PHP 4.3.11 and 5.0.4 released

The PHP Development Team would like to announce the immediate release of PHP 4.3.11 and 5.0.4. These are maintenance releases that in addition to fixing over 70 non-critical bugs, address several security issues. The addressed security issues include fixes to the exif and fbsql extensions, as well as fixes to unserialize(), swf_definepoly() and getimagesize()……All users of PHP are strongly encouraged to upgrade to this release.

Aside from the above mentioned issues this release includes the following important fixes:

* Crash in bzopen() if supplied path to non-existent file.

  * DOM crashing when attribute appended to Document.

  * unserialize() float problem on non-English locales.

  * Crash in msg_send() when non-string is stored without being serialized.

  * Possible infinite loop in imap_mail_compose().

  * Fixed crash in chunk_split(), when chunklen > strlen.

  * session_set_save_handler crashes PHP when supplied non-existent object reference.

  * Memory leak in zend_language_scanner.c.

  * Compile failures of zend_strtod.c.

  * Fixed crash in overloaded objects & overload() function.

  * cURL functions bypass open_basedir.

The PHP Development Team would like to thank all the people who have identified the security faults in PHP and helped us address them.

Download