PHP in Version 5.2.1 veröffentlicht
Die PHP-Entwickler legten bei diesem Release ihren Fokus speziell auf Stabilität und Sicherheit von PHP, so wurden mit diesem Release über 180 Bugs und Sicherheitslücken beseitigt. Des Weitern wurde die Performence von PHP verbessert
Das komplette Changelog findet ihr HIER
Aus dem iBlog von Ilia Alshanetsky :
It took a bit longer then originally anticipated, but PHP 5.2.1 was finally released today. Big thanks to all the people who have helped make this release possible, by reporting bugs, identifying security issues and of course helping to resolve those issues and improving the language in general.
The focus of this release was making PHP 5.2 more stable and more secure. The complete shopping list of changes can be found here. The official release announcement can be found at http://www.php.net/releases/5_2_1.php, it details the major changes and all of the security fixes that have been made in this release.
Given the significant number of security issues that were resolved, my recommendation is that all users of PHP, especially those running really old versions (You know who you are) consider upgrading to this release as soon as possible. Not only will the security of your setup increase, but the stability and the performance of your PHP will improve as well.
Hier noch einige Sicherheitslücken und Bugfixes die mit Version 5.2.1 behoben wurden:
- Fixed possible safe_mode & open_basedir bypasses inside the session extension.
- Prevent search engines from indexing the phpinfo() page.
- Fixed a number of input processing bugs inside the filter extension.
- Fixed unserialize() abuse on 64 bit systems with certain input strings.
- Fixed possible overflows and stack corruptions in the session extension.
- Fixed an underflow inside the internal sapi_header_op() function.
- Fixed allocation bugs caused by attempts to allocate negative values in some code paths.
- Fixed possible stack overflows inside zip, imap & sqlite extensions.
- Fixed several possible buffer overflows inside the stream filters.
- Fixed non-validated resource destruction inside the shmop extension.
- Fixed a possible overflow in the str_replace() function.
- Fixed possible clobbering of super-globals in several code paths.
- Fixed a possible information disclosure inside the wddx extension.
- Fixed a possible string format vulnerability in *print() functions on 64 bit systems.
- Fixed a possible buffer overflow inside mail() and ibase_{delete,add,modify}_user() functions.
- Fixed a string format vulnerability inside the odbc_result_all() function.
- Memory limit is now enabled by default.
- Added internal heap protection.
- Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.
Tar-archive und Windows-Binaries findet ihr HIER.