-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The PHP development team is proud to announce the release of PHP
5.1.3. This release combines a few feature enhancements with a
significant amount of bug fixes and resolves a number of security
issues. All PHP users are encouraged to upgrade to this release as
soon as possible.
The security issues resolved include the following:
Disallow certain characters in session names.
Fixed a buffer overflow inside the wordwrap() function.
Prevent jumps to parent directory via the 2nd parameter of
the tempnam() function.
Enforce safe_mode for the source parameter of the copy()
function.
Fixed cross-site scripting inside the phpinfo() function.
Fixed offset/length parameter validation inside the
substr_compare() function.
Fixed a heap corruption inside the session extension.
Fixed a bug that would allow variable to survive unset().
The feature enhancements include the following notables:
The use of the var keyword to declare properties no longer
raises a deprecation E_STRICT.
FastCGI interface was completely reimplemented.
Multitude of improvements to the SPL, SimpleXML, GD, CURL
and Reflection extensions.
Support for many additional date formats added to the
strtotime() function.
A number of performance improvements added to the engine the
core extensions.
Added imap_savebody() that allows message body to be written
to a file.
Added lchown() and lchgrp() to change user/group ownership
of symlinks.
Upgraded bunbled PCRE library to version 6.6
The release also includes over 120 bug fixes with a focus on:
Make auto_globals_jit work without too many INI changes.
Fixed tiger hash algorithm generating wrong results on big
endian platforms.
Fixed a number of errors in the SOAP extension.
Fixed recursion handling in the serialize() functionality.
Make is_*() function account of open_basedir restrictions.
Fixed a number of crashes in the DOM and PDO extensions.
Addressed a number of regressions in the strtotime() extension.
Make memory_limit work in Win32 systems.
Fixed a deadlock in the sqlite extension caused by the
sqlite_fetch_column_types() function.
Fixed memory leaks in the realpath() cache.
The full details of the changes in PHP 5.1.3 can be found here:
http://www.php.net/ChangeLog-5.php#5.1.3
PHP Development Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFEVqDILKekh381/CERAg1MAJ9xba05M+yEji9F7/VOTqISRVdeKACeI7jc
VWcbkqx3Bz+47Mq052kLfFI=
=xKvW
-----END PGP SIGNATURE-----
--
PHP Announcements Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
