PHP 5.2.12 Released!

The PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.12: - Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) - Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) - Added "max_file_uploads" INI directive, whic

PHP 5.2.11 Released!

The PHP development team would like to announce the immediate availability of PHP 5.2.11. This release focuses on improving the stability of the PHP 5.2.x branch with over 75 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.11: Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia) Fixed sanity check for the color index in imagecolortransparent(). (Pierre) Added missing sanity checks around exif processing. (Ilia) Fixed bu

PHP 5.2.10 Released!

The PHP development team would like to announce the immediate availability of PHP 5.2.10. This release focuses on improving the stability of the PHP 5.2.x branch with over 100 bug fixes, one of which is security related. All users of PHP are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.10: Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). Key enhancements in PHP 5.2.10 include: Added "ignore_errors" option to http fopen wrapper. Fixed memory corruptions while reading properties of zip files. Fixed

PHP 5.2.7 Released

The PHP development team would like to announce the immediate availability of PHP 5.2.7. This release focuses on improving the stability of the PHP 5.2.x branch with over 170 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.7: * Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371) * Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz. * Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658). * Fixed a possible

PHP 4.4.8 Released!

Hello! The PHP development team would like to announce the immediate availability of PHP 4.4.8. It continues to improve the security and the stability of the 4.4 branch and all users are strongly encouraged to upgrade to it as soon as possible. This release wraps up all the outstanding patches for the PHP 4.4 series, and is therefore the last normal PHP 4.4 release. If necessary, releases to address security issues could be made until 2008-08-08. A separate release announcement is also available. For changes in PHP 4.4.8 since PHP 4.4.7, please consult the PHP 4 ChangeLog.

PHP 5.2.3 Released

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The PHP development team would like to announce the immediate availability of PHP 5.2.3. This release continues to improve the security and the stability of the 5.X branch as well as addressing two regressions introduced by the previous 5.2 releases. These regressions relate to the timeout handling over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in certain conditions. All users are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.3 - ------------------------------------

PHP 4.4.6 Released!

Hello! The PHP development team would like to announce the immediate availability of PHP 4.4.6. This release addresses a crash problem with the session extension when register_globals is turned on that was introduced in PHP 4.4.6. This release comes also with the new version 7.0 of PCRE and it addresses a number of minor bugs. A separate release announcement is also available. For changes in PHP 4.4.6 since PHP 4.4.5, please consult the PHP 4 ChangeLog. Release Announcement: http://www.php.net/release_4_4_6.php Downloads: http://www.php.net/downloads.php#v4 Ch

PHP 5.2.1 Released!

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The PHP development team would like to announce the immediate availability of PHP 5.2.1. This release is a major stability and security enhancement of the 5.X branch, and all users are strongly encouraged to upgrade to it as soon as possible. Security Enhancements and Fixes in PHP 5.2.1: * Fixed possible safe_mode & open_basedir bypasses inside the session extension. * Prevent searchs engine from indexing the phpinfo() page. * Fixed a number of input processing bugs inside the filter extension. * Fixed unserialize() abuse o

PHP 4.4.4 and 5.1.5 Released!

Hello, PHP development team would like to announce the immediate availability of PHP 5.1.5 and PHP 4.4.4. The two releases address a series of security problems discovered since PHP 5.1.4 and 4.4.3, respectively. These include the following: - Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. - Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems. - Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5.1.5 with realpath cache. - Fixed overflow in GD ext

PHP 4.4.2 released!

Hello! The PHP Development Team would like to announce the immediate release of PHP 4.4.2. This is a maintenance release that addresses a number of minor security problems and fixes a few regressions that shown up in PHP 4.4.1. All users of PHP 4 are recommended to upgrade to PHP 4.4.2. A separate release announcement is also available. For changes in PHP 4.4.2 since PHP 4.4.1, please consult the PHP 4 ChangeLog. Release Announcement: http://www.php.net/release_4_4_2.php Downloads: http://www.php.net/downloads.php#v4 Changelog: http://www.php.net/Chang

PHP 5.1.1 Released!

The PHP Development Team would like to announce the immediate release of PHP 5.1.1. This is a regression correction release aimed at addressing several issues that may cause issues for some applications. The main fixes found in this release include the following: * Native date class is withdrawn to prevent namespace conflict with PEAR's date package. * Fixed fatal parse error when the last line of the script is a PHP comment. * eval() hangs when the code being evaluated ends with a comment. * Usage of \{$var} in PHP 5.1.0 resulted in the output of {$var} instead of the $var varia

PHP 4.4.1 has been released

Hello! PHP 4.4.1 is now available for download [1]. This version is a maintenance release, that contains numerous bug fixes, including a number of security fixes related to the overwriting of the GLOBALS array. All users of PHP 4.3 and 4.4 are encouraged to upgrade to this version. The full list of changes in PHP 4.4.1 is available in the PHP 4 ChangeLog [2] and a list with the most important changes is available through the release announcement [3]. [1] http://php.net/downloads.php#v4 [2] http://php.net/ChangeLog-4.php#4.1.1 [3] http://php.net/release_4_4_1.php regar

PHP 4.3.11 & 5.0.4 Released!

The PHP Development Team would like to announce the immediate release of PHP 4.3.11 and 5.0.4. These are maintenance releases that in addition to fixing over 70 non-critical bugs, address several security issues. The addressed security issues include fixes to the exif and fbsql extensions, as well as fixes to unserialize(), swf_definepoly() and getimagesize(). All users of PHP are strongly encouraged to upgrade to this release. Aside from the above mentioned issues this release includes the following important fixes: * Crash in bzopen() if supplied path to non-existent fi

PHP 5.0.2 Released

The PHP Development Team is proud to announce the immediate release of PHP 5.0.2. This is a maintenance release that in addition to many non-critical bug fixes, addresses a problem with GPC input processing. All Users of PHP 5 are encouraged to upgrade to this release as soon as possible. For changes since PHP 5.0.1, please consult the Changelog (http://www.php.net/ChangeLog-5.php#5.0.2) Enjoy, PHP Development Team

PHP 5.0.1 Released!

The PHP Development Team is glad to announce the release of PHP 5.0.1. This release is a maintenance release consisting mainly of bug fixes. It also includes new installation docs which are now auto-generated directly from the PHP Manual (INSTALL in the UNIX source package, install.txt in the Windows binary distribution both available at http://www.php.net/downloads.php) A full list of changes can be found at http://www.php.net/ChangeLog-5.php#5.0.1 Enjoy, PHP Development Team

PHP 4.3.8 Released

=2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP Development Team is would like to announce the immediate availability o= f=20 PHP 4.3.8. This release is made in response to several security issues that= =20 have been discovered since the 4.3.7 release. All users of PHP are strongly= =20 encouraged to upgrade to PHP 4.3.8 as soon as possible. PHP 5.0 is not affected by these security issues. PHP Development Team. =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFA9GOeLKekh381/CERAhLXAKCMNvmY4sMDZmG0ZydKRMq0TNNxrwCgncWS 0jUmaBrYXP6PKDlI2T9lGLo=3D

PHP 4.3.6 Released

PHP Development Team is proud to announce the release of PHP 4.3.6. This is is a bug fix release whose primary goal is to address two bugs which may result in crashes in PHP builds with thread-safety enabled. All users of PHP in a threaded environment (Windows) are strongly encouraged to upgrade to this release. Aside from the above mentioned issues this release includes the following important fixes: - Updated bundled PDFLib library to version 5.0.3p1 in Windows distribution. - Synchronized bundled GD library with GD 2.0.22. - Fixed bugs that prevented building of GD extensio

PHP 5 Release Candidate 1

The PHP development team is proud to announce the release of PHP 5 Release Candidate 1. Some of the key features of PHP 5 include: - The Zend Engine II with a new object model and dozens of new features. - XML support has been completely redone in PHP 5, all extensions are now focused around the excellent libxml2 library (http://www.xmlsoft.org/). - A new MySQL extension named MySQLi for developers using MySQL 4.1 and later. Additionally to a functional interface this new extension also includes an object-oriented interfaced and support for many of MySQL's new features such as

PHP 4.3.4 Released

PHP 4.3.4 has been released. The focus of this release was the resolution of bugs and at the time of release some 70 bugs were resolved. All users are encouraged to upgrade to 4.3.4. PHP 4.3.4 contains, among others, following important fixes: * Fixed disk_total_space() and disk_free_space() under FreeBSD. * Fixed FastCGI being unable to bind to a specific IP. * Fixed several bugs in mail() implementation on win32. * Fixed crashes in a number of functions. * Fixed compile failure on MacOSX 10.3 Panther. Enjoy, PHP Development Team.

