|
|
|
The PHP development team would like to announce the immediate availability of PHP 5.2.4. This release focuses on improving the stability of the PHP 5.2.X branch with over 120 various bug fixes in addition to resolving several low priority security bugs. All users of PHP are encouraged to upgrade to this release.
|
|
|
Full View / NID: 17594 / Submitted by: The Spirit of Zuron
|
|
|
Today it is exactly three years ago since PHP 5 has been released. In those three years it has seen many improvements over PHP 4. PHP 5 is fast, stable & production-ready and as PHP 6 is on the way, PHP 4 will be discontinued. The PHP development team hereby announces that support for PHP 4 will continue until the end of this year only. After 2007-12-31 there will be no more releases of PHP 4.4. We will continue to make critical security fixes available on a case-by-case basis until 2008-08-08. Please use the rest of this year to make your application suitable to run on PHP 5. For documentation on migration for PHP 4 to PHP 5, we would like to point you to our migration guide. There is additional information available in the PHP 5.0 to PHP 5.1 and PHP 5.1 to PHP 5.2 migration guides as well.
|
|
|
Full View / NID: 16817 / Submitted by: The Spirit of Zuron
|
|
|
The PHP development team would like to announce the immediate availability of PHP 5.2.3. This release continues to improve the security and the stability of the 5.X branch as well as addressing two regressions introduced by the previous 5.2 releases. These regressions relate to the timeout handling over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in certain conditions. All users are encouraged to upgrade to this release. Further details about the PHP 5.2.3 release can be found in the release announcement for 5.2.3, the full list of changes is available in the ChangeLog for PHP 5. Security Enhancements and Fixes in PHP 5.2.3:Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.Added mysql_set_charset() to allow runtime altering of connection encoding. For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.3.
|
|
|
Full View / NID: 16435 / Submitted by: The Spirit of Zuron
|
|
|
The PHP development team would like to announce the immediate availability of PHP 5.2.2 and availability of PHP 4.4.7. These releases are major stability and security enhancements of the 5.x and 4.4.x branches, and all users are strongly encouraged to upgrade to it as soon as possible. Further details about the PHP 5.2.2 release can be found in the release announcement for 5.2.2, the full list of changes is available in the ChangeLog for PHP 5. Details about the PHP 4.4.7 release can be found in the release announcement for 4.4.7, the full list of changes is available in the ChangeLog for PHP 4. Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7: Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers. (MOPB-21 by Stefan Esser). Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser) Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team) Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser) Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (by Stanislav Malyshev) Security Enhancements and Fixes in PHP 5.2.2 only: Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) Fixed substr_compare and substr_count information leak (MOPB-14 by Stefan Esser) (Stas, Ilia) Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). (by Ilia Alshanetsky) Fixed a buffer overflow inside user_filter_factory_create(). (by Ilia Alshanetsky) Security Enhancements and Fixes in PHP 4.4.7 only: XSS in phpinfo() (MOPB-8 by Stefan Esser) While majority of the issues outlined above are local, in some circumstances given specific code paths they can be triggered externally. Therefor, we strongly recommend that if you use code utilizing the functions and extensions identified as having had vulnerabilities in them, you consider upgrading your PHP. For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.2.
|
|
|
Full View / NID: 15922 / Submitted by: The Spirit of Zuron
|
|
|
The PHP team is once again proud to participate in the Google Summer of Code, and we are still looking for project ideas from interested students. In case you want to spend the summer with your favorite Open Source project, PHP, and get some money for adding an interesting project to it, you should contact us at internals@lists.php.net. The deadline for submitting ideas is the 26th of March, 2007. Also, the current list of ideas includes suggested topics still looking for student participants.
|
|
|
Full View / NID: 15622 / Submitted by: The Spirit of Zuron
|
|
|
The PHP development team would like to announce the immediate availability of PHP 4.4.6. The main issue that this release addresses is a crash problem that was introduced in PHP 4.4.5. The problem occurs when session variables are used while register_globals is enabled. Details about the PHP 4.4.6 release can be found in the release announcement for 4.4.6, the full list of changes is available in the ChangeLog for PHP 4.
