The PHP development team is proud to announce the immediate release of PHP 5.3.4. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes. Security Enhancements and Fixes in PHP 5.3.4:Fixed crash in zip extract method (possible CWE-170).Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).Fixed NULL pointer dereference in...

The PHP development team would like to announce the immediate availability of PHP 5.2.16. This release marks the end of support for PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3. This release focuses on addressing a regression in open_basedir implementation introduced in 5.2.15 in addition to fixing a crash inside PDO::pgsql on data retrieval when the server is down. All users who have upgraded to 5.2.15 and are utilizing open_basedir are strongly encouraged to upgrade to 5.2.16 or...

The PHP development team would like to announce the immediate availability of PHP 5.3.5 and 5.2.17. This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers. The problem is known to only affect x86 32-bit PHP processes, regardless of whether the system hosting PHP is 32-bit or 64-bit. You can test whether your system is affected by running this script from the...

The PHP development team would like to announce the immediate availability of PHP 5.3.6. This release focuses on improving the stability of the PHP 5.3.x branch with over 60 bug fixes, some of which are security related.Security Enhancements and Fixes in PHP 5.3.6:Enforce security in the fastcgi protocol parsing with fpm SAPI.Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153)Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092)Fixed bug #54055 (buffer overrun with high...

The wiki.php.net box was compromised and the attackers were able to collect wiki account credentials. No other machines in the php.net infrastructure appear to have been affected. Our biggest concern is, of course, the integrity of our source code. We did an extensive code audit and looked at every commit since 5.3.5 to make sure that no stolen accounts were used to inject anything malicious. Nothing was found. The compromised machine has been wiped and we are forcing a password change for all svn...

PHP has several new documentation features that the community should be aware of: pman - PHP man pages $ pear install doc.php.net/pman$ pman strlen (this example displays a local textual version of the strlen docs) Enhanced CHM - contains user notes (over 25,000) This additional CHM file is downloadable Online Documentation Editor - allows everyone to edit the PHP manual URL: https://edit.php.net/Every manual page will link to it in the futureIncludes an IRC window to the #php.doc channel, so let's talk We...

The PHP development team is proud to announce the first PHP 5.4 alpha release. PHP 5.4 includes new language features and removes several legacy (deprecated) behaviors. Read the NEWS file for a complete list of changes. THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION! This alpha release exists to encourage users to identify bugs, and to ensure that all new features and backward compatibility breaks are evaluated and documented before PHP 5.4.0 is released. Please report findings to the QA...

The PHP development team would like to announce the immediate availability of PHP 5.3.7. This release focuses on improving the stability of the PHP 5.3.x branch with over 90 bug fixes, some of which are security related.Security Enhancements and Fixes in PHP 5.3.7:Updated crypt_blowfish to 1.2. (CVE-2011-2483) (more info)Fixed crash in error_log(). Reported by Mateusz KocielskiFixed buffer overflow on overlog salt in crypt().Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload...