We will be updating all servers running PHP 5.2.14 this weekend with PHP 5.2.15.
 
This would take place as far as possible during the off-peak hours. No reboot is required to complete the update. The downtime should not exceed 5-10 minutes and it will be minimize as much as possible.


This upgrade is scheduled as follows:
 
Date: 8 January 2011 (Saturday) to 10 January 2011 (Monday)
 
Time: Between 2AM and 8AM EST

This release focuses on improving the stability of the PHP 5.2.15 branch with bug fixes, some of which are security and enhancement related.
 

Security Enhancements and Fixes in PHP 5.2.15:
 

  • Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. (jorto at redhat dot com)
  • Fixed crash in zip extract method (possible CWE-170). (Maksymilian Arciemowicz, Pierre)
  • Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia)
  • Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
  • Fixed possible crash in mssql_fetch_batch(). (Kalle)
  • Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). (Maksymilian Arciemowicz)
  • Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre)
  • Fixed bug #53323 (pdo_firebird getAttribute() crash). (preeves at ibphoenix dot com)
  • Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data). (CVE-2010-3709). (Adam)
  • Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry)
  • Fixed bug #52772 (var_dump() doesn't check for the existence of get_class_name before calling it). (Kalle, Gustavo)
  • Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values). (Felipe, Adam)
  • Fixed bug #52436 (Compile error if systems do not have stdint.h) (Sriram Natarajan)
  • Fixed bug #52390 (mysqli_report() should be per-request setting). (Kalle)
  • Fixed bug #51008 (Zend/tests/bug45877.phpt fails). (Dmitry)
    •
 
Key enhancements in PHP 5.2.15 include:
  •  
    • Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4).
    • Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object).
      •
Important Note to all users currently on PHP 5.2 branch
 
========================================================
 
PHP 5.2.15 focus on improving the stability with several bugs fixes, including security fixes. This release marks the end of the active support for PHP 5.2. Following this release the PHP 5.2 series will receive no further active bug maintenance. Security fixes for PHP 5.2 might be published on a case by cases basis. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.
 
On the 5.3 branch, the 5.3.4 released with over 100 bug fixes, some of which are security related. All users are encouraged to upgrade to this release. There is a backwards incompatible change between 5.3.3 and 5.3.4 in namespaces : Methods with the same name as the last element of a namespaced class name will no longer be treated as constructor. This change doesn't affect non-namespaced classes.
 
 
There is no impact on migration from 5.2.x because namespaces were only introduced in PHP 5.3.
 


Thursday, January 6, 2011

« Back

Powered by WHMCompleteSolution