PHP Changelog

New in version 5.6.8

April 17th, 2015
  • Core:
  • Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
  • Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters).
  • Fixed bug #68917 (parse_url fails on some partial urls).
  • Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
  • Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString).
  • Fixed bug #69210 (serialize function return corrupted data when sleep has non-string values).
  • Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing).
  • Fixed bug #69221 (Segmentation fault when using a generator in combination with an Iterator).
  • Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability).
  • Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions).
  • Apache2handler:
  • Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler).
  • cURL:
  • Implemented FR #69278 (HTTP2 support).
  • Fixed bug #68739 (Missing break / control flow).
  • Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER).
  • Date:
  • Fixed bug #69336 (Issues with "last day of ").
  • Enchant:
  • Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows builds).
  • Ereg:
  • Fixed bug #68740 (NULL Pointer Dereference).
  • Fileinfo:
  • Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault).
  • Filter:
  • Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used).
  • Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127).
  • OPCache:
  • Fixed bug #69297 (function_exists strange behavior with OPCache on disabled function).
  • Fixed bug #69281 (opcache_is_script_cached no longer works).
  • Fixed bug #68677 (Use After Free). (CVE-2015-1351)
  • OpenSSL:
  • Fixed bugs #68853, #65137 (Buffered crypto stream data breaks IO polling in stream_select() contexts) (Chris Wright)
  • Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly) (Daniel Lowrey)
  • Fixed bug #69215 (Crypto servers should send client CA list) (Daniel Lowrey)
  • Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)
  • Phar:
  • Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
  • Fixed bug #64931 (phar_add_file is too restrictive on filename).
  • Fixed bug #65467 (Call to undefined method cli_arg_typ_string).
  • Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar").
  • Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (CVE-2015-2783)
  • Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode).
  • Postgres:
  • Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352)
  • SPL:
  • Fixed bug #69227 (Use after free in zval_scan caused by spl_object_storage_get_gc).
  • SOAP:
  • Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)).
  • Sqlite3:
  • Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
  • Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3).
  • Fixed bug #66550 (SQLite prepared statement use-after-free).

New in version 5.6.7 (March 20th, 2015)

  • Core:
  • Fixed bug #69174 (leaks when unused inner class use traits precedence).
  • Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
  • Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build).
  • Fixed bug #65593 (Segfault when calling ob_start from output buffering callback).
  • Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c).
  • Fixed bug #68166 (Exception with invalid character causes segv).
  • Fixed bug #69141 (Missing arguments in reflection info for some builtin functions).
  • Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (CVE-2015-0231)
  • Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
  • Fixed bug #69207 (move_uploaded_file allows nulls in path).
  • CGI:
  • Fixed bug #69015 (php-cgi's getopt does not see $argv).
  • CLI:
  • Fixed bug #67741 (auto_prepend_file messes up __LINE__).
  • cURL:
  • Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32).
  • Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl.
  • Ereg:
  • Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (CVE-2015-2305)
  • FPM:
  • Fixed bug #68822 (request time is reset too early).
  • ODBC:
  • Fixed bug #68964 (Allowed memory size exhausted with odbc_exec).
  • Opcache:
  • Fixed bug #69159 (Opcache causes problem when passing a variable variable to a function).
  • Fixed bug #69125 (Array numeric string as key).
  • Fixed bug #69038 (switch(SOMECONSTANT) misbehaves).
  • OpenSSL:
  • Fixed bug #68912 (Segmentation fault at openssl_spki_new).
  • Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts).
  • Fixed bug #68920 (use strict peer_fingerprint input checks) (Daniel Lowrey)
  • Fixed bug #68879 (IP Address fields in subjectAltNames not used) (Daniel Lowrey)
  • Fixed bug #68265 (SAN match fails with trailing DNS dot) (Daniel Lowrey)
  • Fixed bug #67403 (Add signatureType to openssl_x509_parse) (Daniel Lowrey)
  • Fixed bug #69195 (Inconsistent stream crypto values across versions) (Daniel Lowrey)
  • pgsql:
  • Fixed bug #68638 (pg_update() fails to store infinite values).
  • Readline:
  • Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters).
  • SOAP:
  • Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()).
  • SPL:
  • Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage).
  • Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()).
  • ZIP:
  • Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary). (CVE-2015-2331)

New in version 5.6.6 (February 20th, 2015)

  • Core:
  • Removed support for multi-line headers, as the are deprecated by RFC 7230.
  • Fixed bug #67068 (getClosure returns somethings that's not a closure).
  • Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273)
  • Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow).
  • Fixed bug #67988 (htmlspecialchars() does not respect default_charset specified by ini_set) (Yasuo)
  • Added NULL byte protection to exec, system and passthru.
  • Dba:
  • Fixed bug #68711 (useless comparisons).
  • Enchant:
  • Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()).
  • Fileinfo:
  • Fixed bug #68827 (Double free with disabled ZMM).
  • Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files correctly).
  • Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some gifs).
  • FPM:
  • Fixed bug #66479 (Wrong response to FCGI_GET_VALUES).
  • Fixed bug #68571 (core dump when webserver close the socket).
  • JSON:
  • Fixed bug #50224 (json_encode() does not always encode a float as a float) by adding JSON_PRESERVE_ZERO_FRACTION.
  • LIBXML:
  • Fixed bug #64938 (libxml_disable_entity_loader setting is shared between threads).
  • Mysqli:
  • Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande)
  • Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient has rounding errors) (Keyur Govande)
  • Opcache:
  • Fixed bug with try blocks being removed when extended_info opcode generation is turned on.
  • PDO_mysql:
  • Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of named pipes).
  • Phar:
  • Fixed bug #68901 (use after free).
  • Pgsql:
  • Fixed bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)
  • Session:
  • Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
  • Fixed bug #66623 (no EINTR check on flock) (Yasuo)
  • Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
  • Sqlite3:
  • Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args).
  • Standard:
  • Fixed bug #65272 (flock() out parameter not set correctly in windows).
  • Fixed bug #69033 (Request may get env. variables from previous requests if PHP works as FastCGI).
  • Streams:
  • Fixed bug which caused call after final close on streams filter.

