PageRenderTime 59ms CodeModel.GetById 26ms RepoModel.GetById 0ms app.codeStats 0ms

/archive/2007.php

http://github.com/php/web-php
PHP | 677 lines | 617 code | 60 blank | 0 comment | 20 complexity | 329122986b41b7c0bf15eb1c7c9ff7e3 MD5 | raw file
  1. <?php
  2. $_SERVER['BASE_PAGE'] = 'archive/2007.php';
  3. include_once __DIR__ . '/../include/prepend.inc';
  4. news_archive_sidebar();
  5. site_header("News Archive - 2007", array("cache" => true));
  6. ?>
  7. <h1>News Archive - 2007</h1>
  8. <p>
  9. Here are the most important news items we have published in 2007 on PHP.net.
  10. </p>
  11. <hr>
  12. <div class="newsItem">
  13. <a id="2007-11-08-1"><h1>PHP 5.2.5 Released</h1></a>
  14. <div>
  15. <span class="newsdate">[09-Nov-2007]</span>
  16. <p> The PHP development team would like to announce the immediate <a href="/downloads.php#v5">availability of PHP 5.2.5</a>. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release.</p>
  17. <p> Further details about the PHP 5.2.5 release can be found in the <a href="/releases/5_2_5.php">release announcement for 5.2.5</a>, the full list of changes is available in the <a href="/ChangeLog-5.php#5.2.5">ChangeLog for PHP 5</a>.</p>
  18. <p>
  19. <b>Security Enhancements and Fixes in PHP 5.2.5:</b>
  20. </p>
  21. <ul>
  22. <li>Fixed dl() to only accept filenames. Reported by Laurent Gaffie.</li>
  23. <li>Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.</li>
  24. <li>Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf</li>
  25. <li>Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.</li>
  26. <li>Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.</li>
  27. <li>Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).</li>
  28. <li>Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).</li>
  29. </ul>
  30. <p>For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available <a href="/migration52">here</a>, detailing the changes between those releases and PHP 5.2.5.</p>
  31. </div>
  32. </div>
  33. <hr>
  34. <?php news_image("http://www.prophp.com.br/phpconference.php", "phpconfbrasil2007.png", "São Paulo 2007"); ?>
  35. <div class="newsItem">
  36. <a id="2007-10-29-1"><h1>PHP Conference Brasil 2007</h1></a>
  37. <div>
  38. <span class="newsdate">[29-Oct-2007]</span>
  39. <p>
  40. November 30th - December 1st, Join us at the 2nd Annual PHP Conference Brasil. The event will take place at UNIFIEO in Osasco, São Paulo. This year's conference will have room for 1000 people. Its scheduled for tutorials of 3 hours, aside of speeches, cases, stands and a great catch up time for newbies and veterans.
  41. Visit <a href="http://www.prophp.com.br/phpconference.php">the website</a> for more details. Early registration with discounted price is available until November 9th.
  42. </p>
  43. </div>
  44. </div>
  45. <hr>
  46. <div class="newsItem">
  47. <a id="2007-10-03-1"><h1>The new documentation build system is ready for testing</h1></a>
  48. <div>
  49. <span class="newsdate">[03-Oct-2007]</span>
  50. <p>
  51. The PHP documentation team is pleased to announce the initial release of
  52. the new build system that generates the PHP Manual. Written in PHP, PhD
  53. (<em>[PH]P based [D]ocBook renderer</em>) builds are now available for
  54. viewing at <a href="http://docs.php.net/">docs.php.net</a>. Everyone is
  55. encouraged to test and use this system so
  56. that <a href="http://bugs.php.net/">bugs</a> will be found and squashed.
  57. </p>
  58. <p>
  59. Once the new build system is stable, expect additional changes to the PHP
  60. manual that will include an improved navigation system and styling for OOP
  61. documentation.
  62. </p>
  63. <p>
  64. Feel free to set this developmental mirror as your default by
  65. using <a href="/my.php">my.php</a>.
  66. </p>
  67. </div>
  68. </div>
  69. <hr>
  70. <?php news_image("http://www.dcphpconference.com/", "dcphpconference.2007.png", "Washington DC 2007"); ?>
  71. <div class="newsItem">
  72. <a id="2007-09-21-1"><h1>DC PHP Conference 2007</h1></a>
  73. <div>
  74. <span class="newsdate">[21-Sep-2007]</span>
  75. <p>
  76. November 7th - 9th, Join us at the 2nd Annual DC PHP Conference. The event will take place at George Washington University's Cafritz Conference Center in the heart of Washington DC. The three day conference begins November 7th and 8th with general sessions, and ends November 9th with tutorials. This year's conference will host some of the PHP Community's top speakers and developers and focus on three primary tracks:
  77. <ul><li>Scalability</li><li>Security</li><li>The Art of PHP</li></ul>
  78. Please see <a href="http://www.dcphpconference.com ">the website</a> for more details and to register. Early registration is available until mid-October.
  79. </p>
  80. </div>
  81. </div>
  82. <hr>
  83. <?php news_image("http://www.afup.org/pages/forumphp2007/", "afup2007.jpg", "Paris Forum 2007"); ?>
  84. <div class="newsItem">
  85. <a id="2007-09-20-1"><h1>Forum PHP Paris 2007</h1></a>
  86. <div>
  87. <span class="newsdate">[20-Sep-2007]</span>
  88. <p>
  89. The <a href="http://www.afup.org/">French AFUP</a> association is proud
  90. to announce the <a href="http://www.afup.org/pages/forumphp2007/">sixth annual PHP
  91. meeting in Paris</a>, on November 21st and 22nd, 2007. Developers and
  92. managers will gather to meet Rasmus Lerdorf, Andrei Zmievski and other
  93. prominent community experts for two days of sessions, packed with
  94. enterprise solutions and advanced techniques.
  95. </p>
  96. </div>
  97. </div>
  98. <hr>
  99. <div class="newsItem">
  100. <a id="2007-08-30-1"><h1>PHP 5.2.4 Released</h1></a>
  101. <div>
  102. <span class="newsdate">[30-Aug-2007]</span>
  103. <p>
  104. The PHP development team would like to announce the immediate
  105. <a href="/downloads.php#v5">availability of PHP 5.2.4</a>.
  106. This release focuses on improving the stability of the PHP 5.2.X
  107. branch with over 120 various bug fixes in addition to resolving
  108. several low priority security bugs. All users of PHP are encouraged
  109. to upgrade to this release.
  110. </p>
  111. <p>
  112. Further details about the PHP 5.2.4 release can be found in the
  113. <a href="/releases/5_2_4.php">release announcement for 5.2.4</a>, the full list of
  114. changes is available in the <a href="/ChangeLog-5.php#5.2.4">ChangeLog for PHP 5</a>.
  115. </p>
  116. <p>
  117. <b>Security Enhancements and Fixes in PHP 5.2.4:</b>
  118. </p>
  119. <ul>
  120. <li>Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)</li>
  121. <li>Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)</li>
  122. <li>Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)</li>
  123. <li>Fixed integer overflow in str[c]spn(). (Reported by Mattias Bengtsson)</li>
  124. <li>Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)</li>
  125. <li>Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)</li>
  126. <li>Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Mattias Bengtsson)</li>
  127. <li>Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz)</li>
  128. <li>Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)</li>
  129. <li>Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)</li>
  130. <li>Fixed an open_basedir bypass inside glob() function (Reported by dr at peytz dot dk)</li>
  131. <li>Fixed a possible open_basedir bypass inside session extension when the session file is a symlink (Reported by c dot i dot morris at durham dot ac dot uk)</li>
  132. <li>Improved fix for MOPB-03-2007.</li>
  133. <li>Corrected fix for CVE-2007-2872.</li>
  134. </ul>
  135. <p>
  136. For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is
  137. available <a href="/migration52">here</a>, detailing the changes between
  138. those releases and PHP 5.2.4.
  139. </p>
  140. </div>
  141. </div>
  142. <hr>
  143. <?php news_image("http://www.zendcon.com/", "zendcon07_logo_s.jpg", "Zend/PHP Conference 2007"); ?>
  144. <div class="newsItem">
  145. <a id="2007-07-25-1"><h1>Zend/PHP Conference 2007</h1></a>
  146. <div>
  147. <span class="newsdate">[25-Jul-2007]</span>
  148. <p>
  149. Don't miss the third annual Zend/PHP Conference and Expo 2007! This
  150. year's conference promises to be the best ever. Join Zend, the PHP
  151. community and leading technology companies from around the world for
  152. three days of education, learning and networking - plus an additional
  153. tutorial day. The 2007 conference will feature over 40 sessions, an
  154. exhibit hall featuring leading companies such as Adobe, IBM, PayPal and
  155. Zend, an UnConference area to stimulate impromptu discussions, and
  156. networking opportunities galore.
  157. </p>
  158. <p>
  159. ZendCon2007 will feature something for everyone from novice to
  160. advanced, business-oriented to technical-focused. You will hear from
  161. leaders in the PHP community and business experts who have implemented
  162. PHP based initiatives. Come hear from Zend as it presents a roadmap for
  163. business-critical PHP. Meet the Zend development teams. Learn more
  164. about Zend open source projects.
  165. </p>
  166. <p>
  167. ZendCon 2007 promises to be the largest gathering dedicated to PHP.
  168. Plan to attend ZendCon 2007 and join the PHP community to network and
  169. learn from the best PHP minds from around the world.
  170. </p>
  171. <p>
  172. For more information please see <a href="http://www.zendcon.com/">http://www.zendcon.com/</a>.
  173. </p>
  174. </div>
  175. </div>
  176. <hr>
  177. <?php news_image("http://works.phparch.com/c/p/index", "phpworks2007.png", "php|works 2007"); ?>
  178. <div class="newsItem">
  179. <a id="2007-07-16-01"><h1>php|works 2007 in Atlanta</h1></a>
  180. <div>
  181. <span class="newsdate">[16-Jul-2007]</span>
  182. <p>
  183. php|architect is proud to announce <a href="http://works.phparch.com">php|works 2007</a>, which will take place in Atlanta Georgia (USA) on September 12-14, 2007.
  184. </p>
  185. <p>
  186. This year, the conference once again promises to be an excellent event for PHP developers of all levels, with <a href="http://works.phparch.com/c/schedule">talks from top PHP experts</a> such as Derick Rethans, Chris Shiflett, Andrei Zmievski, Sara Golemon, and many more (and plenty of new faces, as well).
  187. </p>
  188. </div>
  189. </div>
  190. <hr>
  191. <div class="newsItem">
  192. <a id="2007-07-13-1"><h1>PHP 4 end of life announcement</h1></a>
  193. <div>
  194. <span class="newsdate">[13-Jul-2007]</span>
  195. <p>
  196. Today it is exactly three years ago since PHP 5 has been released. In
  197. those three years it has seen many improvements over PHP 4. PHP 5 is
  198. fast, stable &amp; production-ready and as PHP 6 is on the way, PHP 4
  199. will be discontinued.
  200. </p>
  201. <p>
  202. The PHP development team hereby announces that support for PHP 4 will
  203. continue until the end of this year only. After 2007-12-31 there will be no
  204. more releases of PHP 4.4. We will continue to make critical security fixes
  205. available on a case-by-case basis until 2008-08-08. Please use the rest of
  206. this year to make your application suitable to run on PHP 5.
  207. </p>
  208. <p>
  209. For documentation on migration for PHP 4 to PHP 5, we would like to point you
  210. to our <a href="/manual/en/migration5.php">migration guide</a>. There is
  211. additional information available in the <a href="/manual/en/migration51.php">PHP 5.0 to PHP 5.1</a> and <a href="/manual/en/migration52.php">PHP 5.1 to PHP 5.2</a> migration guides as
  212. well.
