Second maintenance release for PHP 5.3
A now available second maintenance release for PHP 5.3 fixes more than 60 bugs and closes several security holes which were already corrected in version 5.2.13, from the 5.2 branch, last week. Among the problems is a validation flaw in the
safe_mode configuration variable within the
tempnam() function that occurred when the directory path didn't end in
"/)". The developers also fixed an
open_basedir/safe_mode bypass vulnerability in the session extension.
PHP developers will also find extensions to support the cryptographic SHA-256 and SHA-512 (Secure Hash Algorithm) hash functions as well as SQLite, libmagic and PCRE libraries. Further important improvements are listed in the new version's release announcement and change log.
Introduced last summer, PHP 5.3 can be counted as one of the major updates in the history of PHP, its scope being similar to that of the version jump from PHP 4 to PHP 5. Many of the features planned for PHP 6 have already been integrated into the current development line, which contains numerous basic extensions and many new functions. Among these improvements are the support of namespaces, PHAR archives, lambda functions and closures classes, nowdoc syntax elements, and goto instructions.