Hello!
The PHP development team would like to announce the immediate
availability of PHP 5.3.2. This release focuses on improving the
stability of the PHP 5.3.x branch with over 70 bug fixes, some of which
are security related. All users of PHP are encouraged to upgrade to
this release.
Security Enhancements and Fixes in PHP 5.3.2:
* Improved LCG entropy. (Rasmus, Samy Kamkar)
* Fixed safe_mode validation inside tempnam() when the directory
path does not end with a /). (Martin Jansen)
* Fixed a possible open_basedir/safe_mode bypass in the session
extension identified by Grzegorz Stachowiak. (Ilia)
Key enhancements in PHP 5.3.2 include:
* Improved LCG entropy. (Rasmus, Samy Kamkar)
* Added support for SHA-256 and SHA-512 to php's crypt. (Pierre)
* Added protection for $_SESSION from interrupt corruption and
improved "session.save_path" check. (Stas)
* Fixed bug #51059 (crypt crashes when invalid salt are given).
(Pierre)
* Fixed bug #50940 Custom content-length set incorrectly in Apache
sapis. (Brian France, Rasmus)
* Fixed bug #50847 (strip_tags() removes all tags greater then 1023
bytes long). (Ilia)
* Fixed bug #50723 (Bug in garbage collector causes crash). (Dmitry)
* Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16). (Rob)
* Fixed bug #50632 (filter_input() does not return default value if
the variable does not exist). (Ilia)
* Fixed bug #50540 (Crash while running ldap_next_reference test
cases). (Sriram)
* Fixed bug #49851 (http wrapper breaks on 1024 char long headers).
(Ilia)
Over 60 other bug fixes.
Full release announcement:
http://www.php.net/archive/2010.php#id2010-03-04-1
Downloads:
Source: http://php.net/downloads.php
Windows: http://windows.php.net/download/
ChangeLog:
http://www.php.net/ChangeLog-5.php#5.3.2
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