  213. </p>
  214. </div>
  215. </div>
  216. <hr>
  217. <div class="newsItem">
  218. <a id="2007-06-01-1"><h1>PHP 5.2.3 Released</h1></a>
  219. <div>
  220. <span class="newsdate">[01-Jun-2007]</span>
  221. <p>
  222. The PHP development team would like to announce the immediate <a href="/downloads.php#v5">availability of PHP 5.2.3</a>.
  223. This release continues to improve the security and the stability of
  224. the 5.X branch as well as addressing two regressions introduced
  225. by the previous 5.2 releases. These regressions relate to the timeout
  226. handling over non-blocking SSL connections and the lack of
  227. HTTP_RAW_POST_DATA in certain conditions. All users are encouraged to
  228. upgrade to this release.
  229. </p>
  230. <p>
  231. Further details about the PHP 5.2.3 release can be found in the
  232. <a href="/releases/5_2_3.php">release announcement for 5.2.3</a>, the full list of
  233. changes is available in the <a href="/ChangeLog-5.php#5.2.3">ChangeLog for PHP 5</a>.
  234. </p>
  235. <p>
  236. <b>Security Enhancements and Fixes in PHP 5.2.3:</b>
  237. </p>
  238. <ul>
  239. <li>Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)</li>
  240. <li>Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)</li>
  241. <li>Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)</li>
  242. <li>Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)</li>
  243. <li>Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.</li>
  244. <li>Added mysql_set_charset() to allow runtime altering of connection encoding.</li>
  245. </ul>
  246. <p>
  247. For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is
  248. available <a href="/migration52">here</a>, detailing the changes between
  249. those releases and PHP 5.2.3.
  250. </p>
  251. </div>
  252. </div>
  253. <hr>
  254. <?php news_image("http://www.wtconferences.com/2007/?q=node/1", "wtlogo_s.png", "WebTech 2007"); ?>
  255. <div class="newsItem">
  256. <a id="2007-05-19-1"><h1>WebTech 2007</h1></a>
  257. <div>
  258. <span class="newsdate">[19-May-2007]</span>
  259. <p>
  260. The 4th <a href="http://www.wtconferences.com/2007/?q=node/1">Internet technologies conference</a>
  261. will take place from June 29 till 30th in the Bulgarian seaside at city of Varna where
  262. you can combine sun, sea and technologies.
  263. </p>
  264. <p>
  265. The conference as in the previous 3 years will focus on new technologies in web programming,
  266. open source and everything that stands for IT.
  267. </p>
  268. <p>
  269. The conference is free of charge.
  270. </p>
  271. </div>
  272. </div>
  273. <hr>
  274. <div class="newsItem">
  275. <a id="2007-05-03-1"><h1>PHP 5.2.2 and PHP 4.4.7 Released</h1></a>
  276. <div>
  277. <span class="newsdate">[03-May-2007]</span>
  278. <p>
  279. The PHP development team would like to announce the immediate
  280. <a href="/downloads.php#v5">availability of PHP 5.2.2</a> and
  281. <a href="/downloads.php#v4">availability of PHP 4.4.7</a>.
  282. These releases are major stability and security enhancements of the 5.x and
  283. 4.4.x branches, and all users are strongly encouraged to upgrade to it as
  284. soon as possible. Further details about the PHP 5.2.2 release can be found
  285. in the <a href="/releases/5_2_2.php">release announcement for 5.2.2</a>,
  286. the full list of changes is available in the
  287. <a href="/ChangeLog-5.php#5.2.2">ChangeLog for PHP 5</a>. Details about
  288. the PHP 4.4.7 release can be found in the
  289. <a href="/releases/4_4_7.php">release announcement for 4.4.7</a>, the full
  290. list of changes is available in the
  291. <a href="/ChangeLog-4.php#4.4.7">ChangeLog for PHP 4</a>.
