|
|
|
The PHP development team would like to announce the immediateavailability of PHP 5.2.9. This release focuses on improving the stability ofthe PHP 5.2.x branch with over 50 bug fixes, several of which are security related.All users of PHP are encouraged to upgrade to this release.Security Enhancements and Fixes in PHP 5.2.9:Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. Reported by Hamid Ebadi, APA Laboratory (Fixes CVE-2008-5498). (Scott)Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre)Fixed explode() behavior with empty string to respect negative limit. (Shire)Fixed a segfault when malformed string is passed to json_decode(). (Scott)Further details about the PHP 5.2.9 can be found in the release announcement for 5.2.9 the full list of changes is available in the ChangeLog for PHP 5.
|
|
|
Full View / NID: 27219 / Submitted by: The Zilla of Zuron
|
|
|
Due to unfortunate circumstances Windows binaries for PECL extensions will no longer be available on http://pecl4win.php.net.Work is being done to incorporate Windows binaries for PECL extensions into pecl.php.net and will hopefully be ready early 2009If anyone is interested in the project please join the PHP Windows Development mailinglist.
|
|
|
Full View / NID: 25893 / Submitted by: The Zilla of Zuron
|
|
|
Due to a security bug found in the PHP 5.2.7 release, it has been removed from distribution. The bug affects configurations where magic_quotes_gpc is enabled, because it remains off even when set to on. In the meantime, use PHP 5.2.6 until PHP 5.2.8 is later released.
|
|
|
Full View / NID: 25831 / Submitted by: The Zilla of Zuron
|
|
|
The PHP development team would like to announce the immediate availability of PHP 5.2.8. This release addresses a regression introduced by 5.2.7 inregard to the magic_quotes functionality, that was broken by an incorrect fix to the filter extension. All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively you can apply a work-around for the bug by changing "filter.default_flags=0" in php.ini.
|
|
|
Full View / NID: 25830 / Submitted by: The Zilla of Zuron
|
|
|
December is a busy and exciting time of the year. PHP Advent is an attempt to capture and share doses of wisdom from a few of the people in the PHP community who have been kind enough to share their thoughts and tips. Please join us on our daily journey by subscribing to our feed or following us on Twitter. Happy holidays.
|
|
|
Full View / NID: 25767 / Submitted by: The Zilla of Zuron
|
|
|
The PHP development team is proud to announce the third alpha release of the upcoming PHP 5.3.0 minor version update of PHP. Several new features have already been documented in the official documentation, others are listed on the wiki in preparation of getting documented. It is imperative that more people join the effort to complete the documentation for PHP 5.3.0. Please also review the NEWS file.THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION!The purpose of this alpha release is to encourage users to not only actively participate in identifying bugs, but also in ensuring that all new features or necessary backwards compatibility breaks are noted in the documentation. Please report any findings to the QA mailinglist or the bug tracker.There have been a great number of other additions and improvements since the last alpha, but here is a short overview of the most important changes:Namespaces (documentation has been updated to the current state)Rounding behaviorext/msql has been removed, while ext/ereg will now raise E_DEPRECATED noticesext/mhash has been replaced by ext/hash but full BC is maintainedPHP now uses cc as the default compiler, instead of gccA number of bug fixes to ext/pdo, ext/soap, the stream layer among othersSeveral under the hood changes also require in depth testing with existing applications to ensure that any backwards compatibility breaks are minimized.The current release plan expects a stable release sometime around the end of Q1 2009.
|
|
|
Full View / NID: 25766 / Submitted by: The Zilla of Zuron
|
|
|
The PHP development team would like to announce the immediate availability of PHP 4.4.9. It continues to improve the security and the stability of the 4.4 branch and all users are strongly encouraged to upgrade to it as soon as possible. This release wraps up all the outstanding patches for the PHP 4.4 series, and is therefore the last PHP 4.4 release.Security Enhancements and Fixes in PHP 4.4.9:Updated PCRE to version 7.7.Fixed overflow in memnstr().Fixed crash in imageloadfont when an invalid font is given.Fixed open_basedir handling issue in the curl extension.Fixed mbstring.func_overload set in .htaccess becomes global. For a full list of changes in PHP 4.4.9, see the ChangeLog.
|
|
|
Full View / NID: 23475 / Submitted by: The Zilla of Zuron
|
|
|
The PHP development team is proud to announce the first alpha release (Windows binaries will appear in the next few days) of the upcoming minor version update of PHP. The new version PHP 5.3 is expected to improve stability and performance as well as add new language syntax and extensions. Several new features have already been documented in the official documentation, others are listed on the wiki in preparation of getting documented. Please also review the NEWS file.THIS IS A DEVELEOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION!The purpose of this alpha release is to encourage users to not only actively participate in identifying bugs, but also in ensuring that all new features or necessary backwards compatibility breaks are noted in the documentation. Please report any findings to the QA mailinglist or the bug tracker.There have been a great number of other additions and improvements, but here is a short overview of the most important changes:Namespaces (documentation maybe out dated)Late static binding and __callStaticLambda functions and closuresAddition of the intl, phar (phar is scheduled for some more work a head of alpha2), fileinfo and sqlite3 extensionsOptional cyclic garbage collectionOptional support for the MySQLnd replacement driver for libmysqlWindows older than Windows 2000 (Windows 98, NT4, etc.) are not supported anymore (details)New syntax features like NOWDOC, limited GOTO, ternary short cut "?:"Several under the hood changes also require in depth testing with existing applications to ensure that any backwards compatibility breaks are minimized. This is especially important for users that require the undocumented Zend engine multibyte support.The current release plan states that there will be alpha/beta/RC releases in 2-3 week intervals with an expected stable release of PHP 5.3 between mid September and mid October of 2008.
