Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:42109
Return-Path: <ilia@prohost.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 26511 invoked from network); 5 Dec 2008 04:36:03 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 5 Dec 2008 04:36:03 -0000
Authentication-Results: pb1.pair.com smtp.mail=ilia@prohost.org; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=ilia@prohost.org; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain prohost.org from 209.85.221.20 cause and error)
X-PHP-List-Original-Sender: ilia@prohost.org
X-Host-Fingerprint: 209.85.221.20 mail-qy0-f20.google.com  
Received: from [209.85.221.20] ([209.85.221.20:61367] helo=mail-qy0-f20.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 8A/35-20960-2BFA8394 for <internals@lists.php.net>; Thu, 04 Dec 2008 23:36:03 -0500
Received: by qyk13 with SMTP id 13so5337347qyk.23
        for <internals@lists.php.net>; Thu, 04 Dec 2008 20:35:59 -0800 (PST)
Received: by 10.214.43.5 with SMTP id q5mr15983543qaq.205.1228451758839;
        Thu, 04 Dec 2008 20:35:58 -0800 (PST)
Received: from ?192.168.1.132? (CPE0018f8c0ee69-CM000f9f7d6664.cpe.net.cable.rogers.com [72.138.241.182])
        by mx.google.com with ESMTPS id 2sm5594469qwi.49.2008.12.04.20.35.57
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Thu, 04 Dec 2008 20:35:57 -0800 (PST)
Message-ID: <6B874765-2F27-4FA5-8180-60B0CCC7214F@prohost.org>
To: internals Mailing List <internals@lists.php.net>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Thu, 4 Dec 2008 23:35:56 -0500
X-Mailer: Apple Mail (2.929.2)
Subject: PHP 5.2.7 Released
From: ilia@prohost.org (Ilia Alshanetsky)

The PHP development team would like to announce the immediate  
availability of PHP 5.2.7. This release focuses on improving the  
stability of the PHP 5.2.x branch with over 170 bug fixes, several of  
which are security related. All users of PHP are encouraged to upgrade  
to this release.

Security Enhancements and Fixes in PHP 5.2.7:

	* Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)
	* Fixed missing initialization of BG(page_uid) and BG(page_gid),  
reported by Maksymilian Arciemowicz.
	* Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
	* Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
	* Fixed incorrect php_value order for Apache configuration, reported  
by Maksymilian Arciemowicz.
	* Fixed safe_mode related security issues detailed in CVE-2008-2665  
and CVE-2008-2666.
	* Crash with URI/file..php (filename contains 2 dots) (Fixes  
CVE-2008-3660)
	* IMAP toolkit crash: rfc822.c legacy routine buffer overflow. (Fixes  
CVE-2008-2829)

Some of the key enhancements in PHP 5.2.7 include:

	* Fixed several memory leaks inside the readline and sqlite extensions
	* A number of corrections relating to date parsing inside the date  
extension
	* Fixed bugs relating to data retrieval in the PDO extension
	* A series of crashes in various areas of code were resolved
	* Several corrections were made to the strip_tags() function in terms  
of < and <?XML handling
	* A number of bugs were fixed in extract() function when EXTR_REFS  
flag is being used
	* Added the ability to log PHP errors to the SAPI (Ex. Apache log)  
logging facility
	* Over 170 bug fixes.

For users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is  
available here (http://www.php.net/migration52), detailing the changes  
between those releases and PHP 5.2.7. For a full list of changes in  
PHP 5.2.7, see the ChangeLog (http://www.php.net/ChangeLog-5.php#5.2.7).

Ilia Alshanetsky
5.2 Release Master