PHP 4.3.3 released

=2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After a lengthy QA process, PHP 4.3.3 is finally out! This maintenance release solves a fair number of bugs found in prior PHP versions and addresses several security issues. All users are *strongly* advised to upgrade to 4.3.3 as soon as possible. PHP 4.3.3 contains, among others, following important fixes, additions and improvements: * Improved the engine to use POSIX/socket IO where feasible. * Fixed several potentially hazardous integer and buffer overflows. * Fixed corruption of multibyte character including 0x5c as second by

PHP 4.3.2 released

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After a lengthy QA process, PHP 4.3.2 is finally out! This maintenance release solves a lot of bugs found in earlier PHP versions and is a *strongly* recommended upgrade for all PHP users. PHP 4.3.2 contains, among others, following important fixes, additions and improvements: * Fixes several potentially hazardous integer and buffer overflows. * Fixes for several 64-bit problems. * New Apache 2.0 SAPI module (sapi/apache2handler, enabled with --with-apxs2). * New session_regenerate_id() function. (Imp

PHP 4.2.3 released

PHP 4.2.3 has been released. It is a maintenance release and includes a large number of fixes for the previous 4.2.2 version. 4.2.3 is a recommended upgrade for all users of PHP, and particularly Windows users. Full list of changes: - Enabled strcoll() on win32. (Markus) - Fixed possible ASCII control char injection in mail(). (Stefan Esser) - Fixed a potential crash bug in import_request_variables() (Zeev) - Fixed several problems with directory functions on Windows. (Steph) - Fixed xbithack bug in Apache module. (Rasmus) - Fixed a bug that prevented touch() from working on var

PHP 4.2.0 Release Announcement

The PHP Group is happy to announce the immediate availability of PHP 4.2.0, the latest version of the widely-used, general-purpose scripting language that is especially well-suited for Web development. This latest release contains over one hundred changes, bug fixes and improvements over the previous release, PHP 4.1.2. Among the highlights are experimental support for Apache 2, cleanups in variable handling and overhauls of various PHP components, including the domxml, posix, sockets and iconv extensions. For more information, see below: -------------------------------

PHP 4.1.0 released

After a lengthy QA process, PHP 4.1.0 is finally out. Download at http://www.php.net/downloads.php ! PHP 4.1.0 includes several other key improvements: - A new input interface for improved security (read below) - Highly improved performance in general - Revolutionary performance and stability improvements under Windows. The multithreaded server modules under Windows (ISAPI, Apache, etc.) perform as much as 30 times faster under load! We want to thank Brett Brewer and his team in Microsoft for working with us to improve PHP for Windows. - Versioning support for extensions. Ri

PHP-GTK v0.1 released

PHP-GTK version 0.1 "the void which binds" has been released. It can be downloaded from http://gtk.php.net/. The changes in this version include: - added GDK keysyms constants. - fixed bug with GtkStyle::copy() that was not returning the result properly. - implemented support for struct based classes (GdkRectangle, GtkAllocation, GtkRequisition, etc). - finished drag-n-drop support. - ported Scribble example from C. - modified GdkWindow::get_pointer() to be simpler, without XInput support. - changed 'area' event property to be a GdkRectangle.

[ANNOUNCE] PHP 4.0.4 released

The PHP Group is pleased to announce the release of the fourth maintenance release of PHP 4.0. The PHP Group has adopted extended procedures to improve the overall quality and reliability of the release process and the resulting software. This release has undergone strict testing by our new QA team to ensure that this is the most stable release ever on all supported platforms. It includes improvements for a large number of defects and numerous enhancements in the PHP core, the language implementation and extensions. The source distribution is immediately availabl

PHP 4.0.3 released

PHP 4.0.3 has been released. 4.0.3 is mostly a security-oriented maintenance release, therefore it's *strongly* recommended for all users of PHP to upgrade to it. Source: http://www.php.net/do_download.php?download_file=php-4.0.3.tar.gz Win32 binaries: http://www.php.net/do_download.php?download_file=php-4.0.3-Win32.zip You'd notice that the 4.0.3 Win32 distribution is beefed up with a lot of loadable modules. The extensive build is courtesy of Daniel Beulshausen - thanks! The full list of changes is enclosed. Zeev 11 Oct 2000, Version 4.0.3 - Fixed a possible cr

PHP 4.0.2 Released

PHP 4.0.2 has been released. This is a maintenance version, with no big=20 revolutions. It mostly features many bug fixes, some new functionality,=20 and increased performance under certain circumstances. Users that are=20 happy with PHP 4.0.1pl2 that aren't experiencing any of the problems that=20 were fixed, and don't need the new functionality, don't necessarily have to= =20 upgrade - even though 4.0.2 is a recommended upgrade. As for PHP 3.0 users, well, time to sync in :) I'd like to take this=20 opportunity to strongly urge people to upgrade to PHP 4.0. The number of=20 r