|
|
|
Full View / NID: 23368 / Submitted by: The Zilla of Zuron
|
|
|
Overall 158 tests have been submitted as part of TestFest 2008 since the launch of the TestFest submission site by 30 different people from people all over the world. Actually this is not counting the various submissions by existing core developers, who also took this opportunity to add some more tests. This has actually increased total test coverage by about 10%. While the organization of the TestFest was a bit adhoc, there were numerous TestFest events in local user groups. So the number of people exposed to the PHP test framework is much greater. Hopefully this will lead to more people submitting bug reports with an accompanying phpt test file!Our top submitter Felix De Vliegher has actually committed his last submissions himself since, based on the high quality of his submissions, he has been granted commit rights to the PHP repository. We have not heard back from all participants, but we encourage everybody to blog about their experience and provide us with feedback on how to improve future events.Now better late than never, here are the 10 winners of the promised elePHPant raffle sponsored by Nexen. Note that Felix asked me not to include him in the raffle, since he is already herding quite a number of elePHPants at home.Eric StewartHåvard EideMarc VeldmanMichelangelo van DamRein VeltRob YoungSami GreenburySebastian DeutschSebastian SchürmannStefan KoopmanschapWe will provide Nexen with the email addresses of the winners, so that they can arrange to get the elePHPants shipped. Also for those people wondering, you can continue to submit tests on the TestFest submission site. A bit thank you to all participants and TestFest organizers! Without the countless people that helped organize local events, implement the infrastructure and submissions reviewers, the TestFest would have obviously not worked out as well as it has. We will surely do similar events in the future based on the big success of TestFest 2008.
|
|
|
Full View / NID: 23319 / Submitted by: The Zilla of Zuron
|
|
|
A few weeks ago the manual was restructured to improve navigation and make room for per-extension chapters and usage examples along with improved documentation for object oriented extensions. The most noticable changes are the function reference, predefined variables, context options and parameters and predefined exceptions manual pages, for which we would really appreciate feedback on. The upcomming PHP5.3 release introduces several major features such as namespaces, closures, late static bindings, internationalization functions, INI sections, and Phar among others. We would really appreciate any and all help we can get improving the documentation. In related news, the manual was relicensed recently and is now covered by the CreativeCommons Attribution license.
|
|
|
Full View / NID: 23320 / Submitted by: The Zilla of Zuron
|
|
|
The PHP development team would like to announce the immediateavailability of PHP 5.2.6. This release focuses on improving the stability ofthe PHP 5.2.x branch with over 120 bug fixes, several of which are security related.All users of PHP are encouraged to upgrade to this release. Further details about the PHP 5.2.6 release can be found in the release announcement for 5.2.6, the full list of changes is available in the ChangeLog for PHP 5.Security Enhancements and Fixes in PHP 5.2.6:Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.Upgraded bundled PCRE to version 7.6
|
|
|
Full View / NID: 21729 / Submitted by: The Spirit of Zuron
|
|
|
The PHP team is once again proud to participate in the Google Summer of Code. Ten students will "flip bits instead of burgers" this summer: Zend LLVM Extension by JoonasGovenius, mentored by NunoLopes PHP Optimizer by SamuelGraham Kelly IV, mentored by DerickRethans PhD Improvements and Updates by NicholasSloan, mentored by HannesMagnusson Replace auto* with CMake by Alejandro LeivaRojas, mentored by Pierre A.Joye gsoc:2008 - XDebug by Chung-YangLee, mentored by DavidCoallier Rewrite the run-tests.php script by CesarMontedonico, mentored by TravisSwicegood PHP Bindings for Cairo by AkshatGupta, mentored by AnantNarayanan Algorithm Optimizations by MichalDziemianko, mentored by ScottMacVicar PECL, Website Improvements by BarryCarlyon, mentored by Helgi ÞormarÞorbjörnsson Implement Unicode into PHP 6 by Henrique do NascimentoAngelo, mentored by ScottMacVicar
|
|
|
Full View / NID: 21562 / Submitted by: The Spirit of Zuron
|
|
|
The PHP-QA team would like to announce the TestFest for the month of May 2008. The TestFest is an event that aims at improving the code coverage of the test suite for the PHP language itself. As part of this event, local User Groups (UG) are invited to join the TestFest. These UGs can meet physically or come together virtually. The point however is that people network to learn together. Aside from being an opportunity for all of you to make friends with like minded people in your (virtual) community, it also will hopefully reduce the work load for the PHP.net mentors.All it takes is someone to organize a UG to spearhead the event and to get others involved in writing phpt tests. The submissions will then be reviewed by members of php.net before getting included in the official test suite. Please visit the TestFest homepage to get additional details on the TestFest on how to get involved, either as a UG or by setting up the necessary infrastructure.
|
|
|
Full View / NID: 21197 / Submitted by: The Spirit of Zuron
|
|
|
Once again we are glad to announce that we have been accepted to be a Google Summer of Code project. See our program for this year's GSoC.We would like to take this opportunity to say thanks to Google Inc. for this privilege to participate once again, and would like to invite everyone to look at our list of ideas: http://wiki.php.net/gsoc/2008.Students are of course more than welcome to come up with their own ideas for their proposals and we will consider each and every application that we will receive.So once again, thanks to everyone who is involved in this magnificent journey and we hope to see many of you great students and open source passionate join us in our most enjoyable Google Summer of Code projects.
|
|
|
Full View / NID: 21061 / Submitted by: The Spirit of Zuron
|
|
|
The PHP development team would like to announce the immediate availability of PHP 4.4.8. It continues to improve the security and the stability of the 4.4 branch and all users are strongly encouraged to upgrade to it as soon as possible. This release wraps up all the outstanding patches for the PHP 4.4 series, and is therefore the last normal PHP 4.4 release. If necessary, releases to address security issues could be made until 2008-08-08. Security Enhancements and Fixes in PHP 4.4.8:Improved fix for MOPB-02-2007.Fixed an integer overflow inside chunk_split(). Identified by Gerhard Wagner.Fixed integer overlow in str[c]spn().Fixed regression in glob when open_basedir is on introduced by #41655 fix.Fixed money_format() not to accept multiple %i or %n tokens.Addded "max_input_nesting_level" php.ini option to limit nesting level of input variables. Fix for MOPB-03-2007.Fixed INFILE LOCAL option handling with MySQL - now not allowed when open_basedir or safe_mode is active.Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378). For a full list of changes in PHP 4.4.8, see the ChangeLog.
|
|
|
Full View / NID: 19789 / Submitted by: The Spirit of Zuron
|
|
|
The PHP development team would like to announce the immediate availability of PHP 5.2.5. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release. Further details about the PHP 5.2.5 release can be found in the release announcement for 5.2.5, the full list of changes is available in the ChangeLog for PHP 5.Security Enhancements and Fixes in PHP 5.2.5:Fixed dl() to only accept filenames. Reported by Laurent Gaffie.Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus LerdorfFixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.5.
|
|
|
Full View / NID: 18982 / Submitted by: The Spirit of Zuron
|
|
|
The PHP documentation team is pleased to announce the initial release of the new build system that generates the PHP Manual. Written in PHP, PhD ([PH]P based [D]ocBook renderer) builds are now available for viewing at docs.php.net. Everyone is encouraged to test and use this system so that bugs will be found and squashed. Once the new build system is stable, expect additional changes to the PHP manual that will include an improved navigation system and styling for OOP documentation. Feel free to set this developmental mirror as your default by using my.php.
|
|
|
Full View / NID: 18392 / Submitted by: The Spirit of Zuron
|
|
|
The PHP development team would like to announce the immediate availability of PHP 5.2.4. This release focuses on improving the stability of the PHP 5.2.X branch with over 120 various bug fixes in addition to resolving several low priority security bugs. All users of PHP are encouraged to upgrade to this release.
|
|
|
Full View / NID: 17594 / Submitted by: The Spirit of Zuron
|
|
|
Today it is exactly three years ago since PHP 5 has been released. In those three years it has seen many improvements over PHP 4. PHP 5 is fast, stable & production-ready and as PHP 6 is on the way, PHP 4 will be discontinued. The PHP development team hereby announces that support for PHP 4 will continue until the end of this year only. After 2007-12-31 there will be no more releases of PHP 4.4. We will continue to make critical security fixes available on a case-by-case basis until 2008-08-08. Please use the rest of this year to make your application suitable to run on PHP 5. For documentation on migration for PHP 4 to PHP 5, we would like to point you to our migration guide. There is additional information available in the PHP 5.0 to PHP 5.1 and PHP 5.1 to PHP 5.2 migration guides as well.
|
|
|
Full View / NID: 16817 / Submitted by: The Spirit of Zuron
|
|
|
The PHP development team would like to announce the immediate availability of PHP 5.2.3. This release continues to improve the security and the stability of the 5.X branch as well as addressing two regressions introduced by the previous 5.2 releases. These regressions relate to the timeout handling over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in certain conditions. All users are encouraged to upgrade to this release. Further details about the PHP 5.2.3 release can be found in the release announcement for 5.2.3, the full list of changes is available in the ChangeLog for PHP 5. Security Enhancements and Fixes in PHP 5.2.3:Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.Added mysql_set_charset() to allow runtime altering of connection encoding. For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.3.
|
|
|
Full View / NID: 16435 / Submitted by: The Spirit of Zuron
|
|
; void('');){kind=link}
