近日PHP 5.3.6 版本已经发布。
该版本修复了60多个bug,其中很多是安全相关问题。
安全性增强和bug修复如下:
* Enforce security in the fastcgi protocol parsing with fpm SAPI.
* Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153)
* Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092)
* Fixed bug #54055 (buffer overrun with high values for precision ini setting).
* Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708)
* Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)
主要改进如下:
* Upgraded bundled Sqlite3 to version 3.7.4.
* Upgraded bundled PCRE to version 8.11.
* Added ability to connect to HTTPS sites through proxy with basic authentication using stream_context/http/header/Proxy-Authorization.
* Added options to debug backtrace functions.
* Changed default value of ini directive serialize_precision from 100 to 17.