PHP终止PHP5.2更新 鼓励用户升级到PHP5.3

  昨日,在php官网上php5.2.x系列稳定版更新到php5.2.14,PHP5.3.x系列更新到PHP5.3.3。同时这个版本主要改进了PHP5.2.x系列的稳定性,修复60多个BUG,部分BUG与安全相关。这个版本标志着对PHP5.2系列更新的结束,在此版本之后不再积极更新PHP5.2x,其安全补丁可能以单个形式发布。

  与此同时,PHP开发团队发布了PHP5.3.3,修复了近100个BUG,鼓励所有PHP5.2系列的用户升级到PHP5.3。但是实际上国内很多PHP程序对PHP5.3的支持都有不少小问题。

  此外,PHP官网着重列出一个PHP5.3.3新的不兼容特性:在命名空间里,和类名一致的函数不再被作为一个构造函数。不过没有使用namespace的类不受影响。

  

   <?php
namespace Foo;
class Bar {
  public function Bar() {
    // 在PHP 5.3.0-5.3.2版本作为构造函数
    // 在PHP 5.3.3作为一个普通函数
  }
} ?>

  以下是PHP5.3.3的修复清单。

  

   Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531)。

  Fixed a possible resource destruction issues in shm_put_var()。

  Fixed a possible information leak because of interruption of XOR operator.

  Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.

  Fixed a possible memory corruption in ArrayObject::uasort()。

  Fixed a possible memory corruption in parse_str()。

  Fixed a possible memory corruption in pack()。

  Fixed a possible memory corruption in substr_replace()。

  Fixed a possible memory corruption in addcslashes()。

  Fixed a possible stack exhaustion inside fnmatch()。

  Fixed a possible dechunking filter buffer overflow.

  Fixed a possible arbitrary memory access inside sqlite extension.

  Fixed string format validation inside phar extension.

  Fixed handling of session variable serialization on certain prefix characters.

  Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288)。

  Fixed SplObjectStorage unserialization problems (CVE-2010-2225)。

  Fixed possible buffer overflows in MySQLnd_list_fields, MySQLnd_change_user.

  Fixed possible buffer overflows when handling error packets in MySQLnd.

  Key enhancements in PHP 5.3.3 include:

  Upgraded bundled sqlite to version 3.6.23.1.

  Upgraded bundled PCRE to version 8.02.

  Added FastCGI Process Manager (FPM) SAPI.

  Added stream filter support to mcrypt extension.

  Added full_special_chars filter to ext/filter.

  Fixed a possible crash because of recursive GC invocation.

  Fixed bug #52238 (Crash when an Exception occured in iterator_to_array)。

  Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function)。

  Fixed bug #52060 (Memory leak when passing a closure to method_exists())。

  Fixed bug #52001 (Memory allocation problems after using variable variables)。

  Fixed bug #51723 (Content-length header is limited to 32bit integer with Apache2 on Windows)。

  Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP 》= 5.3)。

  For users upgrading from PHP 5.2 there is a migration guide available on http://php.net/migration53, detailing the changes between those releases and PHP 5.3.

  PHP5.2.14主要更新清单

  Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.

  Fixed a possible interruption array leak in strrchr()。(CVE-2010-2484)

  Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), tRIM()。

  Fixed a possible memory corruption in substr_replace()。

  Fixed SplObjectStorage unserialization problems (CVE-2010-2225)。

  Fixed a possible stack exaustion inside fnmatch()。

  Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288)。

  Fixed handling of session variable serialization on certain prefix characters.

  Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.

  Key enhancements in PHP 5.2.14 include:

  Upgraded bundled PCRE to version 8.02.

  Updated timezone database to version 2010.5.

  Fixed bug #52238 (Crash when an Exception occured in iterator_to_array)。

  Fixed bug #52237 (Crash when passing the reference of the property of a non-object)。

  Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function)。

  Fixed bug #51822 (Segfault with strange __destruct() for static class variables)。

  Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues)。

  Fixed bug #49267 (Linking fails for iconv on MacOS: “Undefined symbols: _libiconv”)。

  原文地址:http://dev.meettea.com/show-87-1.html

类别:HTML,ASP,JSP,PHP  来源:本站原创  作者:hpping  日期:2010-07-23 15:09

上一条:现在如何在你的站点上使用HTML5
下一条:HTML5定稿了,为什么原生App世界将被颠覆