PHP Changelog

New in version 5.4.23

December 14th, 2013
  • Core:
  • Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string).
  • Fixed bug #65947 (basename is no more working after fgetcsv in certain situation).
  • JSON:
  • Fixed whitespace part of #64874 ("json_decode handles whitespace and case-sensitivity incorrectly").
  • MySQLi:
  • Fixed bug #66043 (Segfault calling bind_param() on mysqli).
  • mysqlnd:
  • Fixed bug #66124 (mysqli under mysqlnd loses precision when bind_param with 'i').
  • Fixed bug #66141 (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES after failed query).
  • OpenSSL:
  • Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser).
  • PDO:
  • Fixed bug #65946 (sql_parser permanently converts values bound to strings).

New in version 5.4.22 (November 15th, 2013)

  • Core:
  • Fixed bug #65911 (scope resolution operator - strange behavior with $this).
  • CLI server:
  • Fixed bug #65818 (Segfault with built-in webserver and chunked transfer encoding).
  • Exif:
  • Fixed crash on unknown encoding.
  • FTP:
  • Fixed bug #65667 (ftp_nb_continue produces segfault).
  • ODBC:
  • Fixed bug #65950 (Field name truncation if the field name is bigger than 32 characters).
  • Sockets:
  • Fixed bug #65808 (the socket_connect() won't work with IPv6 address).
  • Standard:
  • Fixed bug #64760 (var_export() does not use full precision for floating-point numbers).
  • XMLReader:
  • Fixed bug #51936 (Crash with clone XMLReader).
  • Fixed bug #64230 (XMLReader does not suppress errors).

New in version 5.4.21 (October 30th, 2013)

  • Core:
  • Fixed bug #65322 (compile time errors won't trigger auto loading).
  • CLI server:
  • Fixed bug #65633 (built-in server treat some http headers as case-sensitive).
  • Datetime:
  • Fixed bug #64157 (DateTime::createFromFormat() reports confusing error message).
  • DBA extension:
  • Fixed bug #65708 (dba functions cast $key param to string in-place, bypassing copy on write).
  • Filter:
  • Add RFC 6598 IPs to reserved addresses.
  • Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names).
  • IMAP:
  • Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling imap).
  • Standard:
  • Fixed bug #61548 (content-type must appear at the end of headers for 201 Location to work in http).
  • Build system:
  • Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing gzencode())).

New in version 5.4.20 (September 20th, 2013)

  • Core:
  • Fixed bug #60598 (cli/apache sapi segfault on objects manipulation).
  • Fixed bug #65579 (Using traits with get_class_methods causes segfault).
  • Fixed bug #65490 (Duplicate calls to get lineno & filename for DTRACE_FUNCTION_*).
  • Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding spaces).
  • Fixed bug #65481 (shutdown segfault due to serialize).
  • Fixed bug #65470 (Segmentation fault in zend_error() with --enable-dtrace).
  • Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference fails).
  • Fixed bug #65304 (Use of max int in array_sum).
  • Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very limited case).
  • Fixed bug #65225 (PHP_BINARY incorrectly set).
  • Improved fix for bug #63186 (compile failure on netbsd).
  • Fixed bug #62692 (PHP fails to build with DTrace).
  • Fixed bug #61759 (class_alias() should accept classes with leading backslashes).
  • Fixed bug #61345 (CGI mode - make install don't work).
  • Cherry-picked some DTrace build commits (allowing builds on Linux, bug #62691 and bug #63706) from PHP 5.5 branch.
  • Fixed bug #61268 (--enable-dtrace leads make to clobber Zend/zend_dtrace.d)
  • cURL:
  • Fixed bug #65458 (curl memory leak).
  • Datetime:
  • Fixed bug #65554 (createFromFormat broken when weekday name is followed by some delimiters)
  • Fixed bug #65564 (stack-buffer-overflow in DateTimeZone stuff caught by AddressSanitizer)
  • Openssl:
  • Fixed bug #64802 (openssl_x509_parse fails to parse subject properly in some cases).
  • Session:
  • Fixed bug #62129 (rfc1867 crashes php even though turned off).
  • Fixed bug #50308 (session id not appended properly for empty anchor tags).
  • Fixed possible buffer overflow under Windows. Note: Not a security fix.
  • Changed session.auto_start to PHP_INI_PERDIR.
  • SOAP:
  • Fixed bug #65018 (SoapHeader problems with SoapServer).
  • SPL:
  • Fixed bug #65328 (Segfault when getting SplStack object Value).
  • PDO:
  • Fixed bug #64953 (Postgres prepared statement positional parameter casting).
  • Phar:
  • Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for some specific contents).
  • Pgsql:
  • Fixed bug #65336 (pg_escape_literal/identifier() silently returns false).
  • Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update() /pg_delete()/pg_insert()).
  • Zlib:
  • Fixed bug #65391 (Unable to send vary header user-agent when ob_start('ob_gzhandler') is called).

New in version 5.4.19 (August 23rd, 2013)

  • Core:
  • Fixed bug #64503 (Compilation fails with error: conflicting types for 'zendparse').
  • Openssl:
  • Fixed UMR in fix for CVE-2013-4248.

New in version 5.3.26 (June 7th, 2013)

  • Core:
  • Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, CVE-2013-2110).
  • Calendar:
  • Fixed bug #64895 (Integer overflow in SndToJewish).
  • FPM:
  • Fixed some possible memory or resource leaks and possible null dereference detected by code coverity scan.
  • Log a warning when a syscall fails.
  • MySQLi:
  • Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB pointer has closed).
  • Phar:
  • Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or with non std tmp dir).
  • Streams:
  • Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() on Windows x64).
  • Zend Engine:
  • Fixed bug #64821 (Custom Exception crash when internal properties overridden).

New in version 5.3.19 (November 23rd, 2012)

  • These releases fix over 15 bugs. All users of PHP are encouraged to upgrade to PHP 5.4.9, or at least 5.3.19.

New in version 5.3.18 (October 19th, 2012)

  • Fixed bug #63111 (is_callable() lies for abstract static method)
  • Fixed bug #61442 (exception threw in __autoload can not be catched

New in version 5.3.17 (October 5th, 2012)

  • Fixed bug #62955 (Only one directive is loaded from "Per Directory Values" Windows registry).
  • Fixed bug #62460 (php binaries installed as binary.dSYM).