Slashdot Mirror

← Back to Stories (view on slashdot.org)

PHP 5.6.0 Released

Posted by timothy on from the still-hard-to-pronounce dept.

An anonymous reader writes The PHP team has announced the release of PHP 5.6.0. New features include constant scalar expressions, exponentiation using the ** operator, function and constant importing with the use keyword, support for file uploads larger than 2 GB, and phpdbg as an interactive integrated debugger SAPI. The team also notes important changes affecting compatibility. For example: "Array keys won't be overwritten when defining an array as a property of a class via an array literal," json_decode() is now more strict at parsing JSON syntax, and GMP resources are now objects. Here is the migration guide, the full change log, and the downloads page.

1 of 118 comments (clear)

  1. 24 CVE fixes in one language system release by mr_mischief · · Score: 3, Interesting

    Here are the lines matching for grep -P 'CVE-\d{4}-\d+':

    Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981)
    Fixed bug #66060 (Heap buffer over-read in DateInterval). (CVE-2013-6712)
    Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)
    Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538)
    Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)
    Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)
    Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)
    Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478)
    Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479)
    Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480)
    Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487)
    Fixed bug #66731 (file: infinite recursion). (CVE-2014-1943)
    Fixed bug #66820 (out-of-bounds memory access in fileinfo). (CVE-2014-2270)
    Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression). (CVE-2013-7345)
    Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure default configuration). (CVE-2014-0185)
    Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120)
    Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497)
    Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()). (CVE-2013-7226)
    Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer). (CVE-2013-7327)
    Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597)
    Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049)
    Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (CVE-2014-4698)
    Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670)
    Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion). (CVE-2014-3515)

    That's not the applications written in PHP, mind you. That's the language system.