|
|
|
Full View / NID: 15623 / Submitted by: The Spirit of Zuron
|
|
|
The PHP development team would like to announce the immediate availability of PHP 5.2.1 and availability of PHP 4.4.5. These releases are major stability and security enhancements of the 5.x and 4.4.x branches, and all users are strongly encouraged to upgrade to it as soon as possible. Further details about the PHP 5.2.1 release can be found in the release announcement for 5.2.1, the full list of changes is available in the ChangeLog for PHP 5. Details about the PHP 4.4.5 release can be found in the release announcement for 4.4.5, the full list of changes is available in the ChangeLog for PHP 4. Security Enhancements and Fixes in PHP 5.2.1 and PHP 4.4.5: Fixed possible safe_mode & open_basedir bypasses inside the session extension. Fixed unserialize() abuse on 64 bit systems with certain input strings. Fixed possible overflows and stack corruptions in the session extension. Fixed an underflow inside the internal sapi_header_op() function. Fixed non-validated resource destruction inside the shmop extension. Fixed a possible overflow in the str_replace() function. Fixed possible clobbering of super-globals in several code paths. Fixed a possible information disclosure inside the wddx extension. Fixed a possible string format vulnerability in *print() functions on 64 bit systems. Fixed a possible buffer overflow inside ibase_{delete,add,modify}_user() functions. Fixed a string format vulnerability inside the odbc_result_all() function. Security Enhancements and Fixes in PHP 5.2.1 only: Prevent search engines from indexing the phpinfo() page. Fixed a number of input processing bugs inside the filter extension. Fixed allocation bugs caused by attempts to allocate negative values in some code paths. Fixed possible stack/buffer overflows inside zip, imap & sqlite extensions. Fixed several possible buffer overflows inside the stream filters. Memory limit is now enabled by default. Added internal heap protection. Extended filter extension support for $_SERVER in CGI and apache2 SAPIs. Security Enhancements and Fixes in PHP 4.4.5 only: Fixed possible overflows inside zip & imap extensions. Fixed a possible buffer overflow inside mail() function on Windows. Unbundled the ovrimos extension. The majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely. However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module. Therefore, we strongly advise all users of PHP, regardless of the version to upgrade to the 5.2.1 or 4.4.5 releases as soon as possible. For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.1. Update: Feb 14th; Added release information for PHP 4.4.5. Update: Feb 12th; The Windows install package had problems with upgrading from previous PHP versions. That has now been fixed and new file posted in the download section.
|
|
|
Full View / NID: 14963 / Submitted by: TACKtech Team
|
|
|
The news on the front page of php.net has changed, the conference announcements are now located on their own page. The idea is to keep php.net specific news clear and also opens the door for additional news entries, like for RC releases. More changes are on the way so keep an eye out.
|
|
|
Full View / NID: 14975 / Submitted by: The Spirit of Zuron
|
|
|
The PHP documentation team is proud to present to the PHP community a few fixes and tweaks to the PHP Manual, including: an improved, XSL-based build system that will deliver compiled manuals to mirrors in a more timely manner (goodbye dsssl) manual pages can now contain images (see imagearc() for an example) updated function version information and capture system (fewer "no version information, might be only in CVS" messages) ... and more to come! Please help us improve the documentation by submitting bug reports, and adding notes to undocumented functions.
|
|
|
Full View / NID: 14964 / Submitted by: TACKtech Team
|
|
|
The Vancouver PHP User Group is pleased to announce their second PHP Conference in Vancouver, B.C., Canada on February 12-13, 2007. The schedule is now online. Register by Dec. 31, 2006 and get 1/3rd off the ticket price. Regular price is $150CDN, early bird price $100CDN.
|
|
|
Full View / NID: 14035 / Submitted by: The Spirit of Zuron
|
|
|
The PHP Conference Brasil is the first Brazilian conference related exclusively to the PHP language in Sao Paulo, on December 1st and 2nd, 2006. It will be a great opportunity to establish a sustainable Brazilian PHP community and to exchange ideas among our professionals. More info is available at the Brazilian PHP Conference Web site.
|
|
|
Full View / NID: 13584 / Submitted by: The Spirit of Zuron
|
|
|
PHP Québec is pleased to announce the 2007 PHP Québec conference. The conference will take place in Montreal, Canada on March 14-15-16th 2007. We are looking for the best speakers willing to share their experience and skills with professional PHP developers from eastern Canada and the United States. This year, the conference will feature 3 distinct tracks: Advanced Techniques: Providing in-depth details of PHP techniques Data Availability: Databases, XML, Web Services, VOIP, TOIP, WAP, etc PHP Beyond theory: Real solutions for real problems related to software development and project management For more information, please visit the conference website.
