The PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.12:Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas)Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com) Further details about the PHP 5.2.12 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.
Leia Mais

The PHP development team would like to announce the immediate availability of PHP 5.3.1. This release focuses on improving the stability of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users of PHP are encouraged to upgrade to this release.Security Enhancements and Fixes in PHP 5.3.1:Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.Added missing sanity checks around exif processing.Fixed a safe_mode bypass in tempnam().Fixed a open_basedir bypass in posix_mkfifo().Fixed failing safe_mode_include_dir.Further details about the PHP 5.3.1 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.
Leia Mais

The PHP development team would like to announce the immediate availability of PHP 5.2.11. This release focuses on improving the stability of the PHP 5.2.x branch with over 75 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.11:Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)Fixed sanity check for the color index in imagecolortransparent(). (Pierre)Added missing sanity checks around exif processing. (Ilia)Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre) Further details about the PHP 5.2.11 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.
Leia Mais

A group of winners of PHP elePHPhants or TestFest mugs have been picked at random from the people that contributed the 887 tests during the 2009 PHP TestFest. Winners of elePHPhantsMark Schaschke TestFest London May 2009Patrick Allaert Belgian PHP Testfest 2009Rafael Dohms testfest PHPSP on 2009-06-20Guilherme Blanco testfest PHPSP on 2009-06-20Fabio Fabbrucci Italian PHP TestFest 2009 Cesena 19-20-21 juneRodrigo Moyle testfest PHPSP on 2009-06-20Edgar Ferreira da Silva testfest PHPSP on 2009-06-20Marco Fabbri PHPTestFest Cesena Italia on 2009-06-20Jason Easter Testfest 2009 2009-06-20Simon Westcott PHPNW Testfest 2009Winners of mugsTim Eggert Testfest Berlin 2009-05-09Till Klampaeckel TestFest 2009Havard Eide Norway 2009-06-09 o/?lex Corretgé - CataloniaFrancesco Fullone TestFest Cesena Italia on 2009-06-20Ivan Rosolen testfest PHPSP on 2009-06-20Moritz Neuhaeuser Testfest Berlin 2009-05-10Daniel Convissor TestFest 2009 NYPHPMatt Raines testfest London 2009-05-09Winners will be contacted shortly. Once again a huge thank you! to everyone who helped to make this year's TestFest such an outstanding success!
Leia Mais

The migration from CVS to Subversion is complete. The web interface is at svn.php.net. You can read about it at php.net/svn.php, wiki.php.net/vcs/svnfaq. The URL to feed to your svn client is http://svn.php.net/repository. There is also a github mirror. Please use that instead of trying to do a full git clone from the svn repository. See the instructions at wiki.php.net/vcs/svnfaq#git Many thanks to Gwynne who did the bulk of the work and also all the other folks who pitched in. It was a major effort to move 14 years of CVS history to another RCS.
Leia Mais