The PHP development team at PHP.net recently released version 5.2.12.
The new release was developed to improve the stability of the PHP 5.2.x branch, address some minor bugs, and enhance security. The popular PHP scripting language is used on an estimated 20 million websites, including ecommerce sites using WordPress, Magento, Zen Cart, and dozens of other leading shopping carts and ecommerce platforms.
Key Enhancements in PHP 5.2.12
- Fixed unnecessary invocation of setitimer when timeouts have been disabled.
- Fixed crash in comprinttypeinfo when an invalid typelib is given.
- Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection.
- Fixed crash when instantiating PDORow and PDOStatement through Reflection.
- Fixed memory leak in opensslpkcs12exporttofile().
- Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit Linux).
- Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database).
- Fixed bug #50006 (Segfault caused by uksort()).
- Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault).
- Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property).
- Fixed bug #49098 (mysqli segfault on error).
Security Enhancements and Fixes in PHP 5.2.12
- Fixed a safe_mode bypass in tempnam().
- Fixed an openbasedir bypass in posixmkfifo().
- Added "maxfileuploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
- Added protection for $SESSION from interrupt corruption and improved "session.savepath" check.
Leading contributors to the upgrade included Rasmus Lerdorf, Felipe Pena, Arvind Srinivasan, Ilia Alshanetsky, and Moriyoshi Koizumi.
