PHP 5.4.35/5.6.3 发布

PHP 今天发布两个更新版本，分别是 5.4.35 和 5.6.3 版本，这都是 bugfix 版本，其中 5.6.3 还修复了一个 fileinfo 扩展方面的漏洞。5.4.35 修复了一个安全漏洞 CVE-2014-3710 ，建议所有 5.4 的用户升级到该版本

PHP 今天发布两个更新版本，分别是 5.4.35 和 5.6.3 版本，这都是 bugfix 版本，其中 5.6.3 还修复了一个 fileinfo 扩展方面的漏洞。5.4.35 修复了一个安全漏洞 CVE-2014-3710 ，建议所有 5.4 的用户升级到该版本。

PHP（外文名: Hypertext Preprocessor，中文名：“超文本预处理器”）是一种通用开源脚本语言。语法吸收了C语言、Java和Perl的特点，入门门槛较低，易于学习，使用广泛，主要适用于Web开发领域。PHP的文件后缀名为php。

PHP 5.4.35 改进记录：

• Core:
  • Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
• Fileinfo:
  • Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
• GMP:
  • Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
• PDO_pgsql:
  • Fixed bug #66584 (Segmentation fault on statement deallocation).

PHP 5.6.3 改进记录：

• Core:
  • Implemented 64-bit format codes for pack() and unpack().
  • Fixed bug #51800 (proc_open on Windows hangs forever).
  • Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write).
  • Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)).
  • Fixed bug #67949 (DOMNodeList elements should be accessible through array notation) (Florian)
  • Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in php_getopt()).
  • Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined).
  • Fixed bug #68129 (parse_url() - incomplete support for empty usernames and passwords) (Tjerk)
  • Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
• CURL:
  • Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus)
• Fileinfo:
  • Fixed bug #66242 (libmagic: don't assume char is signed).
  • Fixed bug #68224 (buffer-overflow in libmagic/readcdf.c caught by AddressSanitizer).
  • Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers).
• FPM:
  • Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass).
  • Implemented FR #55508 (listen and listen.allowed_clients should take IPv6 addresses).
• GD:
  • Fixed bug #65171 (imagescale() fails without height param).
• GMP:
  • Implemented gmp_random_range() and gmp_random_bits().
  • Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
• Mysqli:
  • Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande)
• ODBC:
  • Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by a VARCHAR column) (Keyur Govande)
• OpenSSL:
  • Fixed bug #68074 (Allow to use system cipher list instead of hardcoded value).
• PDO_pgsql:
  • Fixed bug #68199 (PDO::pgsqlGetNotify doesn't support NOTIFY payloads) (Matteo, Alain Laporte)
  • Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)
• Reflection:
  • Fixed bug #68103 (Duplicate entry in Reflection for class alias).
• SPL:
  • Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk)