PHP 5.5.20 发布,该版本修复了一些 bug 以及反序列化相关的 CVE 安全漏洞。建议所有 PHP 5.5 的用户尽快升级。
详细的改进记录包括:
•Core: •Fixed bug #68091 (Some Zend headers lack appropriate extern "C" blocks).
•Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly triggered).
•Fixed bug #68370 ("unset($this)" can make the program crash).
•Fixed bug #68545 (NULL pointer dereference in unserialize.c).
•Fixed bug #68594 (Use after free vulnerability in unserialize())(CVE-2014-8142).
•Date: •Fixed day_of_week function as it could sometimes return negative values internally.
•FPM: •Fixed bug #68381 (fpm_unix_init_main ignores log_level).
•Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all addresses).
•Fixed bug #68421 (access.format='%R' doesn't log ipv6 address).
•Fixed bug #68423 (PHP-FPM will no longer load all pools).
•Fixed bug #68428 (listen.allowed_clients is IPv4 only).
•Fixed bug #68452 (php-fpm man page is oudated).
•Fixed bug #68458 (Change pm.start_servers default warning to notice).
•Fixed bug #68463 (listen.allowed_clients can silently result in no allowed access).
•Fixed bug #68391 (php-fpm conf files loading order).
•Fixed bug #68478 (access.log don't use prefix).
•Mcrypt: •Fixed possible read after end of buffer and use after free.
•PDO_pgsql: •Fixed bug #66584 (Segmentation fault on statement deallocation).
•Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception when not in transaction).
•Fixed bug #68351 (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving).
•zlib: •Fixed bug #53829 (Compiling PHP with large file support will replace function gzopen by gzopen64).
软件详情:http://php.net/
下载地址:http://php.net/downloads.php
来自:开源中国社区
