization when timeouts are disabled.
    • Fixed crash in com_print_typeinfo function in case of typelib invalid.
    • Fixed crash when calling the methods SQLiteDatabase :: ArrayQuery () and SQLiteDatabase :: SingleQuery () using the reflection mechanism.
    • Crash when creating instances of the PDORow and PDOStatement classes through the reflection mechanism has been fixed.
    • Fixed memory leak in openssl_pkcs12_export_to_file () function.
    • Bug # 50207 (program crash when concatenating very large strings on 64-bit Linux) was fixed.
    • Bug # 50162 (memory leak when retrieving a column value of type timestamp from an Oracle database) is fixed.
    • Bug # 50006 (program crash when calling the uksort () function) was fixed.
    • Bug # 50005 was fixed (throwing the modified exception object through the reflection mechanism caused the program to crash).
    • Bug fixed # 49174 (crash when inheriting from the PDOStatement class and attempting to set the value of the queryString property).
    • Bug # 499898 (crash of the program in case of mysqli extension error) is fixed.
    • More than 50 other fixes.

    A complete list of changes can be found in the Changelog
    Tags:

    Also popular now: