Arieh
Verified User
PHP 5.5.20 is released
The PHP development team announces the immediate availability of PHP 5.5.20. This release fixes several bugs and one CVE related to unserialization. All PHP 5.5 users are encouraged to upgrade to this version.
For source downloads of PHP 5.5.20 please visit our downloads page, Windows binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.
Version 5.5.20
18 Dec 2014
Core:
Fixed bug #68091 (Some Zend headers lack appropriate extern "C" blocks).
Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly triggered).
Fixed bug #68370 ("unset($this)" can make the program crash).
Fixed bug #68545 (NULL pointer dereference in unserialize.c).
Fixed bug #68594 (Use after free vulnerability in unserialize())(CVE-2014-8142).
Date:
Fixed day_of_week function as it could sometimes return negative values internally.
FPM:
Fixed bug #68381 (fpm_unix_init_main ignores log_level).
Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all addresses).
Fixed bug #68421 (access.format='%R' doesn't log ipv6 address).
Fixed bug #68423 (PHP-FPM will no longer load all pools).
Fixed bug #68428 (listen.allowed_clients is IPv4 only).
Fixed bug #68452 (php-fpm man page is oudated).
Fixed bug #68458 (Change pm.start_servers default warning to notice).
Fixed bug #68463 (listen.allowed_clients can silently result in no allowed access).
Fixed bug #68391 (php-fpm conf files loading order).
Fixed bug #68478 (access.log don't use prefix).
Mcrypt:
Fixed possible read after end of buffer and use after free.
PDO_pgsql:
Fixed bug #66584 (Segmentation fault on statement deallocation).
Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception when not in transaction).
Fixed bug #68351 (PDO:ARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving).
zlib:
Fixed bug #53829 (Compiling PHP with large file support will replace function gzopen by gzopen64).