20 Jun 2011, PHP 5.4.0 Alpha 1
- autoconf 2.59+ is now supported (and required) for generating the
configure script with ./buildconf. Autoconf 2.60+ is desirable
otherwise the configure help order may be incorrect. (Rasmus, Chris Jones)
- Removed legacy features:
. break/continue $var syntax. (Dmitry)
. Safe mode and all related ini options. (Kalle)
. register_globals and register_long_arrays ini options. (Kalle)
. import_request_variables(). (Kalle)
. allow_call_time_pass_reference. (Pierrick)
. define_syslog_variables ini option and its associated function. (Kalle)
. highlight.bg ini option. (Kalle)
. Session bug compatibility mode (session.bug_compat_42 and
session.bug_compat_warn ini options). (Kalle)
. session_is_registered(), session_register() and session_unregister()
functions. (Kalle)
. y2k_compliance ini option. (Kalle)
- Moved extensions to PECL: (Johannes)
. ext/sqlite. (Note: the ext/sqlite3 and ext/pdo_sqlite extensions are
not affected)
- Changed $_SERVER['REQUEST_TIME'] to include microsecond precision. (Ilia)
- Changed default value of "default_charset" php.ini option from ISO-8859-1 to
UTF-8. (Rasmus)
- Changed array_combine() to return empty array instead of FALSE when both
parameter arrays are empty. FR #34857. (joel.perras@gmail.com)
- Changed third parameter of preg_match_all() to optional. FR #53238. (Adam)
- Changed silent casting of null/''/false into an Object when adding
a property into a warning. (Scott)
- <?= is now always available regardless of the short_open_tag setting (Rasmus)
- General improvements:
. Added multibyte support by default. Previously php had to be compiled
with --enable-zend-multibyte. Now it can be enabled or disabled through
zend.multibyte directive in php.ini. (Dmitry)
. Removed compile time dependency from ext/mbstring (Dmitry)
. Added support for Traits. (Stefan)
. Added closure $this support back. (Stas)
. Added array dereferencing support. (Felipe)
. Added indirect method call through array. FR #47160. (Felipe)
. Added support for object references in recursive serialize() calls.
FR #36424. (Mike)
. Added http_response_code() function. FR #52555. (Paul Dragoonis, Kalle)
. Added header_register_callback() which is invoked immediately
prior to the sending of headers and after default headers have
been added. (Scott)
. Added DTrace support. (David Soria Parra)
. Improved output layer, see README.NEW-OUTPUT-API for internals. (Mike)
. Improved unserialize() performance.
(galaxy dot mipt at gmail dot com, Kalle)
. Improved unix build system to allow building multiple PHP binary SAPIs and
one SAPI module the same time. FR #53271, FR #52419. (Jani)
. Added optional argument to debug_backtrace() and debug_print_backtrace()
to limit the amount of stack frames returned. (Sebastian, Patrick)
. Added stream metadata API support and stream_metadata() stream class
handler. (Stas)
. User wrappers can now define a stream_truncate() method that responds
to truncation, e.g. through ftruncate(). FR #53888. (Gustavo)
- Improved Zend Engine memory usage: (Dmitry)
. Replaced zend_function.pass_rest_by_reference by
ZEND_ACC_PASS_REST_BY_REFERENCE in zend_function.fn_flags.
. Replaced zend_function.return_reference by ZEND_ACC_RETURN_REFERENCE
in zend_function.fn_flags.
. Removed zend_arg_info.required_num_args as it was only needed for internal
functions. Now the first arg_info for internal functions (which has special
meaning) is represented by zend_internal_function_info structure.
. Moved zend_op_array.size, size_var, size_literal, current_brk_cont,
backpatch_count into CG(context) as they are used only during compilation.
. Moved zend_op_array.start_op into EG(start_op) as it's used only for
'interactive' execution of single top-level op-array.
. Replaced zend_op_array.done_pass_two by ZEND_ACC_DONE_PASS_TWO in
zend_op_array.fn_flags.
. op_array.vars array is trimmed (reallocated) during pass_two.
. Replaced zend_class_entry.constants_updated by ZEND_ACC_CONSTANTS_UPDATED
in zend_class_entry.ce_flags.
. Reduced the size of zend_class_entry by sharing the same memory space
by different information for internal and user classes.
See zend_class_entry.info union.
. Reduced size of temp_variable.
- Changed the structure of op_array.opcodes. The constant values are moved from
opcode operands into a separate literal table. (Dmitry)
- Improved Zend Engine, performance tweaks and optimizations: (Dmitry)
. Inlined most probable code-paths for arithmetic operations directly into
executor.
. Eliminated unnecessary iterations during request startup/shutdown.
. Changed $GLOBALS into a JIT autoglobal, so it's initialized only if used.
(this may affect opcode caches!)
. Improved performance of @ (silence) operator.
. Simplified string offset reading. $str[1][0] is now a legal construct.
. Added caches to eliminate repeatable run-time bindings of functions,
classes, constants, methods and properties.
. Added concept of interned strings. All strings constants known at compile
time are allocated in a single copy and never changed.
. Added an optimization which saves memory and emalloc/efree calls for empty
HashTables. (Stas, Dmitry)
. ZEND_RECV now always has IS_CV as its result.
. ZEND_CATCH now has to be used only with constant class names.
. ZEND_FETCH_DIM_? may fetch array and dimension operands in different order.
. Simplified ZEND_FETCH_*_R operations. They can't be used with the
EXT_TYPE_UNUSED flag any more. This is a very rare and useless case.
ZEND_FREE might be required after them instead.
. Split ZEND_RETURN into two new instructions ZEND_RETURN and
ZEND_RETURN_BY_REF.
. Optimized access to global constants using values with pre-calculated
hash_values from the literals table.
. Optimized access to static properties using executor specialization.
A constant class name may be used as a direct operand of ZEND_FETCH_*
instruction without previous ZEND_FETCH_CLASS.
. zend_stack and zend_ptr_stack allocation is delayed until actual usage.
- Improved CLI SAPI: (Johannes, Moriyoshi)
. Added command line option --rz <name> which shows information of the
named Zend extension. (Johannes)
. Interactive readline shell improvements: (Johannes)
. Added "cli.pager" php.ini setting to set a pager for output.
. Added "cli.prompt" php.ini setting to configure the shell prompt.
. Added shortcut #inisetting=value to change ini settings at run-time.
. Changed shell not to terminate on fatal errors.
. Interactive shell works with shared readline extension. FR #53878.
- Improved FastCGI SAPI: (Dmitry)
. Added apache compatible functions: apache_child_terminate(),
getallheaders(), apache_request_headers() and apache_response_headers()
. Improved performance of FastCGI request parsing.
- Improved core functions:
. number_format() no longer truncates multibyte decimal points and thousand
separators to the first byte. FR #53457. (Adam)
. Added hex2bin() function. (Scott)
- Improved CURL extension:
. Added support for CURLOPT_MAX_RECV_SPEED_LARGE and
CURLOPT_MAX_SEND_SPEED_LARGE. FR #51815. (Pierrick)
- Improved Date extension:
. Added the + modifier to parseFromFormat to allow trailing text in the
string to parse without throwing an error. (Stas, Derick)
- Improved DBA extension:
. Added Tokyo Cabinet abstract DB support. (Michael Maclean)
. Added Berkeley DB 5 support. (Johannes, Chris Jones)
- Improved filesystem functions:
. scandir() now accepts SCANDIR_SORT_NONE as a possible sorting_order value.
FR #53407. (Adam)
- Improved HASH extension:
. Added Jenkins's one-at-a-time hash support. (Martin Jansen)
. Added FNV-1 hash support. (Michael Maclean)
. Made Adler32 algorithm faster. FR #53213. (zavasek at yandex dot ru)
- Improved intl extension:
. Added Spoofchecker, allows checking for visibly confusable characters and
other security issues. (Scott)
- Improved JSON extension:
. Added JsonSerializable interface. (Sara)
. Added JSON_BIGINT_AS_STRING, extended json_decode() sig with $options.
(Sara)
. Added support for JSON_NUMERIC_CHECK option in json_encode() that converts
numeric strings to integers. (Ilia)
. Added new json_encode() option JSON_PRETTY_PRINT. FR #44331. (Adam)
. Added new json_encode() option JSON_UNESCAPED_SLASHES. FR #49366. (Adam)
- Improved LDAP extension:
. Added paged results support. FR #42060. (ando@OpenLDAP.org,
- Improved MySQL extensions:
. MySQL: Deprecated mysql_list_dbs(). FR #50667. (Andrey)
. mysqlnd: Added named pipes support. FR #48082. (Andrey)
. MySQLi: Added iterator support in MySQLi. mysqli_result implements
Traversable. (Andrey, Johannes)
. PDO_mysql: Removed support for linking with MySQL client libraries older
than 4.1. (Johannes)
- Improved OpenSSL extension:
. Added AES support. FR #48632. (yonas dot y at gmail dot com, Pierre)
. Added a "no_ticket" SSL context option to disable the SessionTicket TLS
extension. FR #53447. (Adam)
. Added no padding option to openssl_encrypt()/openssl_decrypt(). (Scott)
- Improved PDO DB-LIB: (Stanley)
. Added nextRowset support.