New in version 5.6.3 (December 17th, 2014)

  • Core:
  • Implemented 64-bit format codes for pack() and unpack().
  • Fixed bug #51800 (proc_open on Windows hangs forever).
  • Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write).
  • Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)).
  • Fixed bug #67949 (DOMNodeList elements should be accessible through array notation) (Florian)
  • Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in php_getopt()).
  • Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined).
  • Fixed bug #68129 (parse_url() - incomplete support for empty usernames and passwords) (Tjerk)
  • Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
  • CURL:
  • Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus)
  • Fileinfo:
  • Fixed bug #66242 (libmagic: don't assume char is signed).
  • Fixed bug #68224 (buffer-overflow in libmagic/readcdf.c caught by AddressSanitizer).
  • Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers).
  • FPM:
  • Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass).
  • Implemented FR #55508 (listen and listen.allowed_clients should take IPv6 addresses).
  • GD:
  • Fixed bug #65171 (imagescale() fails without height param).
  • GMP:
  • Implemented gmp_random_range() and gmp_random_bits().
  • Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
  • Mysqli:
  • Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande)
  • ODBC:
  • Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by a VARCHAR column) (Keyur Govande)
  • OpenSSL:
  • Fixed bug #68074 (Allow to use system cipher list instead of hardcoded value).
  • PDO_pgsql:
  • Fixed bug #68199 (PDO::pgsqlGetNotify doesn't support NOTIFY payloads) (Matteo, Alain Laporte)
  • Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)
  • Reflection:
  • Fixed bug #68103 (Duplicate entry in Reflection for class alias).
  • SPL:
  • Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk)

New in version 5.6.1 (October 3rd, 2014)

  • Core:
  • Implemented FR #38409 (parse_ini_file() loses the type of booleans).
  • Fixed bug #65463 (SIGSEGV during zend_shutdown()).
  • Fixed bug #66036 (Crash on SIGTERM in apache process).
  • Fixed bug #67878 (program_prefix not honoured in man pages).
  • Fixed bug #67938 (Segfault when extending interface method with variadic).
  • Fixed bug #67985 (Incorrect last used array index copied to new array after unset).
  • Fixed bug #68088 (New Posthandler Potential Illegal efree() vulnerability).
  • DOM:
  • Made DOMNode::textContent writeable.
  • Fileinfo:
  • Fixed bug #67731 (finfo::file() returns invalid mime type for binary files).
  • GD:
  • Made fontFetch's path parser thread-safe.
  • GMP:
  • Fixed bug #67917 (Using GMP objects with overloaded operators can cause memory exhaustion).
  • Fixed bug #50175 (gmp_init() results 0 on given base and number starting with 0x or 0b).
  • Implemented gmp_import() and gmp_export().
  • MySQLi:
  • Fixed bug #67839 (mysqli does not handle 4-byte floats correctly).
  • OpenSSL:
  • Fixed bug #67850 (extension won't build if openssl compiled without SSLv3).
  • phpdbg:
  • Fixed issue krakjoe/phpdbg#111 (compile error without ZEND_SIGNALS).
  • SOAP:
  • Fixed bug #67955 (SoapClient prepends 0-byte to cookie names).
  • Session:
  • Fixed bug #67972 (SessionHandler Invalid memory read create_sid()).
  • Sysvsem:
  • Implemented FR #67990 (Add optional nowait argument to sem_acquire).

New in version 5.5.16 (August 27th, 2014)

  • COM:
  • Fixed missing type checks in com_event_sink.
  • Core:
  • Fixed bug #67693 (incorrect push to the empty array).
  • Fileinfo:
  • Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538).
  • Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)).
  • FPM:
  • Fixed bug #67635 (php links to systemd libraries without using pkg-config).
  • GD:
  • Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497).
  • Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120).
  • Milter:
  • Fixed bug #67715 (php-milter does not build and crashes randomly).
  • Network:
  • Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597).
  • OpenSSL:
  • Fixed missing type checks in OpenSSL options.
  • readline:
  • Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt).
  • Fixed bug #67496 (Save command history when exiting interactive shell with control-c).
  • Sessions:
  • Fixed missing type checks in php_session_create_id.
  • ODBC:
  • Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte char fields).

New in version 5.6.0 Alpha 2 (February 17th, 2014)

  • Peer certificates are now verified by default when connecting to SSL/TLS servers
  • An exponentiation operator has been added: **
  • Output encoding handling has been simplified by using default_charset as the default character encoding

New in version 5.6.0 Alpha 1 (January 25th, 2014)

  • constant scalar expressions,
  • variadic functions,
  • argument unpacking,
  • support for large(>2GiB) file uploads,
  • SSL/TLS improvements,
  • a new command line debugger called phpdbg.

New in version 5.5.8 (January 10th, 2014)

  • Core:
  • Disallowed JMP into a finally block.
  • Added validation of class names in the autoload process.
  • Fixed invalid C code in zend_strtod.c.
  • Fixed bug #66041 (list() fails to unpack yielded ArrayAccess object).
  • Fixed bug #65764 (generators/throw_rethrow FAIL with ZEND_COMPILE_EXTENDED_INFO).
  • Fixed bug #61645 (fopen and O_NONBLOCK).
  • Fixed bug #66218 (zend_register_functions breaks reflection).
  • Date:
  • Fixed bug #66060 (Heap buffer over-read in DateInterval).
  • Fixed bug #65768 (DateTimeImmutable::diff does not work).
  • DOM:
  • Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML() Produces invalid Markup).
  • Exif:
  • Fixed bug #65873 (Integer overflow in exif_read_data()).
  • Filter:
  • Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer).
  • GD:
  • Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)).
  • PDO_odbc:
  • Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries).
  • MySQLi:
  • Fixed bug #65486 (mysqli_poll() is broken on win x64).
  • OPCache:
  • Fixed revalidate_path=1 behavior to avoid caching of symlinks values.
  • Fixed Issue #140: "opcache.enable_file_override" doesn't respect "opcache.revalidate_freq".
  • SNMP:
  • Fixed SNMP_ERR_TOOBIG handling for bulk walk operations.
  • SOAP:
  • Fixed bug #66112 (Use after free condition in SOAP extension).
  • Sockets:
  • Fixed bug #65923 (ext/socket assumes AI_V4MAPPED is defined).
  • XSL:
  • Fixed bug #49634 (Segfault throwing an exception in a XSL registered function).
  • ZIP:
  • Fixed bug #66321 (ZipArchive::open() ze_obj->filename_len not real).

New in version 5.5.7 (December 12th, 2013)

  • CLI server:
  • Added some MIME types to the CLI web server (Chris Jones)
  • Implemented FR #65917 (getallheaders() is not supported by the built-in web server) also implements apache_response_headers() (Andrea Faulds)
  • Core:
  • Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence)
  • OPCache:
  • Fixed bug #66176 (Invalid constant substitution). (Dmitry)
  • Fixed bug #65915 (Inconsistent results with require return value). (Dmitry)
  • Fixed bug #65559 (Opcache: cache not cleared if changes occur while running). (Dmitry)
  • OpenSSL:
  • Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser).
  • readline:
  • Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi)

New in version 5.5.7 RC1 (November 29th, 2013)

  • CLI server:
  • Added some MIME types to the CLI web server (Chris Jones)
  • Implemented FR #65917 (getallheaders() is not supported by the built-in web server) also implements apache_response_headers() (Andrea Faulds)
  • Core:
  • Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence)
  • OPCache:
  • Fixed bug #66176 (Invalid constant substitution). (Dmitry)
  • Fixed bug #65915 (Inconsistent results with require return value). (Dmitry)
  • Fixed bug #65559 (Opcache: cache not cleared if changes occur while running). (Dmitry)
  • readline:
  • Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi)

New in version 5.5.6 (November 14th, 2013)

  • Core:
  • Improved performance of array_merge() and func_get_args() by eliminating useless copying.
  • Fixed bug #65947 (basename is no more working after fgetcsv in certain situation).
  • Fixed bug #65939 (Space before ";" breaks php.ini parsing).
  • Fixed bug #65911 (scope resolution operator - strange behavior with $this).
  • Fixed bug #65936 (dangling context pointer causes crash).
  • FPM:
  • Changed default listen() backlog to 65535.
  • MySQLi:
  • Fixed bug #66043 (Segfault calling bind_param() on mysqli).
  • OPCache:
  • Increased limit for opcache.max_accelerated_files to 1,000,000.
  • Fixed issue #115 (path issue when using phar).
  • Fixed issue #149 (Phar mount points not working with OPcache enabled).
  • ODBC:
  • Fixed bug #65950 (Field name truncation if the field name is bigger than 32 characters).
  • PDO:
  • Fixed bug #66033 (Segmentation Fault when constructor of PDO statement throws an exception).
  • Fixed bug #65946 (sql_parser permanently converts values bound to strings).
  • Standard:
  • Fixed bug #64760 (var_export() does not use full precision for floating-point numbers).

