All PHP users are encouraged to upgrade to this release as soon as possible. The security issues resolved include the following: Disallow certain characters in session names.
Fixed a buffer overflow inside the wordwrap function. Prevent jumps to parent directory via the 2nd parameter of the tempnam function. Fixed cross-site scripting inside the phpinfo function. Fixed a heap corruption inside the session extension. For more information, see here. Fixed an issue with trailing slashes in allowed basedirs. Fixed an issue with calling virtual on Apache 2. Updated to the latest pcrelib to fix a possible integer overflow vulnerability announced in CAN To download the source code for this release please view the sources.
Andi, Thies, Sterling, Dmitry, Marcus switch statement. Dmitry several array functions. Marcus virtual path handling by adding a realpath cache. Andi variable fetches.
Andi magic method invocations. Marcus improved mysqli extension. Andrey upgraded bundled libraries PCRE library to version 6. Header can no longer be used to send multiple response headers in a single call.
Possible cross-site scripting problems in certain error conditions. The feature enhancements include the following notables: Hash extension was added to core and is now enabled by default. This extension provides support for most common hashing algorithms without reliance on 3rd party libraries.
XMLWriter was added and enabled by default.
0コメント