  292. </p>
  293. <p>
  294. <b>Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7:</b>
  295. </p>
  296. <ul>
  297. <li>Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)</li>
  298. <li>Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)</li>
  299. <li>Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser)</li>
  300. <li>Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser)</li>
  301. <li>Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)</li>
  302. <li>Added missing open_basedir &amp; safe_mode checks to zip:// and bzip:// wrappers. (MOPB-21 by Stefan Esser).</li>
  303. <li>Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)</li>
  304. <li>Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (by Stanislav Malyshev)</li>
  305. </ul>
  306. <p>
  307. <b>Security Enhancements and Fixes in PHP 5.2.2 only:</b>
  308. </p>
  309. <ul>
  310. <li>Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser)</li>
  311. <li>Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser)</li>
  312. <li>Fixed substr_compare and substr_count information leak (MOPB-14 by Stefan Esser) (Stas, Ilia)</li>
  313. <li>Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). (by Ilia Alshanetsky)</li>
  314. <li>Fixed a buffer overflow inside user_filter_factory_create(). (by Ilia Alshanetsky)</li>
  315. <li>Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser)</li>
  316. <li>Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser)</li>
  317. </ul>
  318. <p>
  319. <b>Security Enhancements and Fixes in PHP 4.4.7 only:</b>
  320. </p>
  321. <ul>
  322. <li>XSS in phpinfo() (MOPB-8 by Stefan Esser)</li>
  323. </ul>
  324. <p>
  325. While majority of the issues outlined above are local, in some
  326. circumstances given specific code paths they can be triggered externally.
  327. Therefor, we strongly recommend that if you use code utilizing the
  328. functions and extensions identified as having had vulnerabilities in them,
  329. you consider upgrading your PHP.
  330. </p>
  331. <p>
  332. For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is
  333. available <a href="/migration52">here</a>, detailing the changes between
  334. those releases and PHP 5.2.2.
  335. </p>
  336. <p><strong>Update: May 4th;</strong> The PHP 4.4.7 Windows build was updated due to the faulty Apache2 module shipped with the original</p>
  337. <p><strong>Update: May 23th;</strong> By accident a couple of fixes where listed as fixed in both PHP 5.2.2 and 4.4.7 but where however only fixed in PHP 5.2.2. The PHP 4 ChangeLog was not affected.</p>
  338. </div>
  339. </div>
  340. <hr>
  341. <div class="newsItem">
  342. <a id="2007-04-14-1"><h1>The PHP.net Google Summer of Code</h1></a>
  343. <div>
  344. <span class="newsdate">[14-Apr-2007]</span>
  345. <p>
  346. The PHP team is once again proud to participate in the
  347. <a href="http://code.google.com/soc/">Google Summer of Code</a>.
  348. Seven students will "flip bits instead of burgers" this summer:
  349. </p>
  350. <ul>
  351. <li>
  352. Mentored by Michael Wallner, Hannes Magnusson will work on
  353. <a href="http://wiki.phpdoc.info/LiveDocs">LiveDocs</a>, which is a
  354. "tool to display DocBook XML files in a web browser on the
  355. fly, without the need of building all HTML target files first".
  356. This project will be of great value to the PHP Documentation Team.
  357. </li>
  358. <li>
  359. The PHP Interpreter uses reference counting to keep track of which
  360. objects are no longer referenced and thus can be destroyed. A major
  361. weakness in the current implementation is that it cannot detect
  362. reference cycles, that is objects that reference each other in a
  363. circular graph structure which is not referenced itself from outside
  364. the circle. Mentored by Derick Rethans, David Wang will implement a
  365. new reference counting algorithm that will alleviate this problem.
  366. </li>
  367. <li><a href="http://xdebug.org/">Xdebug</a> provides a range of useful
  368. functionality for PHP developers, including detailed error information,
  369. code coverage and profiling support, and support for remote debugging
  370. using the GDB and DBGp protocols. Mentored by Xdebug's creator,
  371. Derick Rethans, Adam Harvey will develop a cross-platform GUI
  372. application that implements the DBGp protocol and allows PHP
  373. applications to be debugged using Xdebug in a development environment
  374. agnostic fashion.
