PHP5.3.9的安全改进和修复主要包括:
- 在hash碰撞的基础上增加max_input_vars来防止冲撞
- 修复了bug #60150
PHP5.3.9主要的改进包括
- 修复了bug #55475
- 修复了bug #55609
- 改进了FPM SAPI 模块
官方网站原文如下:
Security Enhancements and Fixes in PHP 5.3.9:
- Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885)
- Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566)
Key enhancements in PHP 5.3.9 include:
- Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of).
- Fixed bug #55609 (mysqlnd cannot be built shared)
- Many changes to the FPM SAPI module