Newsgroups: php.general,php.internals,php.announce Path: news.php.net Xref: news.php.net php.general:299947 php.internals:46118 php.announce:79 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 88752 invoked from network); 19 Nov 2009 23:42:39 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Nov 2009 23:42:39 -0000 Authentication-Results: pb1.pair.com header.from=johannes@php.net; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=johannes@php.net; spf=unknown; sender-id=unknown Received-SPF: unknown (pb1.pair.com: domain php.net does not designate 83.243.58.134 as permitted sender) X-PHP-List-Original-Sender: johannes@php.net X-Host-Fingerprint: 83.243.58.134 mailout2.netbeat.de Linux 2.6 Received: from [83.243.58.134] ([83.243.58.134:38309] helo=mailout2.netbeat.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id DE/06-65535-BE7D50B4 for ; Thu, 19 Nov 2009 18:42:36 -0500 Received: (qmail 2152 invoked by uid 89); 19 Nov 2009 23:45:53 -0000 Received: from unknown (HELO ?192.168.1.21?) (postmaster%schlueters.de@93.104.113.180) by mailout2.netbeat.de with ESMTPA; 19 Nov 2009 23:45:53 -0000 X-Originator: 9e51b244e0a38413ab6a9876e36ba9df To: php-announce@lists.php.net, php-general@lists.php.net, internals@lists.php.net Content-Type: text/plain; charset="UTF-8" Organization: php.net Date: Fri, 20 Nov 2009 00:41:55 +0100 Message-ID: <1258674115.1781.8.camel@guybrush> Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: 5.3.1 Release announcement From: johannes@php.net (Johannes =?ISO-8859-1?Q?Schl=FCter?=) The PHP development team would like to announce the immediate availability of PHP 5.3.1. This release focuses on improving the stability of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.3.1: - Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia) - Added missing sanity checks around exif processing. (CVE-2009-3292, Ilia) - Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) - Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) - Fixed bug #50063 (safe_mode_include_dir fails). (CVE-2009-3559, Johannes, christian at elmerot dot se) - Fixed bug #44683 (popen crashes when an invalid mode is passed). (CVE-2009-3294, Pierre) Key Enhancements in PHP 5.3.1 include: - Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) - Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe) - Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe) - Fixed bug #49910 (no support for ././@LongLink for long filenames in phar tar support). (Greg) - Fixed bug #49908 (throwing exception in __autoload crashes when interface is not defined). (Felipe) - Around 100 other bug fixes For users upgrading from PHP 5.2 there is a migration guide available on , detailing the changes between those releases and PHP 5.3. For a full list of changes in PHP 5.3.1, see the ChangeLog at . Johannes Schlüter PHP 5.3 Release Manager