  375. </li>
  376. <li>
  377. Mentored by Lukas Smith, Konsta Vesterinen will work on the
  378. object-relational mapper <a href="http://www.phpdoctrine.net/">Doctrine</a>.
  379. </li>
  380. <li>
  381. Mutation Testing, or Automated Error Seeding, is an approach where
  382. the testing tool makes some change to the tested code, runs the tests,
  383. and if the tests pass displays a message saying what it changed. This
  384. approach is different than code coverage analysis, because it can find
  385. code that is executed by the running of tests but not actually tested.
  386. Mentored by Sebastian Bergmann, Mike Lewis will implement Mutation
  387. Testing for <a href="http://www.phpunit.de/">PHPUnit</a>.
  388. </li>
  389. <li>
  390. Mentored by Helgi Þormar Þorbjörnsson, Igor Feghali will add support
  391. for foreign keys to
  392. <a href="http://pear.php.net/package/MDB2_Schema/">MDB2_Schema</a>,
  393. a package that "enables users to maintain RDBMS independant schema
  394. files in XML that can be used to create, alter and drop database
  395. entities and insert data into a database".
  396. </li>
  397. <li>
  398. Mentored by David Coallier, Nicolas Bérard-Nault will refactor the
  399. internals of <a href="http://www.jaws-project.com/">Jaws</a>, a
  400. Framework and Content Management System for building dynamic web sites,
  401. for PHP 6.
  402. </li>
  403. </ul>
  404. </div>
  405. </div>
  406. <hr>
  407. <div class="newsItem">
  408. <a id="2007-03-01-1"><h1>PHP 4.4.6 Released</h1></a>
  409. <div>
  410. <span class="newsdate">[01-Mar-2007]</span>
  411. <p>
  412. The PHP development team would like to announce the immediate
  413. <a href="/downloads.php#v4">availability of PHP 4.4.6</a>.
  414. </p>
  415. <p>
  416. The main issue that this release addresses is a crash problem that was
  417. introduced in PHP 4.4.5. The problem occurs when session variables are used
  418. while register_globals is enabled.
  419. </p>
  420. <p>
  421. Details about the PHP 4.4.6 release can be found in the
  422. <a href="/releases/4_4_6.php">release announcement for 4.4.6</a>,
  423. the full list of changes is available in the
  424. <a href="/ChangeLog-4.php#4.4.6">ChangeLog for PHP 4</a>.
  425. </p>
  426. </div>
  427. </div>
  428. <hr>
  429. <div class="newsItem">
  430. <a id="2007-02-08-2"><h1>PHP 5.2.1 and PHP 4.4.5 Released</h1></a>
  431. <div>
  432. <span class="newsdate">[08-Feb-2007]</span>
  433. <p>
  434. The PHP development team would like to announce the immediate
  435. <a href="/downloads.php#v5">availability of PHP 5.2.1</a> and
  436. <a href="/downloads.php#v4">availability of PHP 4.4.5</a>.
  437. These releases are major stability and security enhancements of the 5.x and
  438. 4.4.x branches, and all users are strongly encouraged to upgrade to it as
  439. soon as possible. Further details about the PHP 5.2.1 release can be found in
  440. the <a href="/releases/5_2_1.php">release announcement for 5.2.1</a>, the full list of
  441. changes is available in the <a href="/ChangeLog-5.php#5.2.1">ChangeLog for PHP
  442. 5</a>. Details about the PHP 4.4.5 release can be found in the
  443. <a href="/releases/4_4_5.php">release announcement for 4.4.5</a>, the full list of
  444. changes is available in the <a href="/ChangeLog-4.php#4.4.5">ChangeLog for PHP 4</a>.
