PHP 5.2.12 release

The PHP development team announced the release of PHP 5.2.12. This release focuses on improving the reliability of PHP 5.2.X branches, adding over 60 fixes, some of which are related to security. All users of PHP 5.2 are encouraged to upgrade to this version.

Security enhancements and fixes in PHP 5.2.12:

• The ability to bypass the restrictions of the configuration variable safe_mode in the tempnam () function has been fixed.
• The ability to bypass the restrictions of the open_basedir configuration variable in the posix_mkfifo () function has been fixed.
• The max_file_uploads configuration variable has been added, which sets a limit on the number of files uploaded per request to 20 by default. This is done to prevent the possibility of denial of service attacks by creating an excessive amount of temporary files.
• Protection against damage of the $ _SESSION superglobal variable is added and verification of the configuration variable session.save_path is improved.
• Fixed bug No. 49785 (insufficient string checking in the htmlspecialchars () function).

Key improvements in PHP 5.2.12 include:

• Fixed useless initialization of setitimer in the case when timeouts are disabled.
• Fixed crash in the com_print_typeinfo function if incorrect typelib is specified.
• Fixed crash when calling methods SQLiteDatabase :: ArrayQuery () and SQLiteDatabase :: SingleQuery () using the reflection mechanism.
• Fixed crash when creating instances of PDORow and PDOStatement classes through the reflection mechanism.
• Fixed a memory leak in the openssl_pkcs12_export_to_file () function.
• Fixed bug # 50207 (crash when concatenating very large strings on 64-bit Linux).
• Fixed bug No. 50162 (memory leak when retrieving the value of a column with a timestamp type from an Oracle database).
• Fixed bug №50006 (crash when calling the function uksort ()).
• The error №50005 is corrected (throwing out the modified object of exclusion through the mechanism of reflection caused the program to crash).
• Fixed bug №49174 (crash when inheriting from the PDOStatement class and trying to set the value of the queryString property).
• Bug fixed # 49098 (program crash in case of mysqli extension error).
• More than 50 other fixes.

Full list of changes can be found in the List of changes.