|
|
|
Full View / NID: 13214 / Submitted by: The Spirit of Zuron
|
|
|
The PHP development team is proud to announce the immediate release of PHP 5.2.0. This release is a major improvement in the 5.X series, which includes a large number of new features, bug fixes and security enhancements. Further details about this release can be found in the release announcement 5.2.0, the full list of changes is available in the ChangeLog PHP 5. All users of PHP, especially those using earlier PHP 5 releases are advised to upgrade to this release as soon as possible. This release also obsoletes the 5.1 branch of PHP. For users upgrading from PHP 5.0 and PHP 5.1 there is an upgrading guide available here, detailing the changes between those releases and PHP 5.2.0.
|
|
|
Full View / NID: 13197 / Submitted by: The Spirit of Zuron
|
|
|
php|architect magazine is proud to announce php|tek 2007, an exclusive three-day conference (plus one day of exclusive in-depth seminars) dedicated to the world of PHP-driven software development. This year's conference will take place from May 16-18 2007, in Chicago, Illinois (USA), with May 15th set aside for a set of in-depth seminars. Do you have unique insight into PHP? Have you written extensions, or contributed to the core? Have you deployed PHP in a tough environment, or scaled it to handle millions of hits per minute? Have you solved a unique problem, and want to share your discovery? Perhaps you've become an expert in a specific field? If so, php|architect wants you to speak at php|tek. For more information, please visit the Call for Papers page, and submit your ideas. The deadline is November 20th, 2006.
|
|
|
Full View / NID: 13021 / Submitted by: The Spirit of Zuron
|
|
|
The Vancouver PHP User Group is pleased to announce thier second PHP Conference in Vancouver, B.C., Canada on February 12-13, 2007. If you are interested in participating as a speaker or sponsor, please email Shane Caraveo at shanec AT ActiveState DOT com.
|
|
|
Full View / NID: 12850 / Submitted by: The Spirit of Zuron
|
|
|
The French AFUP association is proud to announce the fifth annual PHP meeting in Paris, on November 9th and 10th, 2006. Developers and managers will gather to meet Rasmus Lerdorf, Andrei Zmievski and other prominent community experts for two days of sessions, packed with enterprise solutions and advanced techniques (in French).
|
|
|
Full View / NID: 12716 / Submitted by: The Spirit of Zuron
|
|
|
The Zend / PHP Conference & Expo 2006 has an Early Bird registration special available before September 15. Use the 'earlybird' code, available on the site, and receive a $795 registration price. The conference has announced a great line-up of speakers, including Chris Anderson, author of The Long Tail and editor-in-chief at Wired Magazine, r0ml, open source strategist, and Matthew Rechs, CTO of interactive agency, Schematic. There's a great line-up of speakers available.
|
|
|
Full View / NID: 12368 / Submitted by: The Spirit of Zuron
|
|
|
Software & Support media is pleased to announce the International PHP Conference 2006. It will happen from Nov. 05 to Nov. 08, 2006 at Frankfurt/Main. This year's sessions include topics on Security, PHP Internals, PHP & Business and Webservice topics. The Call for Papers has been closed and the programme is now online. On Nov. 05 and Nov. 06 there will be 6-hour PowerWorkshops that deliver hands-on PHP knowledge. A Management Day, dedicated to Managers who want to get informed about the usage of PHP, contains several sessions about the usage of PHP in large companies. The "PHP Code Camp @ Nite" with PHP Core Devs Marcus Börger and Sara Golemon. They go through from PHP basics to PHP OOP and implementing your own PHP extension. Delicious pizza and beer will do the rest. Registration is now open.
|
|
|
Full View / NID: 12308 / Submitted by: The Spirit of Zuron
|
|
|
The 2006 DC PHP Conference group is pleased to announce our speaker and schedule lineup. The conference is taking place in downtown Washington, DC, USA at the L'Enfant Plaza Hotel, October 19-20, 2006. There will be presentations and networking opportunities in the heart of the public sector.
|
|
|
Full View / NID: 12256 / Submitted by: The Spirit of Zuron
|
|
|
The third edition of Mastering Regular Expressions is finally out and includes a full 48-page chapter on PHP. This is an excellent resource from Jeffrey Friedl who has been writing about regexps for years.
|
|
|
Full View / NID: 12103 / Submitted by: The Spirit of Zuron
|
|
; void('');){kind=link}
