PHP 5.5.35 发布了,这是一个安全补丁版本,修复了很多安全相关的问题,所有 PHP 5.5 的用户建议尽快升级。
源码下载请访问 downloads page ,Windows 二进制版本下载 windows.php.net/download/ 。
完整的改进记录请看 ChangeLog 。
-
Core:
-
Fixed bug #69537 (__debugInfo with empty string for key gives error).
-
Fixed bug #71841 (EG(error_zval) is not handled well).
-
BCmath:
-
Fixed bug #72093 (bcpowmod accepts negative scale and corrupts _one_ definition).
-
Curl:
-
Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string).
-
Date:
-
Fixed bug #71889 (DateInterval::format Segmentation fault).
-
EXIF:
-
Fixed bug #72094 (Out of bounds heap read access in exif header processing).
-
GD:
-
Fixed bug #71952 (Corruption inside imageaffinematrixget).
-
Fixed bug #71912 (libgd: signedness vulnerability).
-
Intl:
-
Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative offset).
-
OCI8:
-
Fixed bug #71422 (Fix ORA-01438: value larger than specified precision allowed for this column).
-
ODBC:
-
Fixed bug #63171 (Script hangs after max_execution_time).
-
Opcache:
-
Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).
-
PDO:
-
Fixed bug #52098 (Own PDOStatement implementation ignore __call()).
-
Fixed bug #71447 (Quotes inside comments not properly handled).
-
Postgres:
-
Fixed bug #71820 (pg_fetch_object binds parameters before call constructor).
-
SPL:
-
Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails offsetExists()).
-
Standard:
-
Fixed bug #71840 (Unserialize accepts wrongly data).
-
Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or _REENTRANT is not defined).
-
XML:
-
Fixed bug #72099 (xml_parse_into_struct segmentation fault).