Send PHP 5.3.4 and PHP 5.2.15
The PHP development team announces the release of updates for branches 5.3 and 5.2.
Fixed crash in zip extract method (possible CWE-170).
Paths with NULL in them (foo \ 0bar.txt) are now considered as invalid (CVE-2006-7243).
Fixed as possible double in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
Fixed NULL pointer dereference in ZipArchive :: getArchiveComment. (CVE-2010-3709).
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
Fixed symbolic resolution support for the DFS share.
Fixed bug # 52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).
Added stat support for zip stream.
Added follow_location (enabled by default) option for the http stream support.
Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
Implemented FR # 52348, added new ZEND_MULTIBYTE to detect zend multibyte at runtime.
Multiple improvements to the FPM SAPI.
Over 100 other fixes.
')
For users who are updated with PHP 5.2 , a migration guide is available that details the process of migrating applications to PHP 5.3.
For a complete list of changes in PHP 5.3.4, see the changelog .
Download as source code
Download Windows binaries
The release of update 5.2.15 means the end of support for branch 5.2. All PHP 5.2 users are encouraged to upgrade to PHP 5.3.
Fixed extract () to do not overwrite $ GLOBALS and $ this when using EXTR_OVERWRITE.
Fixed crash in zip extract method (possible CWE-170).
Fixed a possible double free in imap extension.
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed NULL pointer dereference in ZipArchive :: getArchiveComment. (CVE-2010-3709).
Fixed bug # 52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data).
Fixed bug # 47643 (array_diff () takes over 3000 times longer than php 5.2.4).
Fixed bug # 44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object).
For a complete list of changes in PHP 5.2.15, see the changelog .
PHP 5.3.4
Security Enhancements and Fixes in PHP 5.3.4:
Fixed crash in zip extract method (possible CWE-170).
Paths with NULL in them (foo \ 0bar.txt) are now considered as invalid (CVE-2006-7243).
Fixed as possible double in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
Fixed NULL pointer dereference in ZipArchive :: getArchiveComment. (CVE-2010-3709).
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
Fixed symbolic resolution support for the DFS share.
Fixed bug # 52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).
Key Bug Fixes in PHP 5.3.4 include:
Added stat support for zip stream.
Added follow_location (enabled by default) option for the http stream support.
Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
Implemented FR # 52348, added new ZEND_MULTIBYTE to detect zend multibyte at runtime.
Multiple improvements to the FPM SAPI.
Over 100 other fixes.
')
For users who are updated with PHP 5.2 , a migration guide is available that details the process of migrating applications to PHP 5.3.
For a complete list of changes in PHP 5.3.4, see the changelog .
Download as source code
Download Windows binaries
PHP 5.2.15
The release of update 5.2.15 means the end of support for branch 5.2. All PHP 5.2 users are encouraged to upgrade to PHP 5.3.
Security Enhancements and Fixes in PHP 5.2.15:
Fixed extract () to do not overwrite $ GLOBALS and $ this when using EXTR_OVERWRITE.
Fixed crash in zip extract method (possible CWE-170).
Fixed a possible double free in imap extension.
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed NULL pointer dereference in ZipArchive :: getArchiveComment. (CVE-2010-3709).
Fixed bug # 52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data).
Key enhancements in PHP 5.2.15 include:
Fixed bug # 47643 (array_diff () takes over 3000 times longer than php 5.2.4).
Fixed bug # 44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object).
For a complete list of changes in PHP 5.2.15, see the changelog .
Source: https://habr.com/ru/post/109761/
All Articles