eComStation: go to the Homepage This website in english Versione Italiano Diese Webseiten auf Deutsch

Customer login
Username:

Password:


Register as a new customer


eCS Newscast
With this mailinglist, you will find out about eCS related news stories and rumors as they happen.

E-Mail Address:



© 2003-2007 Serenity Systems, Inc. 2003-2013 Mensys BV, 2014-2015 XEU.com BV. All rights reserved.

This site is running on eComStation

eComStation News Email this page to a friend Email this page

PHP 5.2.1 Released

February 11, 2007 by Paul Smedley

The PHP development team would like to announce the immediate availability of PHP 5.2.1. This release is a major stability and security enhancement of the 5.X branch, and all users are strongly encouraged to upgrade to it as
soon as possible.

Security Enhancements and Fixes in PHP 5.2.1:

* Fixed possible safe_mode & open_basedir bypasses inside the session extension.
* Prevent searchs engine from indexing the phpinfo() page.
* Fixed a number of input processing bugs inside the filter extension.
* Fixed unserialize() abuse on 64 bit systems with certain input strings.
* Fixed possible overflows and stack corruptions in the session extension.
* Fixed an underflow inside the internal sapi_header_op() function.
* Fixed allocation bugs caused by attempts to allocate negative values in some code paths.
* Fixed possible stack overflows inside zip, imap & sqlite extensions.
* Fixed several possible buffer overflows inside the stream filters.
* Fixed non-validated resource destruction inside the shmop extension.
* Fixed a possible overflow in the str_replace() function.
* Fixed possible clobbering of super-globals in several code paths.
* Fixed a possible information disclosure inside the wddx extension.
* Fixed a possible string format vulnerability in *print() functions on
64 bit systems.
* Fixed a possible buffer overflow inside mail() and
ibase_{delete,add,modify}_user() functions.
* Fixed a string format vulnerability inside the odbc_result_all() function.
* Memory limit is now enabled by default.
* Added internal heap protection.
* Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.

The majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely.
However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module. Therefore, we strongly advise all users of PHP, regardless of the version to upgrade to 5.2.1 release as soon as
possible. PHP 4.4.5 with equivalent security corrections will be available shortly.

The key improvements of PHP 5.2.1 include:

* Several performance improvements in the engine, streams API and some Windows specific optimizations.
* PDO_MySQL now uses buffered queries by default and emulates prepared statements to bypass limitations of MySQL's prepared statement API.
* Many improvements and enhancements to the filter and zip extensions.
* Memory limit is now always enabled, this includes Windows builds, with a default limit of 128 megabytes.
* Added several performance optimizations using faster Win32 APIs (this change means that PHP no longer supports Windows 98).
* FastCGI speed optimized build of PHP for Windows made available for downloading.
* Over 180 bug fixes.

For users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is available at http://www.php.net/UPDATE_5_2.txt, detailing the changes between those releases and PHP 5.2.1.

For a full list of changes in PHP 5.2.1, see the ChangeLog (
http://www.php.net/ChangeLog-5.php#5.2.1 ).

An OS/2 & eComStation binary of PHP 5.2.1 is available from:
http://smedley.info/os2ports

Please read the readme.os2 file included in the package for the release notes.

eComStation News  [ submit ]  [ search ]  Software News
netlabs.org newsletter #286
 (January 02, 2017)

netlabs.org newsletter #285
 (December 19, 2016)

netlabs.org newsletter #284
 (December 05, 2016)

netlabs.org newsletter #282
 (November 07, 2016)

netlabs.org newsletter #281
 (October 24, 2016)

Bob Eager\'s OS/2 Software released as Open Source
 (October 23, 2016)

netlabs.org newsletter #280
 (October 10, 2016)

netlabs.org newsletter #279
 (September 26, 2016)


DFSee version 14.1 released
 (January 05, 2017)

DFSee MAJOR version 14.0 released!
 (December 18, 2016)

XWP v1.0.11 GA
 (December 17, 2016)

Weasel version 2.3 released
 (December 14, 2016)

 Driver Updates
PEEK.SYS driver source code now available
 (August 26, 2016)

USB driver package version 11.14 released
 (March 31, 2016)

New MultiMac NIC driver package (20160201) released
 (March 07, 2016)

Product Information Support Community Developers Downloads Where to buy About us Sitemap