PHP 5.3.8 fixes cryptographic function bug
As expected, the PHP developers have issued version 5.3.8 of the PHP scripting language to address a serious bug found in the previous release. PHP 5.3.8 fixes a bug introduced by the 5.3.7 security update that caused the crypt() function to fail if an MD5 salt was given as an argument. The function is used to hash a string, typically a password, but instead of returning the hashed string, the function merely returned the salt itself.
The update also corrects a bug that caused mysqlnd SSL connections to hang. The developers note that the PHP 5.2.x series is no longer supported, adding that all users are strongly encouraged to upgrade to this latest stable release.
Further information about the update can be found in the official release announcement and in the change log. PHP 5.3.8 source code and Windows binaries are available to download from the project's site. PHP is made available under the PHP License v3.01.
- PHP 5.3.7 update closes security holes, a report from The H.