PHP 4.0.0 Released

After over one and a half years of development, PHP 4.0.0 has finally been released. The amount of improvements is so huge that there's no chance I'll even remember a fragment of them. Suffice to say that it's definitely worth the upgrade! http://www.php.net/ Enjoy! Zeev -- Zeev Suraski <zeev@zend.com> http://www.zend.com/

PHP 4.0RC2 released

The PHP Group is proud to announce the release of the second release candidate of the upcoming PHP 4.0. Highlights of this release include support for new web servers (Zeus, Netscape Enterprise Server, Apache Win32), improved portability of the Unix build framework and tons of bug fixes. We expect this to be the final release candidate before the release of PHP 4.0. The source tarball and a Win32 binary build are available immediately from the PHP homepage. http://www.php.net/version4/ The NEWS file contains all user-visible

PHP 3.0.15 released

February 25, 2000. PHP 3.0.15 fixes a couple of issues and addresses some security concerns. If you are using PHP's safe mode feature, you are urged to upgrade to the latest release. More information will be posted later. PHP 3.0.15 is available in source form and binary form (for Win32). Download URL: <URL:http://www.php.net/download-php.php3> Mirrors: <URL:http://www.php.net/mirrors.php3> Changes since 3.0.14: - Fixed crash in preg_match_all(). (Andrei) - Backported safe_mode_protected_env_vars and s

PHP Template Engine Request For Participation

Hello, I have set up a mailing list to discuss the design for the built-in PHP template engine. To read the introduction to the proposed design, point your browsers to http://va.php.net/~andrei/tpl-engine.txt. If you would like to participate, join the list by sending email to php-template-subscribe@lists.php.net. See you there! -Andrei "C combines all the power of assembly language with all the ease of use of assembly language" -- trad

MySQL module for the Win32 PHP 4 Beta 3 binaries posted!

Win32 users, You can download the MySQL module for the Win32 Beta 3 from http://www.php.net/version4/downloads.php Andi --- Andi Gutmans <andi@zend.com> http://www.zend.com/

PHP 4.0b3 released

After three more months of development, PHP 4.0b3 is released. The highlights are Java support, new build system (for UNIX), support for multi-dimensional get/post/cookie data, object (de)serialization, AOLserver support and a new and faster way of passing function parameters is now used by the bundled extensions. There is of course a ton of other bux fixes and improvements too. Get it from http://www.php.net/version4/downloads.php From the NEWS (previously ChangeLog) file: November 16 1999, Version 4.0 Beta 3 - ucfirst()/ucwords() no longer modify arg1. (Thies) - Fixed strtr(

PHP 4.0 Beta 2 binaries for Win32 released

A little later than announced, I finally took the time to work on the Win32 distribution of Beta 2. A couple of bugs that prevented Beta 1 from successfully loading dynamic modules have been fixed, and one sample dynamic module has been packaged (MySQL). Another new feature is that the package now includes installation instructions for IIS 4.0. Get it while it's hot - http://www.php.net/version4/downloads.php Zeev P.S.: I did my best to include all the necessary files in the distribution. However, since my box is a development box and has many libraries and packages

PHP 3.0.12 Released

Nothing major in this release. Mostly bug fixes. Support for the new gd-1.6, Internet Time, FreeType2 support, Max OS X build fixes, LDAP error functions, some new imap functions, socket io bug fixes, RH6 apxs build fix and support for the upcoming Apache-1.3.7. See the ChangeLog for a full list of the changes. -Rasmus

ANN: PHP Knowledge Base and Mailing List

The PHP Knowledge Base and it's associated mailing list are now operational! The knowledge base is a growing collection of PHP related information in a searchable question and answer format. Anyone can contribute, and everyone is encouraged to do so. Visit the knowledge base at: http://e-gineer.com/phpkb/ This daily announce style mailing list is aimed at PHP developers who want to stay in touch but do not like receiving 100+ emails each day. Each message will consist of 4 parts: - intro with a focus on interesting developments on the main list - a summary of new kn

PHP 3.0.10 Released June 25th

PHP Version 3.0.10 has been released (both as source and Windows binaries). Many more bug fixes, including the last of the fsockopen() and URL fopen() problems, we hope. The dbm database abstraction layer had the mode flag for dba_open() brought into line with dbm_open(), which means "w" will not create a non-existent database (use "c" instead). The documentation has also been moved into its own repository, and the generated HTML documentation is included in the tar.gz instead of the SGML source. The complete ChangeLog from 3.0.9 is below. A reminder: We've created a new mailing li

testing.

Just testing. Jim