. Fixed bug #50755 (PDO DBLIB Fails with OOM).
- Improved PostgreSQL extension:
. Added support for "extra" parameter for PGNotify().
(r dot i dot k at free dot fr, Ilia)
- Improved Reflection extension: (Johannes)
. Added ReflectionExtension::isTemporary() and
ReflectionExtension::isPersistent() methods.
. Added ReflectionZendExtension class.
. Added ReflectionClass::isCloneable(). (Felipe)
- Improved Session extension:
. Added support for storing upload progress feedback in session data. (Arnaud)
. Changed session.entropy_file to default to /dev/urandom or /dev/arandom if
either is present at compile time. (Rasmus)
- Improved SPL extension:
. Added RegexIterator::getRegex() method. (Joshua Thijssen)
. Added SplObjectStorage::getHash() hook. (Etienne)
. Added CallbackFilterIterator and RecursiveCallbackFilterIterator. (Arnaud)
- Improved XSL extension:
. Added XsltProcessor::setSecurityPrefs($options) and getSecurityPrefs() to
define forbidden operations within XSLT stylesheets, default is not to
enable write operations from XSLT. Bug #54446 (Chregu, Nicolas Gregoire)
- Improved ZLIB extension:
. Re-implemented non-file related functionality. (Mike)
- Improved SNMP extension (Boris Lytochkin):
. Added OO API. FR #53594 (php-snmp rewrite).
. Sanitized return values of existing functions. Now it returns FALSE on
failure.
. Allow ~infinite OIDs in GET/GETNEXT/SET queries. Autochunk them to max_oids
upon request.
. Introducing unit tests for extension with ~full coverage.
IPv6 support. (FR #42918)
. Way of representing OID value can now be changed when SNMP_VALUE_OBJECT
is used for value output mode. Use or'ed SNMP_VALUE_LIBRARY(default if
not specified) or SNMP_VALUE_PLAIN. (FR #54502)
. Fixed bugs
. #44193 (snmp v3 noAuthNoPriv doesn't work)
. #45893 (Snmp buffer limited to 2048 char)
. #46065 (snmp_set_quick_print() persists between requests)
. #51336 (snmprealwalk (snmp v1) does not handle end of OID tree correctly)
. #53862 (snmp_set_oid_output_format does not allow returning to default)
=================================================================================================================================================================
14 Jul 2011, PHP 5.4.0 Alpha 2
- General improvements:
. Zend Signal Handling. (Lucas Nealan,Arnaud Le Blanc,Brian Shire, Ilia)
- Improved Zend Engine
. Improved parse error messages. (Felipe)
- Improved CLI SAPI:
. Added built-in web server that is intended for testing purpose.
(Moriyoshi)
- Improved PHP-FPM SAPI:
. Added partial syslog support (on error_log only). FR #52052. (fat)
. Lowered default value for Process Manager. FR #54098. (fat)
. Enhance security by limiting access to user defined extensions.
FR #55181. (fat)
- Improved core functions:
. Changed http_response_code() to be able to set a response code. (Kalle)
. Fixed crypt_blowfish handling of 8-bit characters. (Stas) (CVE-2011-2483)
. Fixed bug#55084 (Function registered by header_register_callback is
called only once per process). (Hannes)
- Improved DOM extension:
. Added the ability to pass options to loadHTML (Chregu, fxmulder at gmail dot com)
- OpenSSL extension:
. Use php's implementation for Windows Crypto API in
openssl_random_pseudo_bytes. (Pierre)
=================================================================================================================================================================
04 Aug 2011, PHP 5.4.0 Alpha 3
- Added features:
. Short array syntax, see UPGRADING guide for full details
(rsky0711 at gmail . com, sebastian.deutsch at 9elements . com, Pierre)
. Binary numbers format (0b001010). (Jonah dot Harris at gmail dot com)
. Support for Class::{expr}() syntax (Pierrick)
- Removed features:
. Removed magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase
ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept
but always return false, set_magic_quotes_runtime raises an
E_CORE_ERROR. (Pierrick, Pierre)
- Changed E_ALL to include E_STRICT. (Stas)
- Improved core functions
. Fixed bug #55124 (recursive mkdir fails with current (dot) directory in path).
