Izašao PHP 4.3.0

[ Aleksandar Marković @ 28.12.2002. 15:01 ] @

Changes in Current Version:

* This version finalizes the separate command line interface (CLI) that can be used for developing shell and desktop applications
* A very important "under the hood" feature is the streams API
* This iteration of the build system, among other things, replaces the slow recursive make with one global Makefile and eases the integration of proper dependencies
* GD library is now bundled with the distribution and it is recommended to always use the bundled version
* Vpopmail and cybermut extensions are moved to PECL
* Several deprecated extensions (aspell, ccvs, cybercash, icap) and SAPIs (fastcgi, fhttpd) are removed
* Various security fixes (imap, mysql, mcrypt, file upload, gd, etc)
* Apache2 filter is improved, but is still considered experimental
* Significant improvements in dba, gd, pcntl, sybase, and xslt extensions
* Zend Engine has some fixes and minor performance enhancements

http://www.php.net

[ Goran Rakić @ 28.12.2002. 15:16 ] @

video sam juče, probao sam još i RC varijante. Streamovi su strava.

[ CONFIQ @ 28.12.2002. 17:12 ] @

Meni se sviđa to što greške pokazuje sa linkovima prema php.net-u a ne kontam šta radi funkcija debug_backtrace() ?

[ 01011011 @ 31.12.2002. 11:09 ] @

Meni se svidja sto sam konacno uspio da instaliram ovu verziju :)

[ Goran Rakić @ 04.01.2003. 17:40 ] @

Citat:

A vulnerability in the wordwrap() function has been fixed in the 4.3.0 version of PHP. The buffer overflow could, in theory, allow a malicious attacker to cause PHP to unwittingly execute code of his or her choosing.

If your application uses the wordwrap() function and you run PHP 4.1.2 or above, you may want to consider upgrading to the latest version of PHP, 4.3.0. Applications that do not use wordwrap() should be unaffected (although 4.3.0 is a great upgrade anyway!)

[ CONFIQ @ 17.02.2003. 18:38 ] @

Izašala i 4.3.1 pre 5 min.

Citat:

Description

PHP contains code for preventing direct access to the CGI binary with
configure option "--enable-force-cgi-redirect" and php.ini option
"cgi.force_redirect". In PHP 4.3.0 there is a bug which renders these
options useless.

NOTE: This bug does NOT affect any of the other SAPI modules.
(such as the Apache or ISAPI modules, etc.)

Impact

Anyone with access to websites hosted on a web server which employs
the CGI module may exploit this vulnerability to gain access to any file
readable by the user under which the webserver runs.

A remote attacker could also trick PHP into executing arbitrary PHP code
if attacker is able to inject the code into files accessible by the CGI.
This could be for example the web server access-logs.

Solution

The PHP Group has released a new PHP version, 4.3.1, which incorporates
a fix for the vulnerability. All users of affected PHP versions are
encouraged to upgrade to this latest version. The downloads web site at

http://www.php.net/downloads.php

has the new 4.3.1 source tarballs, Windows binaries and source patch
from 4.3.0 available for download. You will only need to upgrade if
you're using the CGI module of PHP 4.3.0. There are no other bugfixes
contained in this release.

Workaround

None.

Credits

The PHP Group would like to thank Kosmas Skiadopoulos for discovering
this vulnerability.

Copyright (c) 2003 The PHP Group.

[ Vuk Nikolić @ 27.04.2003. 02:02 ] @

na mandrake 9.1 je php 4.3.1. :)

[ Aleksandar Marković @ 23.05.2003. 10:39 ] @

Promene:

http://www.php.net/ChangeLog-4.php