The PHP development team is proud to announce the immediate release of
PHP 5.3.4. This is a maintenance release in the 5.3 series, which
includes a large number of bug fixes.
Security Enhancements and Fixes in PHP 5.3.4:
* Fixed crash in zip extract method (possible CWE-170).
* Paths with NULL in them (foo\0bar.txt) are now considered as
invalid (CVE-2006-7243).
* Fixed a possible double free in imap extension (Identified by
Mateusz Kocielski). (CVE-2010-4150).
* Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
(CVE-2010-3709).
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
* Fixed symbolic resolution support when the target is a DFS
share.
* Fixed bug #52929 (Segfault in filter_var with
FILTER_VALIDATE_EMAIL with large amount of data)
(CVE-2010-3710).
Key Bug Fixes in PHP 5.3.4 include:
* Added stat support for zip stream.
* Added follow_location (enabled by default) option for the http
stream support.
* Added a 3rd parameter to get_html_translation_table. It now
takes a charset hint, like htmlentities et al.
* Implemented FR #52348, added new constant ZEND_MULTIBYTE to
detect zend multibyte at runtime.
* Multiple improvements to the FPM SAPI.
Over 100 other bug fixes.
For users upgrading from PHP 5.2 there is a migration guide
available on http://php.net/migration53, detailing the changes between
those releases and PHP 5.3.
For a full list of changes in PHP 5.3.4, see the ChangeLog on
http://php.net/ChangeLog-5.php#5.3.4. For source downloads
please visit our downloads page on http://php.net/downloads.php,
Windows binaries can be found on <windows.php.net/download/>;.
Johannes Schlüter
PHP 5.3 Release Master