PHP 5.3.6 release
Security enhancements and fixes:
- Enforce security in the fastcgi protocol parsing with fpm SAPI.
- Fixed bug # 54247 (format-string vulnerability on Phar). (CVE-2011-1153)
- Fixed bug # 54193 (Integer overflow in shmop_read ()). (CVE-2011-1092)
- Fixed bug # 54055 (buffer overrun for precision ini setting).
- Fixed bug # 54002 (crash on crafted tag in exif). (CVE-2011-0708)
- Fixed bug # 53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)
Key improvements:
- Upgraded bundled Sqlite3 to version 3.7.4.
- Upgraded bundled PCRE to version 8.11.
- Added ability to connect to HTTPS sites through proxy with basic authentication using stream_context / http / header / Proxy-Authorization.
- Added options to debug backtrace functions.
- Changed default value of in directive serialize_precision from 100 to 17.
- Fixed Bug # 53971 (isset () and empty () produce apparently spurious runtime error).
- Fixed Bug # 53958 (Closures can't 'use' shared variables by value and by reference).
- Fixed bug # 53577 (Regression introduced in 5.3.4 in open_basedir with a trailing forward slash).
- More than 60 other fixes.
Windows users: Please note that assemblies created using Visual Studio C ++ 6 are no longer supported. It is not possible to maintain the high quality and security of PHP for Windows using a non-developing compiler.
')
For Apache SAPI (php5_apache2_2.dll), make sure that you are using the version of Apache compiled using Visual Studio C ++ 9. Builds from ApacheLounge are recommended . For any other SAPI (CLI, FastCGI mod_fcgi, FastCGI with IIS or another FastCGI server), everything works as before. Developers of third-party extensions should rebuild their extensions in such a way as to make them compatible with Visual Studio C ++ 9.
Full list of changes here .
You can download it here .
- Enforce security in the fastcgi protocol parsing with fpm SAPI.
- Fixed bug # 54247 (format-string vulnerability on Phar). (CVE-2011-1153)
- Fixed bug # 54193 (Integer overflow in shmop_read ()). (CVE-2011-1092)
- Fixed bug # 54055 (buffer overrun for precision ini setting).
- Fixed bug # 54002 (crash on crafted tag in exif). (CVE-2011-0708)
- Fixed bug # 53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)
Key improvements:
- Upgraded bundled Sqlite3 to version 3.7.4.
- Upgraded bundled PCRE to version 8.11.
- Added ability to connect to HTTPS sites through proxy with basic authentication using stream_context / http / header / Proxy-Authorization.
- Added options to debug backtrace functions.
- Changed default value of in directive serialize_precision from 100 to 17.
- Fixed Bug # 53971 (isset () and empty () produce apparently spurious runtime error).
- Fixed Bug # 53958 (Closures can't 'use' shared variables by value and by reference).
- Fixed bug # 53577 (Regression introduced in 5.3.4 in open_basedir with a trailing forward slash).
- More than 60 other fixes.
Windows users: Please note that assemblies created using Visual Studio C ++ 6 are no longer supported. It is not possible to maintain the high quality and security of PHP for Windows using a non-developing compiler.
')
For Apache SAPI (php5_apache2_2.dll), make sure that you are using the version of Apache compiled using Visual Studio C ++ 9. Builds from ApacheLounge are recommended . For any other SAPI (CLI, FastCGI mod_fcgi, FastCGI with IIS or another FastCGI server), everything works as before. Developers of third-party extensions should rebuild their extensions in such a way as to make them compatible with Visual Studio C ++ 9.
Full list of changes here .
You can download it here .
Source: https://habr.com/ru/post/115665/
All Articles