---------- Forwarded message ----------
From: Ilia Alshanetsky <ilia(a)prohost.org>
Date: Thu, 31 Mar 2005 16:50:22 -0500
Subject: [ANNOUNCE] PHP 4.3.11 & 5.0.4 Released!
To: php-announce(a)lists.php.net, PHP Internals List
The PHP Development Team would like to announce the immediate release of
PHP 4.3.11 and 5.0.4. These are maintenance releases that in addition
to fixing over 70 non-critical bugs, address several security issues.
The addressed security issues include fixes to the exif and fbsql
extensions, as well as fixes to unserialize(), swf_definepoly() and
All users of PHP are strongly encouraged to upgrade to this release.
Aside from the above mentioned issues this release includes the
following important fixes:
* Crash in bzopen() if supplied path to non-existent file.
* DOM crashing when attribute appended to Document.
* unserialize() float problem on non-English locales.
* Crash in msg_send() when non-string is stored without being serialized.
* Possible infinite loop in imap_mail_compose().
* Fixed crash in chunk_split(), when chunklen > strlen.
* session_set_save_handler crashes PHP when supplied non-existent object
* Memory leak in zend_language_scanner.c.
* Compile failures of zend_strtod.c.
* Fixed crash in overloaded objects & overload() function.
* cURL functions bypass open_basedir.
The PHP Development Team would like to thank all the people who have
identified the security faults in PHP and helped us address them.
PHP Announcements Mailing List (http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php