  445. </p>
  446. <p>
  447. <b>Security Enhancements and Fixes in PHP 5.2.1 and PHP 4.4.5:</b>
  448. </p>
  449. <ul>
  450. <li>Fixed possible safe_mode &amp; open_basedir bypasses inside the session extension.</li>
  451. <li>Fixed unserialize() abuse on 64 bit systems with certain input strings.</li>
  452. <li>Fixed possible overflows and stack corruptions in the session extension.</li>
  453. <li>Fixed an underflow inside the internal sapi_header_op() function.</li>
  454. <li>Fixed non-validated resource destruction inside the shmop extension.</li>
  455. <li>Fixed a possible overflow in the str_replace() function.</li>
  456. <li>Fixed possible clobbering of super-globals in several code paths.</li>
  457. <li>Fixed a possible information disclosure inside the wddx extension.</li>
  458. <li>Fixed a possible string format vulnerability in *print() functions on 64 bit systems.</li>
  459. <li>Fixed a possible buffer overflow inside ibase_{delete,add,modify}_user() functions.</li>
  460. <li>Fixed a string format vulnerability inside the odbc_result_all() function.</li>
  461. </ul>
  462. <p>
  463. <b>Security Enhancements and Fixes in PHP 5.2.1 only:</b>
  464. </p>
  465. <ul>
  466. <li>Prevent search engines from indexing the phpinfo() page.</li>
  467. <li>Fixed a number of input processing bugs inside the filter extension.</li>
  468. <li>Fixed allocation bugs caused by attempts to allocate negative values in some code paths.</li>
  469. <li>Fixed possible stack/buffer overflows inside zip, imap &amp; sqlite extensions.</li>
  470. <li>Fixed several possible buffer overflows inside the stream filters.</li>
  471. <li>Memory limit is now enabled by default.</li>
  472. <li>Added internal heap protection.</li>
  473. <li>Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.</li>
  474. </ul>
  475. <p>
  476. <b>Security Enhancements and Fixes in PHP 4.4.5 only:</b>
  477. </p>
  478. <ul>
  479. <li>Fixed possible overflows inside zip &amp; imap extensions.</li>
  480. <li>Fixed a possible buffer overflow inside mail() function on Windows.</li>
  481. <li>Unbundled the ovrimos extension.</li>
  482. </ul>
  483. <p>
  484. The majority of the security vulnerabilities discovered and resolved can in
  485. most cases be only abused by local users and cannot be triggered remotely.
  486. However, some of the above issues can be triggered remotely in certain
  487. situations, or exploited by malicious local users on shared hosting setups
  488. utilizing PHP as an Apache module. Therefore, we strongly advise all users of
  489. PHP, regardless of the version to upgrade to the 5.2.1 or 4.4.5 releases as soon as possible.
  490. </p>
  491. <p>
  492. For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is
  493. available <a href="/migration52">here</a>, detailing the changes between
  494. those releases and PHP 5.2.1.
  495. </p>
  496. <p><strong>Update: Feb 14th;</strong> Added release information for PHP
  497. 4.4.5.</p>
  498. <p><strong>Update: Feb 12th;</strong> The Windows install package had problems
  499. with upgrading from previous PHP versions. That has now been fixed and new file
  500. posted in the <a href="/downloads.php">download section</a>.</p>
  501. </div>
  502. </div>
  503. <hr>
  504. <div class="newsItem">
  505. <a id="2007-02-08-1"><h1>The front page has changed</h1></a>
  506. <div>
  507. <span class="newsdate">[08-Feb-2007]</span>
  508. <p>
  509. The news on the front page of php.net has changed, the <a href="/conferences/">conference announcements</a> are now located on their own page.
  510. The idea is to keep php.net specific news clear and also opens the door for additional news entries, like for RC releases. More changes are on the way so keep an eye out.
  511. </p>
  512. </div>
  513. </div>
  514. <hr>
  515. <?php news_image("http://conf.phpquebec.com/en/conf2007/", "conference_php_quebec.gif", "PHP Québec conference"); ?>
  516. <div class="newsItem">
  517. <a id="2007-02-07-1"><h1>PHP Québec conference 2007</h1></a>
  518. <div>
  519. <span class="newsdate">[07-Feb-2007]</span>
  520. <p>
  521. PHP Québec is pleased to announce the <a href="http://conf.phpquebec.com/en/conf2007/">fifth edition of the PHP Québec Conference</a>.
