Date: 14 Jan 2010 Comments: 0

The PHP Development Team have recently released PHP 5.3.1. The Core 5.3 PHP engine hasn’t been changed essentially, but there are many improvements in security and stability.

Security Enhancements and Fixes:

• ‘max_file_uploads’ INI directive added, which can be used to limit the number of file uploads per-request to 20 by default, it may prevent DoS attacks via temporary file exhaustion.
• Added missing sanity checks around EXIF (exchangeable image file format) processing.
• Fixed a safe_mode bypass in tempnam()
• Fixed a open_basedir bypass in posix_mkfifo()

Stability Fixes:

• Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection
• Fixed crash in com_print_typeinfo when an invalid typelib is given
• Fixed crash when instantiating PDORow and PDOStatement through Reflection

There are 5 security improvements and 113 named PHP bugs that have been fixed in this release. There are also additional 28 improvements

that haven’t been officially reported as PHP bugs.

While the security fixes are obviously an important reason for PHP users to migrate immediately, the long list of non-security items is also a good reason to update your PHP version.

Read More:

PHP Sources: http://www.php.net/downloads.php

PHP for Windows: http://windows.php.net/download/

PHP 5.3.1 Change Log http://www.php.net/ChangeLog-5.php#5.3.1

Do you read Read PHP Changelog before upgrading to new php version?

Always, it’s a good practice.

Sometimes, whem I’m not too busy.

Never, it’s not necessary.

What’s PHP Changelog?

Other

View Results