PHP 今天发布两个更新版本,分别是 5.4.35 和 5.6.3 版本,这都是 bugfix 版本,其中 5.6.3 还修复了一个 fileinfo 扩展方面的漏洞。5.4.35 修复了一个安全漏洞 CVE-2014-3710 ,建议所有 5.4 的用户升级到该版本。
PHP 5.4.35 改进记录:
Core: Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
Fileinfo: Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
GMP: Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
PDO_pgsql: Fixed bug #66584 (Segmentation fault on statement deallocation).
PHP 5.6.3 改进记录:
Core: Implemented 64-bit format codes for pack() and unpack().
Fixed bug #51800 (proc_open on Windows hangs forever).
Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write).
Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)).
Fixed bug #67949 (DOMNodeList elements should be accessible through array notation) (Florian)
Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in php_getopt()).
Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined).
Fixed bug #68129 (parse_url() - incomplete support for empty usernames and passwords) (Tjerk)
Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
CURL: Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus)
Fileinfo: Fixed bug #66242 (libmagic: don't assume char is signed).
Fixed bug #68224 (buffer-overflow in libmagic/readcdf.c caught by AddressSanitizer).
Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers).
FPM: Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass).
Implemented FR #55508 (listen and listen.allowed_clients should take IPv6 addresses).
GD: Fixed bug #65171 (imagescale() fails without height param).
GMP: Implemented gmp_random_range() and gmp_random_bits().
Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
Mysqli: Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande)
ODBC: Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by a VARCHAR column) (Keyur Govande)
OpenSSL: Fixed bug #68074 (Allow to use system cipher list instead of hardcoded value).
PDO_pgsql: Fixed bug #68199 (PDO::pgsqlGetNotify doesn't support NOTIFY payloads) (Matteo, Alain Laporte)
Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)
Reflection: Fixed bug #68103 (Duplicate entry in Reflection for class alias).
SPL: Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk)
软件详情:http://php.net/
下载地址:http://php.net/downloads.php
来自:开源中国社区
