PHP 5.3.7 released, but the update contains a critical error.
On August 18, version 5.3.7 was announced.
August 22 announced Upgrade Warning which does not recommend the installation / upgrade of this version.
Briefly: when using the crypt () function for MD5 hashes, only salt is issued.
It turns out this is a very unpleasant thing:
The bug works only for MD5 (default algorithm in php), DES and BLOWFISH are not affected.
')
The developers promise to release version 5.3.8 with a bug fix for a few days.
Bug # 55439 crypt () returns only the salt for MD5
August 22 announced Upgrade Warning which does not recommend the installation / upgrade of this version.
Briefly: when using the crypt () function for MD5 hashes, only salt is issued.
It turns out this is a very unpleasant thing:
printf("MD5: %s\n", crypt('password', '$1$U7AjYB.O$'));
:
----------------
MD5: $1$U7AjYB.O$L1N7ux7twaMIMw0En8UUR1
:
--------------
MD5: $1$U7AjYB.OThe bug works only for MD5 (default algorithm in php), DES and BLOWFISH are not affected.
')
The developers promise to release version 5.3.8 with a bug fix for a few days.
Bug # 55439 crypt () returns only the salt for MD5
Source: https://habr.com/ru/post/126857/
All Articles