In association with heise online

22 August 2011, 12:44

PHP users warned not to upgrade to 5.3.7

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

PHP Logo The PHP developers have warned users not to upgrade to the latest stable branch release of the PHP scripting language due to a serious bug. In PHP 5.3.7, a security and maintenance update from last week, the crypt() function that is used to hash a string – typically a password – fails if an MD5 salt is given as an argument. In that case, instead of returning the hashed string, the function merely returns the salt itself.

The developers note that "DES and BLOWFISH salts work as expected". Until an update that fixes the bug is made available, the developers advise users not to upgrade to 5.3.7; version 5.3.8 is expected to arrive in the next "few days".

Update 24-08-11: PHP 5.3.8 has now been released.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit