Somehow the PHP.net guys forget they have an announcement mailinglist to tell everyone a new version is released. I had a kind and very thoughtfull reminder in my mail from a happy DIYMacServer user telling me that a new version has been released.
So gentleman, start your download program and warm up your compiler. The PHP installation documentation has been updated and also has a Leopard configuration for all you early adopters.
The new release boasts the following fixes:
- Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
- Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.
- Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf
- Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
- Fixed “mail.force_extra_parameters” php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.
- Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).
- Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).
and the following enhancements:
- Upgraded PCRE to version 7.3
- Updated timezone database to version 2007.9
- Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable.
- Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc() functions
- Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll())
- Fixed bug #42785 (json_encode() formats doubles according to locale rather then following standard syntax)
- Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23)
- Over 60 bug fixes.