New in version 5.5.5 (October 17th, 2013)

  • Core:
  • Fixed bug #64979 (Wrong behavior of static variables in closure generators).
  • Fixed bug #65322 (compile time errors won't trigger auto loading).
  • Fixed bug #65821 (By-ref foreach on property access of string offset segfaults).
  • CLI Server:
  • Fixed bug #65633 (built-in server treat some http headers as case-sensitive).
  • Fixed bug #65818 (Segfault with built-in webserver and chunked transfer encoding).
  • Added application/pdf to PHP CLI Web Server mime types
  • Datetime:
  • Fixed bug #64157 (DateTime::createFromFormat() reports confusing error message).
  • Fixed bug #65502 (DateTimeImmutable::createFromFormat returns DateTime).
  • Fixed bug #65548 (Comparison for DateTimeImmutable doesn't work).
  • DBA:
  • Fixed bug #65708 (dba functions cast $key param to string in-place, bypassing copy on write).
  • Filter:
  • Add RFC 6598 IPs to reserved addresses.
  • Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names).
  • FTP:
  • Fixed bug #65667 (ftp_nb_continue produces segfault).
  • GD:
  • Ensure that the defined interpolation method is used with the generic scaling methods.
  • IMAP:
  • Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling imap).
  • OPCache:
  • Fixed bug #65845 (Error when Zend Opcache Optimizer is fully enabled).
  • Fixed bug #65665 (Exception not properly caught when opcache enabled).
  • Fixed bug #65510 (5.5.2 crashes in _get_zval_ptr_ptr_var).
  • Fixed issue #135 (segfault in interned strings if initial memory is too low).
  • Added function opcache_compile_file() to load PHP scripts into cache without execution.
  • Added support for GNU Hurd.
  • Sockets:
  • Fixed bug #65808 (the socket_connect() won't work with IPv6 address).
  • SPL:
  • Fixed bug #64782 (SplFileObject constructor make $context optional / give it a default value).
  • Standard:
  • Fixed bug #61548 content-type must appear at the end of headers for 201 Location to work in http.
  • XMLReader:
  • Fixed bug #51936 Crash with clone XMLReader.
  • Fixed bug #64230 XMLReader does not suppress errors.
  • Build system:
  • Fixed bug #51076 Race condition in shtool's mkdir -p implementation.
  • Fixed bug #62396 'make test' crashes starting with 5.3.14 (missing gzencode()).

New in version 5.5.4 (September 20th, 2013)

  • Core:
  • Fixed bug #60598 (cli/apache sapi segfault on objects manipulation).
  • Improved fputcsv() to allow specifying escape character.
  • Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding spaces).
  • Fixed bug #65470 (Segmentation fault in zend_error() with --enable-dtrace).
  • Fixed bug #65490 (Duplicate calls to get lineno & filename for DTRACE_FUNCTION_*).
  • Fixed bug #65225 (PHP_BINARY incorrectly set).
  • Fixed bug #62692 (PHP fails to build with DTrace).
  • Fixed bug #61759 (class_alias() should accept classes with leading backslashes).
  • Fixed bug #46311 (Pointer aliasing issue results in miscompile on gcc4.4).
  • cURL:
  • Fixed bug #65458 (curl memory leak).
  • Datetime:
  • Fixed bug #65554 (createFromFormat broken when weekday name is followed by some delimiters).
  • Fixed bug #65564 (stack-buffer-overflow in DateTimeZone stuff caught by AddressSanitizer).
  • OPCache:
  • Fixed bug #65561 (Zend Opcache on Solaris 11 x86 needs ZEND_MM_ALIGNMENT=4).
  • Openssl:
  • Fixed bug #64802 (openssl_x509_parse fails to parse subject properly in some cases).
  • Session:
  • Fixed bug #65475 (Session ID is not initialized properly when strict session is enabled).
  • Fixed bug #51127 and #65359, FR #25630/#43980/#54383 (Added php_serialize session serialize handler that uses plain serialize())
  • Standard:
  • Fix issue with return types of password API helper functions. Found via static analysis by cjones.

New in version 5.5.3 (August 23rd, 2013)

  • Openssl: Fixed UMR in fix for CVE-2013-4248.

New in version 5.5.0 RC3 (June 13th, 2013)

  • Fixed bug causing segfault in gc_zval_possible_root)
  • Fixed bug about a heap based buffer overflow in quoted_printable_encode
  • hash_pbkdf2() truncates data when using default length and hex output

New in version 5.4.16 (June 7th, 2013)

  • Core:
  • Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, CVE-2013-2110).
  • Fixed bug #64853 (Use of no longer available ini directives causes crash on TS build).
  • Fixed bug #64729 (compilation failure on x32).
  • Fixed bug #64720 (SegFault on zend_deactivate).
  • Fixed bug #64660 (Segfault on memory exhaustion within function definition).
  • Calendar:
  • Fixed bug #64895 (Integer overflow in SndToJewish).
  • Fileinfo:
  • Fixed bug #64830 (mimetype detection segfaults on mp3 file).
  • FPM:
  • Ignore QUERY_STRING when sent in SCRIPT_FILENAME.
  • Fixed some possible memory or resource leaks and possible null dereference detected by code coverity scan.
  • Log a warning when a syscall fails.
  • Add --with-fpm-systemd option to report health to systemd, and systemd_interval option to configure this. The service can now use Type=notify in the systemd unit file.
  • MySQLi:
  • Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB pointer has closed).
  • Phar:
  • Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or with non std tmp dir).
  • SNMP:
  • Fixed bug #64765 (Some IPv6 addresses get interpreted wrong).
  • Fixed bug #64159 (Truncated snmpget).
  • Streams:
  • Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() on Windows x64).
  • Zend Engine:
  • Fixed bug #64821 (Custom Exceptions crash when internal properties overridden).

New in version 5.5.0 RC2 (June 5th, 2013)

  • Fixed a bug related to segfault on memory exhaustion within function definition.
  • Fixed bug in mbstring PHPTs which would crash on Windows x64.
  • Fixed a bug where Custom Exceptions could crash when internal properties overridden.

New in version 5.5.0 Beta 1 (March 22nd, 2013)

  • Core:
  • Added Zend Opcache extension and enable building it by default. More details here: https://wiki.php.net/rfc/optimizerplus. (Dmitry)
  • Added array_column function which returns a column in a multidimensional array. https://wiki.php.net/rfc/array_column. (Ben Ramsey)
  • Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail). (Laruence)
  • Added support for changing the process's title in CLI/CLI-Server SAPIs. The implementation is more robust that the proctitle PECL module. More details here: https://wiki.php.net/rfc/cli_process_title. (Keyur)
  • Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']). (Anatol)
  • Added support for non-scalar Iterator keys in foreach (https://wiki.php.net/rfc/foreach-non-scalar-keys). (Nikita Popov)
  • mysqlnd:
  • Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc for stmt->param_bind). (Andrey)
  • DateTime:
  • Fixed bug #53437 (Crash when using unserialized DatePeriod instance). (Gustavo, Derick, Anatol)
  • Fixed bug #62852 (Unserialize Invalid Date causes crash). (Anatol)
  • SPL:
  • Implement FR #48358 (Add SplDoublyLinkedList::add() to insert an element at a given offset). (Mark Baker, David Soria Parra)
  • Zip:
  • Bug #64452 (Zip crash intermittently). (Anatol)

New in version 5.5.0 Alpha 4 (January 24th, 2013)

  • Core:
  • Fixed bug #63980 (object members get trimmed by zero bytes). (Laruence)
  • Implemented RFC for Class Name Resolution As Scalar Via "class" Keyword. (Ralph Schindler, Nikita Popov, Lars)
  • DateTime
  • Added DateTimeImmutable a variant of DateTime that only returns the modified state instead of changing itself. (Derick)
  • FPM:
  • Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam)
  • pgsql:
  • Bug #46408: Locale number format settings can cause pg_query_params to break with numerics. (asmecher, Lars)
  • dba:
  • Bug #62489: dba_insert not working as expected. (marc-bennewitz at arcor dot de, Lars)
  • Reflection:
  • Fixed bug #64007 (There is an ability to create instance of Generator by hand). (Laruence)

New in version 5.4.10 (December 20th, 2012)

  • Core:
  • Fixed bug #63635 (Segfault in gc_collect_cycles)(Dmitry)
  • Fixed bug #63512 (parse_ini_file() with INI_SCANNER_RAW removes quotes from value)(Pierrick)
  • Fixed bug #63468 (wrong called method as callback with inheritance)(Laruence)
  • Fixed bug #63451 (config.guess file does not have AIX 7 defined, shared objects are not created)(kemcline at au1 dot ibm dot com)
  • Fixed bug #61557 (Crasher in tt-rss backend.php)(i dot am dot jack dot mail at gmail dot com)
  • Fixed bug #61272 (ob_start callback gets passed empty string)(Mike, casper at langemeijer dot eu)
  • Date:
  • Fixed bug #63666 (Poor date() performance)(Paul Talborg).
  • Fixed bug #63435 (Datetime::format('u') sometimes wrong by 1 microsecond)(Remi)
  • Imap:
  • Fixed bug #63126 (DISABLE_AUTHENTICATOR ignores array)(Remi)
  • Json:
  • Fixed bug #63588 (use php_next_utf8_char and remove duplicate implementation)(Remi)
  • MySQLi:
  • Fixed bug #63361 (missing header)(Remi)
  • MySQLnd:
  • Fixed bug #63398 (Segfault when polling closed link)(Laruence)
  • Fileinfo:
  • Fixed bug #63590 (Different results in TS and NTS under Windows)(Anatoliy)
  • FPM:
  • Fixed bug #63581 Possible null dereference and buffer overflow (Remi)
  • Pdo_sqlite:
  • Fixed Bug #63149 getColumnMeta should return the table name when system SQLite used(Remi)
  • Apache2 Handler SAPI:
  • Enabled Apache 2.4 configure option for Windows (Pierre, Anatoliy)
  • Reflection:
  • Fixed Bug #63614 (Fatal error on Reflection)(Laruence)
  • SOAP:
  • Fixed bug #63271 (SOAP wsdl cache is not enabled after initial requests)(John Jawed, Dmitry)
  • Sockets:
  • Fixed bug #49341 (Add SO_REUSEPORT support for socket_set_option())(Igor Wiedler, Lars)

New in version 5.4.9 (November 23rd, 2012)

  • These releases fix over 15 bugs. All users of PHP are encouraged to upgrade to PHP 5.4.9, or at least 5.3.19.

