Newsgroups: php.general,php.internals
Path: news.php.net
Xref: news.php.net php.general:309937 php.internals:50986
Return-Path: <johannes@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 54876 invoked from network); 10 Dec 2010 01:20:08 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 10 Dec 2010 01:20:08 -0000
Authentication-Results: pb1.pair.com header.from=johannes@php.net; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=johannes@php.net; spf=unknown; sender-id=unknown
Received-SPF: unknown (pb1.pair.com: domain php.net does not designate 217.114.211.66 as permitted sender)
X-PHP-List-Original-Sender: johannes@php.net
X-Host-Fingerprint: 217.114.211.66 ns.km36107.keymachine.de Solaris 10 (beta)
Received: from [217.114.211.66] ([217.114.211.66:53077] helo=config.schlueters.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 92/D1-39391-740810D4 for <php-general@lists.php.net>; Thu, 09 Dec 2010 20:20:08 -0500
Received: from [192.168.1.29] (ppp-93-104-62-173.dynamic.mnet-online.de [93.104.62.173])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by config.schlueters.de (Postfix) with ESMTPSA id 0E3674B28D;
	Fri, 10 Dec 2010 02:20:04 +0100 (CET)
To: php-announce@lists.php.net
Cc: php-general <php-general@lists.php.net>, PHP internals list
 <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Organization: php.net
Date: Fri, 10 Dec 2010 02:20:02 +0100
Message-ID: <1291944003.21354.113.camel@guybrush>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.2 
Content-Transfer-Encoding: 8bit
Subject: PHP 5.3.4 Released
From: johannes@php.net (Johannes =?ISO-8859-1?Q?Schl=FCter?=)

The PHP development team is proud to announce the immediate release of
PHP 5.3.4. This is a maintenance release in the 5.3 series, which
includes a large number of bug fixes.

Security Enhancements and Fixes in PHP 5.3.4:
      * Fixed crash in zip extract method (possible CWE-170).
      * Paths with NULL in them (foo\0bar.txt) are now considered as
        invalid (CVE-2006-7243).
      * Fixed a possible double free in imap extension (Identified by
        Mateusz Kocielski). (CVE-2010-4150).
      * Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
        (CVE-2010-3709).
      * Fixed possible flaw in open_basedir (CVE-2010-3436).
      * Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
      * Fixed symbolic resolution support when the target is a DFS
        share.
      * Fixed bug #52929 (Segfault in filter_var with
        FILTER_VALIDATE_EMAIL with large amount of data)
        (CVE-2010-3710).

Key Bug Fixes in PHP 5.3.4 include:
      * Added stat support for zip stream.
      * Added follow_location (enabled by default) option for the http
        stream support.
      * Added a 3rd parameter to get_html_translation_table. It now
        takes a charset hint, like htmlentities et al.
      * Implemented FR #52348, added new constant ZEND_MULTIBYTE to
        detect zend multibyte at runtime.
      * Multiple improvements to the FPM SAPI.

Over 100 other bug fixes.

For users upgrading from PHP 5.2 there is a migration guide
available on <http://php.net/migration53>, detailing the changes between
those releases and PHP 5.3.

For a full list of changes in PHP 5.3.4, see the ChangeLog on
<http://php.net/ChangeLog-5.php#5.3.4>. For source downloads
please visit our downloads page on <http://php.net/downloads.php>,
Windows binaries can be found on <windows.php.net/download/>.

Johannes Schlüter
PHP 5.3 Release Master