PHP 5.1.3

di Gianni Tomasicchio - 3 maggio 2006

php.gif Disponibile una nuova release di PHP 5, orientata principalmente alla correzione di diversi bachi (più di 120) e problemi di sicurezza. Migliorate anche alcune funzionalità del linguaggio, aggiornata l'estensione PCRE, reimplementata l'interfaccia FastCGI ed apportati diversi interventi per l'aumento delle performance dello Zend engine.

Per il dettaglio sui cambiamenti apportati da questa release è possibile consultare il changelog.

Ecco l'annuncio ufficiale:

The PHP development team is proud to announce the release of PHP 5.1.3. This release combines small number of feature enhancements with a significant amount of bug fixes and resolves a number of security issues. All PHP users are encouraged to upgrade to this release as soon as possible.

The security issues resolved include the following:

  • Disallow certain characters in session names.
  • Fixed a buffer overflow inside the wordwrap() function.
  • Prevent jumps to parent directory via the 2nd parameter of the tempnam() function.
  • Enforce safe_mode for the source parameter of the copy() function.
  • Fixed cross-site scripting inside the phpinfo() function.
  • Fixed offset/length parameter validation inside the substr_compare() function.
  • Fixed a heap corruption inside the session extension.
  • Fixed a bug that would allow variable to survive unset().

The feature enhancements include the following notables:

  • The use of the var keyword to declare properties no longer raises a deprecation E_STRICT.
  • FastCGI interface was completely reimplemented.
  • Multitude of improvements to the SPL, SimpleXML, GD, CURL and Reflection extensions.
  • Support for many additional date formats added to the strtotime() function.
  • A number of performance improvements added to the engine and the core extensions.
  • Added imap_savebody() that allows message body to be written to a file.
  • Added lchown() and lchgrp() to change user/group ownership of symlinks.
  • Upgraded bundled PCRE library to version 6.6

The release also includes over 120 bug fixes with a focus on:

  • Make auto_globals_jit work without too many INI changes.
  • Fixed tiger hash algorithm generating wrong results on big endian platforms.
  • Fixed a number of errors in the SOAP extension.
  • Fixed recursion handling in the serialize() functionality.
  • Make is_*() function account of open_basedir restrictions.
  • Fixed a number of crashes in the DOM and PDO extensions.
  • Addressed a number of regressions in the strtotime() function.
  • Make memory_limit work in Win32 systems.
  • Fixed a deadlock in the sqlite extension caused by the sqlite_fetch_column_types() function.
  • Fixed memory leaks in the realpath() cache.
Effettua l'accesso o registrati per inserire un commento