You are here: Support > Announcements > Upgrade: PHP 5.2.5 Please Login or Register

02/27/2008 00:00

Upgrade: PHP 5.2.5

(Edit) 6:46pm: Upgrade complete!

PHP will be upgraded to version 5.2.5 this evening.

Security Enhancements and Fixes in PHP 5.2.5:

  • Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
  • Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.
  • Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf
  • Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
  • Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.
  • Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).
  • Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).

Key enhancements in PHP 5.2.5 include:

  • Upgraded PCRE to version 7.3
  • Updated timezone database to version 2007.9
  • Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable.
  • Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc() functions
  • Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll())
  • Fixed bug #42785 (json_encode() formats doubles according to locale rather then following standard syntax)
  • Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23)
  • Over 60 bug fixes.

For a full list of changes in PHP 5.2.5, see the ChangeLog.

<< Back

View RSS Feed

Powered by WHMCompleteSolution