(Pierre)
- Improved PHP-FPM SAPI:
. Added process.max to control the number of process FPM can fork. FR #55166.
(fat)
. Dropped restriction of not setting the same value multiple times, the last
one holds. (giovanni at giacobbi dot net, fat)
- SPL extension:
. Added missing class_uses(..) as pointed out by #55266 (Stefan)
. Fixed bug #55287 (spl_classes() not includes CallbackFilter classes)
(sasezaki at gmail dot com, salathe)
=================================================================================================================================================================
15 Sep 2011, PHP 5.4.0 Beta1
- General improvements:
. Added callable typehint. (Hannes)
. Implemented closure rebinding as parameter to bindTo. (Gustavo Lopes)
. Turn on html_errors by default again in php.ini-production like it was in
PHP 5.3, but only generate docref links when the docref_root INI setting is
not empty. (Derick)
. Fixed bug #55378: Binary number literal returns float number though its
value is small enough. (Derick)
. Added support for SORT_NATURAL and SORT_FLAG_CASE in array
sort functions (sort, rsort, ksort, krsort, asort, arsort and
array_multisort). FR#55158 (Arpad)
. Disable windows CRT warning by default, can be enabled again using the ini
directive windows_show_crt_warnings. (Pierre)
. Removed support for putenv("TZ=..") for setting the timezone. (Derick)
. Removed the timezone guessing algorithm in case the timezone isn't set with
date.timezone or date_default_timezone_set(). Instead of a guessed
timezone, "UTC" is now used instead. (Derick)
- Improved MySQL extensions:
. ext/mysql, mysqli and pdo_mysql now use mysqlnd by default. (Johannes)
- Improved mbstring extension:
. Added Shift_JIS/UTF-8 Emoji (pictograms) support. (Rui)
. Added JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004)
support. (Rui)
. Ill-formed UTF-8 check for security enhancements. (Rui)
. Added MacJapanese (Shift_JIS) and gb18030 encoding support. (Rui)
. Added encode/decode in hex format to mb_[en|de]code_numericentity(). (Rui)
. Added user JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004)
support. (Rui)
. Added the user defined area for CP936 and CP950 (Rui).
- Improved Reflection extension:
. Added ReflectionClass::newInstanceWithoutConstructor() to create a new
instance of a class without invoking its constructor. FR #55490.
(Sebastian)
- Improved intl extension:
. Fixed bug #55562 (grapheme_substr() returns false on big length). (Stas)
- Improved JSON extension:
. Added new json_encode() option JSON_UNESCAPED_UNICODE. FR #53946.
(Alexander, Gwynne)
- Improved CLI SAPI:
. Added friendly log messages - FR #55109 (Arpad)
- Improved readline extension:
. Fixed bug #54450 (Enable callback support when built against libedit).
(fedora at famillecollet dot com, Hannes)
- Improved Session extension:
. Expose session status via new function, session_status (FR #52982) (Arpad)
. Added support for object-oriented session handlers. (Arpad)
- Improved SPL extension:
. Immediately reject wrong usages of directories under Spl(Temp)FileObject
and friends. (Etienne, Pierre)
- Improved XSL extension:
. XSL doesn't stop transformation anymore, if a PHP function can't be called
(Christian)
=================================================================================================================================================================
20 Oct 2011, PHP 5.4.0 beta2
- General improvements:
. Improve the warning message of incompatible arguments. (Laruence)
. Improve ternary operator performance when returning arrays. (Arnaud, Dmitry)
- Core:
. Fixed bug #55801 (Behavior of unserialize has changed). (Mike)
. Fixed bug #55749 (TOCTOU issue in getenv() on Windows builds). (Pierre)
. Fixed bug #55707 (undefined reference to `__sync_fetch_and_add_4' on Linux
parisc). (Felipe)
. Fixed bug #55705 (Omitting a callable typehinted argument causes a segfault).
(Felipe, Laruence)
. Fixed bug #55758 (Digest Authenticate missed in 5.4) . (Laruence)
. Fixed bug #55622 (memory corruption in parse_ini_string). (Pierre)
. Fixed bug #55825 (Missing initial value of static locals in trait methods).
