http://www.php.net/ChangeLog-4.php#4.3.11 http://www.php.net/ChangeLog-5.php#5.0.4
---------- Forwarded message ---------- From: Ilia Alshanetsky ilia@prohost.org Date: Thu, 31 Mar 2005 16:50:22 -0500 Subject: [ANNOUNCE] PHP 4.3.11 & 5.0.4 Released! To: php-announce@lists.php.net, PHP Internals List internals@lists.php.net, general@lists.php.net
The PHP Development Team would like to announce the immediate release of PHP 4.3.11 and 5.0.4. These are maintenance releases that in addition to fixing over 70 non-critical bugs, address several security issues. The addressed security issues include fixes to the exif and fbsql extensions, as well as fixes to unserialize(), swf_definepoly() and getimagesize().
All users of PHP are strongly encouraged to upgrade to this release.
Aside from the above mentioned issues this release includes the following important fixes:
* Crash in bzopen() if supplied path to non-existent file. * DOM crashing when attribute appended to Document. * unserialize() float problem on non-English locales. * Crash in msg_send() when non-string is stored without being serialized. * Possible infinite loop in imap_mail_compose(). * Fixed crash in chunk_split(), when chunklen > strlen. * session_set_save_handler crashes PHP when supplied non-existent object reference. * Memory leak in zend_language_scanner.c. * Compile failures of zend_strtod.c. * Fixed crash in overloaded objects & overload() function. * cURL functions bypass open_basedir.
The PHP Development Team would like to thank all the people who have identified the security faults in PHP and helped us address them.
-- PHP Announcements Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php