PHP release 5.2.12
Security enhancements and fixes in PHP 5.2.12:
- Fixed the ability to bypass the limitations of the safe_mode configuration variable in the tempnam () function.
- Fixed the ability to bypass the limitations of the open_basedir configuration variable in the posix_mkfifo () function.
- Added configuration variable max_file_uploads, which sets a limit on the number of files downloaded per request up to 20 by default. This is to prevent denial of service attacks by creating an excessive number of temporary files.
- Added protection against damage to the $ _SESSION superglobal variable and improved verification of the session.save_path configuration variable.
- Bug fixed # 49785 (insufficient string check in the htmlspecialchars () function).
Key improvements in PHP 5.2.12 include:
- Fixed useless setitimer initialization when timeouts are disabled.
- Fixed crash in com_print_typeinfo function in case of typelib invalid.
- Fixed crash when calling the methods SQLiteDatabase :: ArrayQuery () and SQLiteDatabase :: SingleQuery () using the reflection mechanism.
- Crash when creating instances of the PDORow and PDOStatement classes through the reflection mechanism has been fixed.
- Fixed memory leak in openssl_pkcs12_export_to_file () function.
- Bug # 50207 (program crash when concatenating very large strings on 64-bit Linux) was fixed.
- Bug # 50162 (memory leak when retrieving a column value of type timestamp from an Oracle database) is fixed.
- Bug # 50006 (program crash when calling the uksort () function) was fixed.
- Bug # 50005 was fixed (throwing the modified exception object through the reflection mechanism caused the program to crash).
- Bug fixed # 49174 (crash when inheriting from the PDOStatement class and attempting to set the value of the queryString property).
- Bug # 499898 (crash of the program in case of mysqli extension error) is fixed.
- More than 50 other fixes.
A complete list of changes can be found in the Changelog