Martes, 8 de enero de 2013
admin
The PHP development team announces the immediate availability of
PHP 5.4.7 and PHP 5.3.17. These releases fix over 20 bugs.
All users of PHP are encouraged to upgrade to PHP 5.4.7,
or at least 5.3.17.
Key enhancements in these releases include:
- Fixed bug #62955 (Only one directive is loaded from “Per Directory Values” Windows registry).
- Fixed bug #62460 (php binaries installed as binary.dSYM).
For source downloads of PHP 5.4.7 and PHP 5.3.17 please visit
our downloads page, Windows binaries
can be found on windows.php.net/download/.
The list of changes are recorded in the ChangeLog.
Fuente: PHP 5.4.7 and PHP 5.3.17 released!
Martes, 8 de enero de 2013
admin
The PHP development team announces the immediate availability of
PHP 5.4.8 and PHP 5.3.18. These releases fix over 20 bugs.
All users of PHP are encouraged to upgrade to PHP 5.4.8,
or at least 5.3.18.
Key enhancements in these releases include:
- Fixed bug #63111 (is_callable() lies for abstract static method)
- Fixed bug #61442 (exception threw in __autoload can not be catched)
For source downloads of PHP 5.4.8 and PHP 5.3.18 please visit
our downloads page, Windows binaries
can be found on windows.php.net/download/.
The list of changes are recorded in the ChangeLog.
Fuente: PHP 5.4.8 and PHP 5.3.18 released!
Categories: PHP Tags: bug, catched, changelog, exception, found, method, new php release, PHP, php.net frontpage news, recorded, releases, threw, visit, Windows, __autoload
Martes, 8 de enero de 2013
admin
The PHP development team announces the immediate availability of
PHP 5.5.0alpha1. This release marks the beginning of the PHP 5.5.0 release cycle.
All users of PHP are encouraged to test this version carefully,
and report any bugs in the bug tracking system.
THIS IS A DEVELOPMENT PREVIEW – DO NOT USE IT IN PRODUCTION!
PHP 5.5.0 Alpha 1 comes with new features such as (incomplete list) :
- support for Generators,
- a new password hashing API,
- support for finally in try/catch blocks
- support for list() in foreach,
- constant array/string dereferencing,
- ext/intl improvement.
We also dropped support for Windows XP and 2003.
You can read the full list of changes in the
NEWS file contained
in the release archive.
For source downloads of PHP 5.5.0 Alpha 1 please visit
the download page, Windows binaries
can be found on windows.php.net/qa/.
Thank you for helping us making PHP better.
Fuente: PHP 5.5.0 Alpha1 released
Categories: PHP Tags: alpha, array, constant, dereferencing, development, download, list, PHP, php.net frontpage news, string, support, Windows
Martes, 8 de enero de 2013
admin
The PHP development team announces the immediate availability of PHP 5.4.10 and PHP 5.3.20. These releases fix about 15 bugs. Please note that the PHP 5.3 series will enter an end of life cycle and receive only critical fixes as of March 2013. All users of PHP are encouraged to upgrade to PHP 5.4.
For source downloads of PHP 5.4.10 and PHP 5.3.20 please visit our downloads page, Windows binaries can be found on windows.php.net/download/.
The list of changes are recorded in the ChangeLog.
Fuente: PHP 5.4.10 and PHP 5.3.20 released!
Categories: PHP Tags: announces, availability, critical, development, fixes, march, net, new php release, php.net frontpage news, recorded, users, visit
Jueves, 14 de junio de 2012
admin
The PHP development team would like to announce the immediate
availability of PHP 5.3.9. This release focuses on improving the
stability of the PHP 5.3.x branch with over 90 bug fixes, some of
which are security related.
Security Enhancements and Fixes in PHP 5.3.9:
- Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885)
- Fixed bug #60150 (Integer overflow during the parsing of invalid exif
header). (CVE-2011-4566)
Key enhancements in PHP 5.3.9 include:
- Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to
is_a and is_subclass_of).
