PHP 今天发布两个更新版本,分别是 5.4.35 和 5.6.3 版本,这都是 bugfix 版本,其中 5.6.3 还修复了一个 fileinfo 扩展方面的漏洞。5.4.35 修复了一个安全漏洞 CVE-2014-3710 ,建议所有 5.4 的用户升级到该版本。 PHP 5.4.35 改进记录: Core: Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy). Fileinfo: Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710) GMP: Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP). PDO_pgsql: Fixed bug #66584 (Segmentation fault on statement deallocation). PHP 5.6.3 改进记录: Core: Implemented 64-bit format codes for pack() and unpack(). Fixed bug #51800 (proc_open on Windows hangs forever). Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write). Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)). Fixed bug #67949 (DOMNodeList elements should be accessible through array notation) (Florian) Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in php_getopt()). Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). Fixed bug #68129 (parse_url() - incomplete support for empty usernames and passwords) (Tjerk) Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy). CURL: Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus) Fileinfo: Fixed bug #66242 (libmagic: don't assume char is signed). Fixed bug #68224 (buffer-overflow in libmagic/readcdf.c caught by AddressSanitizer). Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). FPM: Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass). Implemented FR #55508 (listen and listen.allowed_clients should take IPv6 addresses). GD: Fixed bug #65171 (imagescale() fails without height param). GMP: Implemented gmp_random_range() and gmp_random_bits(). Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP). Mysqli: Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande) ODBC: Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by a VARCHAR column) (Keyur Govande) OpenSSL: Fixed bug #68074 (Allow to use system cipher list instead of hardcoded value). PDO_pgsql: Fixed bug #68199 (PDO:gsqlGetNotify doesn't support NOTIFY payloads) (Matteo, Alain Laporte) Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo) Reflection: Fixed bug #68103 (Duplicate entry in Reflection for class alias). SPL: Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk) PHP 5.4.35/5.6.3 发布下载地址
