PHP 5.2.5 Released

smtalk

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
10,629
Location
LT, EU
The PHP development team would like to announce the immediate availability of PHP 5.2.5. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release. Further details about the PHP 5.2.5 release can be found in the release announcement for 5.2.5, the full list of changes is available in the ChangeLog for PHP 5.


Security Enhancements and Fixes in PHP 5.2.5:
  • Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
  • Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.
  • Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf
  • Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
  • Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.
  • Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).
  • Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).
 
Thanks for the update, will "mail-header.patch for 5.2.4" works with php 5.2.5 ?
 
Yes, it will :) Just change 5.2.4 with 5.2.5 (filename and few entries in the file).
 
cd /usr/local/directadmin/custombuild
perl -pi -e 's/5.2.4/5.2.5/' build
./build update_data
./build php n
 
Note:

I think the ioncube runtime loader for php 5.2.x are not compatible with 5.2.5.. (64 bit).

There is a topic with the same troubles but thats on a Windows machine.

I dont found a solution on the ioncube forums.

Im downgrading back to 5.2.4 :D
 
spirit said:
Note:

I think the ioncube runtime loader for php 5.2.x are not compatible with 5.2.5.. (64 bit).

There is a topic with the same troubles but thats on a Windows machine.

I dont found a solution on the ioncube forums.

Im downgrading back to 5.2.4 :D
Click to expand...

Updated to php 5.2.5 on centOS 4.5 x64 :

# php -v
PHP 5.2.5 (cli) (built: Nov 10 2007 14:08:30)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
with the ionCube PHP Loader v3.1.32, Copyright (c) 2002-2007, by ionCube Ltd., and
with XCache v1.2.1, Copyright (c) 2005-2007, by mOo
Click to expand...

I think ioncube is working fine for me?
 
Ok now i know it is not a problem with the ioncube loaders.

Ioncube said:
The Loaders work fine for PHP 5.2.5, however there is a change in PHP where the dl() function can only be a name and not a path, therefore requiring the Loader to be installed in the php.ini file.
Click to expand...

It's working fine now!
 
Thanks ITDevil... already installed it afterwards anyhow and ioncube does appear to be fine. Client that uses ioncube isnt using it at the moment anyhow so not a issue really.

Thanks for reply tho guys.

Nath.
 
You must log in or register to reply here.
Back
Top