  522. The conference will take place in Montréal, Canada on March 14-15-16th 2007. It features 2 days of
  523. <a href="http://conf.phpquebec.com/en/conf2007/horaire">technicals talks</a> and
  524. an additional day of <a href="http://conf.phpquebec.com/en/conf2007/ateliers">workshop</a>.
  525. Among the speakers, the well know PHP experts such has: Rasmus Lerdorf, Andrei
  526. Zmievski, Derick Rethans, Ilia Alshanetsky, John Coggeshall, Damien Séguy, and many more.
  527. </p>
  528. <p>
  529. The conference has three distinct tracks : Advanced Techniques, Data
  530. Availability, PHP: Beyound Theory. With over 35 sessions and workshops, the
  531. PHP Québec Conference is great opportunity to learn about the latest
  532. development and professional techniques to help you build high quality PHP
  533. software and meet with PHP.
  534. </p>
  535. <p>
  536. Special prices are available for all Open Source community members and major
  537. contributors.
  538. </p>
  539. </div>
  540. </div>
  541. <hr>
  542. <div class="newsItem">
  543. <a id="2007-02-03-1"><h1>PHP Manual Updates</h1></a>
  544. <div>
  545. <span class="newsdate">[03-Feb-2007]</span>
  546. <p>The PHP documentation team is proud to present to the PHP community a few fixes and tweaks to the <a href="/manual/en/">PHP Manual</a>, including:</p>
  547. <ul>
  548. <li>an improved, XSL-based build system that will deliver compiled manuals to mirrors in a more timely manner (goodbye dsssl)</li>
  549. <li>manual pages can now contain images (see <code><a href="/en/function.imagearc">imagearc()</a></code> for an example)</li>
  550. <li>updated function version information and capture system (fewer "no version information, might be only in CVS" messages)</li>
  551. <li>... and more to come!</li>
  552. </ul>
  553. <p>Please <a href="/about.howtohelp">help us improve the documentation</a> by <a href="http://bugs.php.net/">submitting bug reports</a>, and adding notes to undocumented functions.</p>
  554. </div>
  555. </div>
  556. <hr>
  557. <?php news_image("http://www.phpconference.co.uk/", "phplondon2007.png", "PHP London 2007"); ?>
  558. <div class="newsItem">
  559. <a id="2007-01-18-1"><h1>PHP London 2007</h1></a>
  560. <div>
  561. <span class="newsdate">[18-Jan-2007]</span>
  562. <p>
  563. After the success of 2006 the <a href="http://www.phplondon.org/">PHP London user group</a> is staging the <a href="http://www.phpconference.co.uk/">UK's second dedicated PHP conference</a> on Friday, 23 February 2007, in London. The conference will be a low-cost event, costing £50 for the day. Speakers include: Rasmus Lerdorf, Cal Evans, Simon Laws and Kevlin Henney.
  564. </p>
  565. </div>
  566. </div>
  567. <hr>
  568. <?php news_image("http://www.phparch.com/tek", "phptek2007.png", "php|tek 2007"); ?>
  569. <div class="newsItem">
  570. <a id="2007-01-12-1"><h1>Chicago php|tek 2007</h1></a>
  571. <div>
  572. <span class="newsdate">[12-Jan-2007]</span>
  573. <p>
  574. php|architect is proud to announce <a href="http://www.phparch.com/tek">php|tek 2007</a>, which will take place in Chicago, Illinois (USA) on May 16-18, 2007.
  575. </p>
  576. <p>
  577. This year, the conference once again promises to be an excellent event for PHP developers of all levels, with talks from top PHP experts such as Rasmus Lerdorf, Chris Shiflett, Andrei Zmievski, Ilia Alshanetsky, Sara Golemon, and many more.
  578. </p>
  579. </div>
  580. </div>
  581. <?php site_footer(array('elephpants' => true, 'sidebar' => $SIDEBAR_DATA));