New in version 5.4.8 (October 19th, 2012)

  • Fixed bug #63111 (is_callable() lies for abstract static method)
  • Fixed bug #61442 (exception threw in __autoload can not be catched

New in version 5.4.5 (July 20th, 2012)

  • Core:
  • Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
  • Fixed bug #62432 (ReflectionMethod random corrupt memory on high concurrent)
  • Fixed bug #62373 (serialize() generates wrong reference to the object).
  • Fixed bug #62357 (compile failure: (S) Arguments missing for built-in function __memcmp)
  • Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution)
  • Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon)
  • Fixed potential overflow in _php_stream_scandir (CVE-2012-2688)
  • EXIF:
  • Fixed information leak in ext exi
  • FPM:
  • Fixed bug #62205 (php-fpm segfaults (null passed to strstr)
  • Fixed bug #62160 (Add process.priority to set nice(2) priorities)
  • Fixed bug #62153 (when using unix sockets, multiples FPM instances)
  • Fixed bug #62033 (php-fpm exits with status 0 on some failures to start)
  • Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm)
  • Fixed bug #61835 (php-fpm is not allowed to run as root)
  • Fixed bug #61295 (php-fpm should not fail with commented 'user'
  • Fixed bug #61218 (FPM drops connection while receiving some binary values in FastCGI requests)
  • Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat) for non-root start)
  • Fixed bug #61026 (FPM pools can listen on the same address). (fat) can be launched without errors)
  • Iconv:
  • Fixed bug #55042 (Erealloc in iconv.c unsafe)
  • Intl:
  • Fixed bug #62083 (grapheme_extract() memory leaks)
  • Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called twice)
  • Fixed bug #62070 (Collator::getSortKey() returns garbage)
  • Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks pattern)
  • Fixed bug #60785 (memory leak in IntlDateFormatter constructor)
  • ResourceBundle constructor now accepts NULL for the first two arguments
  • JSON:
  • Fixed bug #61359 (json_encode() calls too many reallocs)
  • libxml:
  • Fixed bug #62266 (Custom extension segfaults during xmlParseFile with FPM SAPI)
  • Phar:
  • Fixed bug #62227 (Invalid phar stream path causes crash)
  • Readline:
  • Fixed bug #62186 (readline fails to compile - void function should not return a value)
  • Reflection:
  • Fixed bug #62384 (Attempting to invoke a Closure more than once causes segfault)
  • Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks with constant)
  • Sockets:
  • Fixed bug #62025 (__ss_family was changed on AIX 5.3)
  • SPL:
  • Fixed bug #62433 (Inconsistent behavior of RecursiveDirectoryIterator to dot files)
  • Fixed bug #62262 (RecursiveArrayIterator does not implement Countable)
  • XML Writer:
  • Fixed bug #62064 (memory leak in the XML Writer module)
  • Zip:
  • Upgraded libzip to 0.10.

New in version 5.4.4 (June 15th, 2012)

  • The release fixes multiple security issues: A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension
  • PHP 5.4.4 and PHP 5.3.14 fixes over 30 bugs. Please note that the use of php://fd streams is now restricted to the CLI SAPI

New in version 5.4.0 (March 2nd, 2012)

  • Some of the key new features include: traits, a shortened array syntax, a built-in webserver for testing purposes and more. PHP 5.4.0 significantly improves performance, memory footprint and fixes over 100 bugs.

New in version 5.3.10 (February 3rd, 2012)

  • Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830.

New in version 5.4 RC5 (January 8th, 2012)

  • Core:
  • Fixed bug #60613 (Segmentation fault with $cls->{expr}() syntax). (Dmitry)
  • Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax). (Laruence)
  • Fixed bug #55871 (Interruption in substr_replace()). (Stas)
  • Fixed bug #60627 (httpd.worker segfault on startup with php_value). (Laruence)
  • SAPI:
  • Fixed bug #55500 (Corrupted $_FILES indices lead to security concern). (Stas)
  • Fixed bug #54374 (Insufficient validating of upload name leading to
  • corrupted $_FILES indices). (Stas, lekensteyn at gmail dot com)
  • CLI SAPI:
  • Fixed bug #60591 (Memory leak when access a non-exists file). (Laruence)
  • Intl:
  • Fixed build on Fedora 15 / Ubuntu 11. (Hannes)
  • PHP-FPM SAPI:
  • Fixed bug #60629 (memory corruption when web server closed the fcgi fd). (fat)
  • Fixed bug #60659 (FPM does not clear auth_user on request accept). (bonbons at linux-vserver dot org)
  • Improved Session extension:
  • Fixed bug #60640 (invalid return values). (Arpad)
  • Implement

New in version 5.4 RC4 (December 28th, 2011)

  • Added max_input_vars directive to prevent attacks based on hash collisions
  • Fixed a segfault in the traits code

New in version 5.3.3 (July 23rd, 2010)