- Fixed bug #55609 (mysqlnd cannot be built shared)
- Many changes to the FPM SAPI module
For a full list of changes in PHP 5.3.9, see the ChangeLog. For source downloads please visit
our downloads page, Windows binaries can be found
on windows.php.net/download/.
All users are strongly encouraged to upgrade to PHP 5.3.9.
Fuente: PHP 5.3.9 Released!
Jueves, 14 de junio de 2012
admin
The PHP development team would like to announce the immediate
availability of PHP 5.3.10. This release delivers a critical security
fix.
Security Fixes in PHP 5.3.10:
- Fixed arbitrary remote code execution vulnerability reported by Stefan
Esser, CVE-2012-0830.
All users are strongly encouraged to upgrade to PHP 5.3.10.
For source downloads please visit
our downloads page, Windows binaries can be found
on windows.php.net/download/.
Fuente: PHP 5.3.10 Released!
Categories: PHP Tags: availability, cve, download, new php release, PHP, php.net frontpage news, reported, security, source, stefan, vulnerability
Jueves, 14 de junio de 2012
admin
Jueves, 14 de junio de 2012
admin
The PHP development team would like to announce the 2nd
release candidate of PHP 5.4.1.
Windows binaries can be downloaded from the
Windows QA site.
THIS IS A RELEASE CANDIDATE – DO NOT USE IT IN PRODUCTION!
This is the 2nd release candidate. The release candidate phase is
intended as a period of bug fixing prior to the stable release.
The release candidate fixes a critical issue when using the internal
classes in multiple threads.
A complete list of changes since the last release candidate can be
found in the
NEWS
file.
Please help us to identify
bugs in order to ensure that the release is solid and all things behave
as expected by taking the time to test this release candidate against
your code base and reporting any problems that you encounter to
the QA mailing list and/or
the PHP bug tracker.
PHP 5.4.1 final will be released on April 26.
Fuente: PHP 5.4.1RC2 Released for Testing
Categories: PHP Tags: bug, list, new php release, PHP, php.net frontpage news, release, released, solid, taking, tracker, Windows
Jueves, 14 de junio de 2012
admin
PHP 5.3.12/5.4.2 do not fix all variations of the CGI issues described
in CVE-2012-1823. It has also come to our attention that some sites use
an insecure cgiwrapper script to run PHP. These scripts will use $*
instead of “$@” to pass parameters to php-cgi which causes a number of
issues. Again, people using mod_php or php-fpm are not affected.
One way to address these CGI issues is to reject the request if the query string
contains a '-' and no '='. It can be done using Apache's mod_rewrite like this:
RewriteCond %{QUERY_STRING} ^[^=]*$
RewriteCond %{QUERY_STRING} %2d|- [NC]
RewriteRule .? - [F,L]
Note that this will block otherwise safe requests like ?top-40 so if you
have query parameters that look like that, adjust your regex accordingly.
Another set of releases are planned for Tuesday, May, 8th. These
releases will fix the CGI flaw and another CGI-related issue in
apache_request_header (5.4 only).
We apologize for the inconvenience created with these releases and the
(lack of) communication around them.
Fuente: PHP 5.3.12 and 5.4.2 and the CGI flaw (CVE-2012-1823)
Categories: PHP Tags: block, cgi, communication, created, flaw, inconvenience, note, php.net frontpage news, query, query_string, regex, releases, request, rewritecond, script
Jueves, 14 de junio de 2012
admin
The PHP development team would like to announce the immediate
availability of PHP 5.4.3 and PHP 5.3.13. All users are encouraged
to upgrade to PHP 5.4.3 or PHP 5.3.13
The releases complete a fix for a vulnerability
in CGI-based setups (CVE-2012-2311). Note: mod_php and php-fpm are not vulnerable to this attack.
PHP 5.4.3 fixes a buffer overflow vulnerability in the
apache_request_headers() (CVE-2012-2329).
The PHP 5.3 series is not vulnerable to this issue.
For source downloads of PHP 5.4.3 and PHP 5.3.13 please visit our downloads page,
Windows binaries can be found on windows.php.net/download/.
The list of changes are recorded in the ChangeLog.
Fuente: PHP 5.4.3 and PHP 5.3.13 Released!