PHP 5.2.1 and PHP 4.4.5 Released
Original post provide by PHP: Hypertext PreprocessorThe PHP development team would like to announce the immediate availability of PHP 5.2.1 and availability of PHP 4.4.5. These releases are major stability and security enhancements of the 5.x and 4.4.x branches, and all users are strongly encouraged to upgrade to it as soon as possible. Further details about the PHP 5.2.1 release can be found in the release announcement for 5.2.1, the full list of changes is available in the ChangeLog for PHP 5. Details about the PHP 4.4.5 release can be found in the release announcement for 4.4.5, the full list of changes is available in the ChangeLog for PHP 4. Security Enhancements and Fixes in PHP 5.2.1 and PHP 4.4.5:Fixed possible safe_mode & open_basedir bypasses inside the session extension.Fixed unserialize() abuse on 64 bit systems with certain input strings.Fixed possible overflows and stack corruptions in the session extension.Fixed an underflow inside the internal sapi_header_op() function.Fixed non-validated resource destruction inside the shmop extension.Fixed a possible overflow in the str_replace() function.Fixed possible clobbering of super-globals in several code paths.Fixed a possible information disclosure inside the wddx extension.Fixed a possible string format vulnerability in *print() functions on 64 bit systems.Fixed a possible buffer overflow inside ibase_{delete,add,modify}_user() functions.Fixed a string format vulnerability inside the odbc_result_all() function.Security Enhancements and Fixes in PHP 5.2.1 only:Prevent search engines from indexing the phpinfo() page.Fixed a number of input processing bugs inside the filter extension.Fixed allocation bugs caused by attempts to allocate negative values in some code paths.Fixed possible stack/buffer overflows inside zip, imap & sqlite extensions.Fixed several possible buffer overflows inside the stream filters.Memory limit is now enabled by default.Added internal heap protection.Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.Security Enhancements and Fixes in PHP 4.4.5 only:Fixed possible overflows inside zip & imap extensions.Fixed a possible buffer overflow inside mail() function on Windows.Unbundled the ovrimos extension. The majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely. However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module. Therefore, we strongly advise all users of PHP, regardless of the version to upgrade to the 5.2.1 or 4.4.5 releases as soon as possible. For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.1. Update: Feb 14th; Added release information for PHP 4.4.5.Update: Feb 12th; The Windows install package had problems with upgrading from previous PHP versions. That has now been fixed and new file posted in the download section.
Previous Articles:PHP Advent Calendar Day 1
Here's an example from one of my development environments: $ cat /path/to/php/ini | grep sendmail_path sendmail_path=/usr/local/bin/logmail $ cat /usr/local/bin/logmail cat >> /tmp/logmail.log This little bit of config code is extremely useful in a non-production environment. In the scenario above, you don't have to worry about flipping any flags or accidentally reading the "real" customer database when you meant to read the "fake" repository that contains only your own email address.
Three Days Left For Our IPod Promo!
The php|a Team writes: Like all good things, our hugely popular iPod training promotion is rapidly coming to an end—in fact, there are only three days left!You can still get a free iPod in time for the holidays! With our promo, you get great live training from the convenience of your home or office and up to two free iPod Touch players!For more information, visit our iPod training promo page.
Php|architect Has A New Site!
It also features a new engine refactored to work exclusively with PHP 5.Come pay us a visit—and get free shipping! For a limited time, we're offering free shipping on all our books to the U.S. and Canada, and special prices for international orders.
Announcing November Issue Of Php|architect
Phalanger is a project that aims to bridge that gap, initially by making it possible to compile PHP code into .NET libraries, but latterly moving towards compatibility with the cross-platform Mono framework too. In this article, you will see how PHP and Phalanger can be used with the more developed of the two frameworks—.NET itself.Are fluent interfaces useful?
PHP5 Mit IMAP Unter Mac OS X
Das komplette IMAP Paket kann über deren FTP Server gezogen werden: ftp://ftp.cac.washington.edu/imap/. Dort habe ich mir das Paket imap-2006k.tar.Z heruntergeladen. Nach dem Entpacken des Paketes wird dieses zunächst per: $ make oxp für Mac OS X gebaut. Das IMAP Paket enthält eine komplette IMAP Umgebung und die Installation dafür wäre deshalb auch dementsprechend umfangreich.
More Articles:
Developing SOA And AJAX In Parallel
Two trends in applications architecture AJAX RIA (Rich Internet Applications) on the client side and service-orientation on the server side are enabling powerful enterprise solutions that can be leveraged in diverse business environments. This session will present best practices for developing SOA and AJAX RIA in parallel, focusing on design methodologies that take advantage of the synergies between the two.
AJAX, RIA, Rich Web Technologies And IPhone Developer Summit Call For Papers Deadline January 25, 2008
Is it easy yet to make AJAX applications that easily go offline? Are developers better off using an AJAX framework, a toolkit or just coding their own AJAX/JavaScript? Will JavaScript 2.0 be a success, or a dud? How can AJAX apps be made secure?
The Impact Of AJAX And RIA Live On SYS-CON.TV
AJAX is quickly emerging as the best solution for developing a new generation of functionally rich, highly interactive Web applications - Rich Internet Applications. Web 2.0 applications from companies like Google, Yahoo, and Flickr all use AJAX extensively. As a result of the success of these consumer applications, more businesses now use AJAX for delivering the same rich user experience to their customers and internal users.
AJAX Mapping For The IPhone And Blackberry
Everything imaginable from local search to gaming, house hunting to networking with friends or travel buddies, and fleet tracking to city planning - all of these can be enhanced by the ability to show maps and location information and content. The 'Where' has become a vital component of Web 2.0's new frontier.
Web After AJAX - Yahoo! News Ranks Number One
The study contains two parts: an in-depth examination of the online customer experience and an in-depth examination of technical quality or 'service levels' (site responsiveness and site reliability) of the leading news Web sites including AOL News, CNN, FOX News, Google News, MSNBC, USA Today, and Yahoo!