  • Security Enhancements and Fixes in PHP 5.3.3:
  • Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).
  • Fixed a possible resource destruction issues in shm_put_var().
  • Fixed a possible information leak because of interruption of XOR operator.
  • Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.
  • Fixed a possible memory corruption in ArrayObject::uasort().
  • Fixed a possible memory corruption in parse_str().
  • Fixed a possible memory corruption in pack().
  • Fixed a possible memory corruption in substr_replace().
  • Fixed a possible memory corruption in addcslashes().
  • Fixed a possible stack exhaustion inside fnmatch().
  • Fixed a possible dechunking filter buffer overflow.
  • Fixed a possible arbitrary memory access inside sqlite extension.
  • Fixed string format validation inside phar extension.
  • Fixed handling of session variable serialization on certain prefix characters.
  • Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
  • Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
  • Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.
  • Fixed possible buffer overflows when handling error packets in mysqlnd.
  • Key enhancements in PHP 5.3.3 include:
  • Upgraded bundled sqlite to version 3.6.23.1.
  • Upgraded bundled PCRE to version 8.02.
  • Added FastCGI Process Manager (FPM) SAPI.
  • Added stream filter support to mcrypt extension.
  • Added full_special_chars filter to ext/filter.
  • Fixed a possible crash because of recursive GC invocation.
  • Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
  • Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
  • Fixed bug #52060 (Memory leak when passing a closure to method_exists()).
  • Fixed bug #52001 (Memory allocation problems after using variable variables).
  • Fixed bug #51723 (Content-length header is limited to 32bit integer with Apache2 on Windows).
  • Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3).

New in version 5.3.2 (March 5th, 2010)

  • Security Enhancements and Fixes in PHP 5.3.2:
  • Improved LCG entropy. (Rasmus, Samy Kamkar)
  • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
  • Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
  • Key Bug Fixes in PHP 5.3.2 include:
  • Added support for SHA-256 and SHA-512 to php's crypt.
  • Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check.
  • Fixed bug #51059 (crypt crashes when invalid salt are given).
  • Fixed bug #50940 Custom content-length set incorrectly in Apache sapis.
  • Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long).
  • Fixed bug #50723 (Bug in garbage collector causes crash).
  • Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16).
  • Fixed bug #50632 (filter_input() does not return default value if the variable does not exist).
  • Fixed bug #50540 (Crash while running ldap_next_reference test cases).
  • Fixed bug #49851 (http wrapper breaks on 1024 char long headers).

New in version 5.3.2 RC1 (December 23rd, 2009)

