PHP 5.3.6 發布(修復60多處bug)

←手機掃碼閱讀     火星人 @ 2014-03-29 , reply:0


PHP是一種新型的CGI程序編寫語言,易學易用,運行速度快,可以方便快捷地編寫出功能強大,運行速度快,並可同時運行於 Windows、Unix、Linux平台的Web後台程序, 內置了對文件上傳、密碼認證、Cookies操作、郵件收發、動態GIF生成等功能,PHP 直接為很多資料庫提供原本的連接,包括Oracle、Sybase、Postgres、Mysql、Informix、Dbase、Solid、 Access等,完全支持ODBC介面,用戶更換平台時,無需變換PHP代碼,可即拿即用.

經過三個RC后,php 5.3.6 今天正式發布.此版本共修復了超過60個包含安全性在內的bug.


Security Enhancements and Fixes in PHP 5.3.6:

* Enforce security in the fastcgi protocol parsing with fpm SAPI.
* Fixed bug #54247 (format-string vulnerability on Phar).
* Fixed bug #54193 (Integer overflow in shmop_read()).
* Fixed bug #54055 (buffer overrun with high values for precision
ini setting).
* Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708)
* Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty
archive). (CVE-2011-0421)

Key enhancements in PHP 5.3.6 include:

* Upgraded bundled Sqlite3 to version 3.7.4.
* Upgraded bundled PCRE to version 8.11.
* Added ability to connect to HTTPS sites through proxy with basic
authentication using stream_context/http/header/

* Added options to debug backtrace functions.
* Changed default value of ini directive serialize_precision from
100 to 17.
* Fixed Bug #53971 (isset() and empty() produce apparently spurious
runtime error).
* Fixed Bug #53958 (Closures can't 'use' shared variables by value
and by reference).
* Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir
with a trailing forward slash).
* Over 60 other bug fixes.

[火星人 ] PHP 5.3.6 發布(修復60多處bug)已經有279次圍觀