  • Upgraded bundled sqlite to version 3.6.21. (Ilia)
  • Upgraded bundled PCRE to version 8.00. (Scott)
  • Changed gmp_strval() to use full range from 2 to 62, and -2 to -36. FR #50283 (David Soria Parra)
  • Changed "post_max_size" php.ini directive to allow unlimited post size by setting it to 0. (Rasmus)
  • Added INTERNALDATE support to imap_append. (nick at mailtrust dot com)
  • Added support for SHA-256 and SHA-512 to php's crypt. (Pierre)
  • Added realpath_cache_size() and realpath_cache_get() functions. (Stas)
  • Added FILTER_FLAG_STRIP_BACKTICK option to the filter extension. (Ilia)
  • Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check. (Stas)
  • Added LIBXML_PARSEHUGE constant to override the maximum text size of a single text node when using libxml2.7.3+. (Kalle)
  • Added ReflectionMethod::setAccessible() for invoking non-public methods through the Reflection API. (Sebastian)
  • Added Collator::getSortKey for intl extension. (Stas)
  • Added support for CURLOPT_POSTREDIR. FR #49571. (Sriram Natarajan)
  • Added support for CURLOPT_CERTINFO. FR #49253. (Linus Nielsen Feltzing )
  • Added client-side server name indication support in openssl. (Arnaud)
  • Improved fix for bug #50006 (Segfault caused by uksort()). (Stas)
  • Fixed mysqlnd hang when queries exactly 16777214 bytes long are sent. (Andrey)
  • Fixed incorrect decoding of 5-byte BIT sequences in mysqlnd. (Andrey)
  • Fixed error_log() to be binary safe when using message_type 3. (Jani)
  • Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan)
  • Fixed memory leak in extension loading when an error occurs on Windows. (Pierre)
  • Fixed bug #50540 (Crash while running ldap_next_reference test cases). (Sriram)
  • Fixed bug #50508 (compile failure: Conflicting HEADER type declarations). (Jani)
  • Fixed bug #50496 (Use of is valid only in a c99 compilation environment. (Sriram)
  • Fixed bug #50464 (declare encoding doesn't work within an included file). (Felipe)
  • Fixed bug #50458 (PDO::FETCH_FUNC fails with Closures). (Felipe, Pierrick)
  • Fixed bug #50445 (PDO-ODBC stored procedure call from Solaris 64-bit causes seg fault). (davbrown4 at yahoo dot com, Felipe)
  • Fixed bug #50394 (Reference argument converted to value in __call). (Stas)
  • Fixed bug #50351 (performance regression handling objects, ten times slower in 5.3 than in 5.2). (Dmitry)
  • Fixed bug #50392 (date_create_from_format() enforces 6 digits for 'u' format character). (Ilia)
  • Fixed bug #50345 (nanosleep not detected properly on some solaris versions). (Jani)
  • Fixed bug #50340 (php.ini parser does not allow spaces in ini keys). (Jani)
  • Fixed bug #50334 (crypt ignores sha512 prefix). (Pierre)
  • Fixed bug #50323 (Allow use of ; in values via ;; in PDO DSN). (Ilia, Pierrick)
  • Fixed bug #50285 (xmlrpc does not preserve keys in encoded indexed arrays). (Felipe)
  • Fixed bug #50282 (xmlrpc_encode_request() changes object into array in calling function). (Felipe)
  • Fixed bug #50267 (get_browser(null) does not use HTTP_USER_AGENT). (Jani)
  • Fixed bug #50266 (conflicting types for llabs). (Jani)
  • Fixed bug #50261 (Crash When Calling Parent Constructor with call_user_func()). (Dmitry)
  • Fixed bug #50255 (isset() and empty() silently casts array to object). (Felipe)
  • Fixed bug #50240 (pdo_mysql.default_socket in php.ini shouldn't used if it is empty). (foutrelis at gmail dot com, Ilia)
  • Fixed bug #50231 (Socket path passed using --with-mysql-sock is ignored when mysqlnd is enabled). (Jani)
  • Fixed bug #50219 (soap call Segmentation fault on a redirected url). (Pierrick)
  • Fixed bug #50212 (crash by ldap_get_option() with LDAP_OPT_NETWORK_TIMEOUT). (Ilia, shigeru_kitazaki at cybozu dot co dot jp)
  • Fixed bug #50209 (Compiling with libedit cannot find readline.h). (tcallawa at redhat dot com)
  • Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia)
  • Fixed bug #50196 (stream_copy_to_stream() produces warning when source is not file). (Stas)
  • Fixed bug #50195 (pg_copy_to() fails when table name contains schema. (Ilia)
  • Fixed bug #50185 (ldap_get_entries() return false instead of an empty array when there is no error). (Jani)
  • Fixed bug #50174 (Incorrectly matched docComment). (Felipe)
  • Fixed bug #50168 (FastCGI fails with wrong error on HEAD request to non-existant file). (Dmitry)
  • Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe)
  • Fixed bug #50159 (wrong working directory in symlinked files). (Dmitry)
  • Fixed bug #50158 (FILTER_VALIDATE_EMAIL fails with valid addresses containing = or ?). (Pierrick)
  • Fixed bug #50152 (ReflectionClass::hasProperty behaves like isset() not property_exists). (Felipe)
  • Fixed bug #50146 (property_exists: Closure object cannot have properties). (Felipe)
  • Fixed bug #50145 (crash while running bug35634.phpt). (Felipe)
  • Fixed bug #50140 (With default compilation option, php symbols are unresolved for nsapi). (Uwe Schindler)
  • Fixed bug #50087 (NSAPI performance improvements). (Uwe Schindler)
  • Fixed bug #50073 (parse_url() incorrect when ? in fragment). (Ilia)
  • Fixed bug #50023 (pdo_mysql doesn't use PHP_MYSQL_UNIX_SOCK_ADDR). (Ilia)
  • Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe)
  • Fixed bug #49990 (SNMP3 warning message about security level printed twice). (Jani)
  • Fixed bug #49985 (pdo_pgsql prepare() re-use previous aborted transaction). (ben dot pineau at gmail dot com, Ilia, Matteo)
  • Fixed bug #49938 (Phar::isBuffering() returns inverted value). (Greg)
  • Fixed bug #49936 (crash with ftp stream in php_stream_context_get_option()). (Pierrick)
  • Fixed bug #49921 (Curl post upload functions changed). (Ilia)
  • Fixed bug #49866 (Making reference on string offsets crashes PHP). (Dmitry)
  • Fixed bug #49855 (import_request_variables() always returns NULL). (Ilia, sjoerd at php dot net)
  • Fixed bug #49851, #50451 (http wrapper breaks on 1024 char long headers). (Ilia)
  • Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning). (Ilia, wmeler at wp-sa dot pl)
  • Fixed bug #49719 (ReflectionClass::hasProperty returns true for a private property in base class). (Felipe)
  • Fixed bug #49677 (ini parser crashes with apache2 and using ${something} ini variables). (Jani)
  • Fixed bug #49660 (libxml 2.7.3+ limits text nodes to 10MB). (Felipe)
  • Fixed bug #49647 (DOMUserData does not exist). (Rob)
  • Fixed bug #49521 (PDO fetchObject sets values before calling constructor). (Pierrick)
  • Fixed bug #49472 (Constants defined in Interfaces can be overridden). (Felipe)
  • Fixed bug #49244 (Floating point NaN cause garbage characters). (Sjoerd)
  • Fixed bug #49224 (Compile error due to old DNS functions on AIX systems). (Scott)
  • Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe)
  • Fixed bug #47848 (importNode doesn't preserve attribute namespaces). (Rob)
  • Fixed bug #46478 (htmlentities() uses obsolete mapping table for character entity references). (Moriyoshi)
  • Fixed bug #45599 (strip_tags() truncates rest of string with invalid attribute). (Ilia, hradtke)
  • Fixed bug #45120 (PDOStatement->execute() returns true then false for same statement). (Pierrick)
  • Fixed bug #34852 (Failure in odbc_exec() using oracle-supplied odbc driver). (tim dot tassonis at trivadis dot com)

New in version 5.2.8 (December 9th, 2008)

  • The PHP development team would like to announce the immediate availability of PHP 5.2.8. This release addresses a regression introduced by 5.2.7 inregard to the magic_quotes functionality, that was broken by an incorrect fix to the filter extension. All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively you can apply a work-around for the bug by changing "filter.default_flags=0" in php.ini.