(Laruence)
. Fixed bug #60038 (SIGALRM cause segfault in php_error_cb). (Laruence)
- Openssl
. Revert r313616 (When we have a blocking SSL socket, respect the timeout
option, scottmac), breaks ssl support as described in bugs #55283 and #55848
- PDO DBlib driver:
. Fixed bug #60033 (Incorrectly merged PDO dblib patches break
uniqueidentifier column type). (warezthebeef at gmail dot com)
- Sysvshm
. Fixed bug #55750 (memory copy issue in sysvshm extension).
(Ilia, jeffhuang9999 at gmail dot com)
- Zlib:
. Fixed bug #55544 (ob_gzhandler always conflicts with
zlib.output_compression). (Mike)
- SPL:
. FilesystemIterator, GlobIterator and (Recursive)DirectoryIterator now use
the default stream context. (Hannes)
. Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY).
(jgotti at modedemploi dot fr, Hannes)
- CLI SAPI:
. Fixed bug #55726 (Changing the working directory makes router script
inaccessible). (Laruence)
. Fixed bug #55747 (request headers missed in $_SERVER). (Laruence)
. Fixed bug #55755 (SegFault when outputting header WWW-Authenticate). (Laruence)
- Litespeed SAPI:
. Fixed bug #55769 (Make Fails with "Missing Separator" error). (Adam)
- Fileinfo:
. Fixed bug #60094 (C++ comment fails in c89). (Laruence)
=================================================================================================================================================================
11 Nov 2011, PHP 5.4.0 RC1
- General improvements:
. Changed silent conversion of array to string to produce a notice. (Patrick)
. Added class member access on instantiation (e.g. (new foo)->bar()) support.
(Felipe)
- CLI SAPI:
. Fixed bug #60112 (If URI does not contain a file, index.php is not served).
(Laruence)
. Fixed bug #60115 (memory definitely lost in cli server). (Laruence)
. Fixed bug #60146 (Last 2 lines of page not being output). (Laruence)
. Fixed bug #60180 ($_SERVER["PHP_SELF"] incorrect). (Laruence)
. Fixed bug #60189 (php logo can not be displayed). (Laruence)
- Core:
. Fixed bug #60120 (proc_open's streams may hang with stdin/out/err when
the data exceeds or is equal to 2048 bytes). (Pierre, Pascal Borreli)
. Fixed bug #60174 (Notice when array in method prototype error).
(Laruence)
. Fixed bug #60169 (Conjunction of ternary and list crashes PHP).
(Laruence)
. Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to
is_a and is_subclass_of). (alan_k)
- Oracle Database extension (OCI8):
. Increased maximum Oracle error message buffer length for new 11.2.0.3 size
(Chris Jones)
. Improve internal initalization failure error messages (Chris Jones)
- SPL extension
. Reverted changes that required constructor overrides to invoke the parent
constructor in several SPL classes and applied 5.3 fixes instead.
Related bugs: #54384, #55175 and #55300.
. Fixed bug #60201 (SplFileObject::setCsvControl does not expose third
argument via Reflection). (Peter)
- Tokenizer extension
. Fixed bug #54089 (token_get_all with regards to __halt_compiler is
not binary safe). (Nikita Popov)
- SAPI:
. Fixed bug #60205 (possible integer overflow in content_length). (Laruence)
=================================================================================================================================================================
24 Nov 2011, PHP 5.4.0 RC2
- Core:
. Fixed bug #60227 (header() cannot detect the multi-line header with
CR(0x0D)). (rui)
. Fixed bug #60099 (__halt_compiler() works in braced namespaces). (Felipe)
. Fixed bug #55874 (GCC does not provide __sync_fetch_and_add on some archs).
(klightspeed at netspace dot net dot au)
. Fixed bug #52624 (tempnam() by-pass open_basedir with nonexistent
directory). (Felipe)
. Fixed bug #55748 (multiple NULL Pointer Dereference with zend_strndup())
(CVE-2011-4153). (Stas)
. Fixed invalid free in call_user_method() function. (Felipe)
- Zend Engine:
. Fixed bug #43200 (Interface implementation / inheritence not possible in
abstract classes). (Felipe)
- CLI SAPI:
. Fixed bug #60159 (Router returns false, but POST is not passed to requested
resource). (Laruence)
. Fixed bug #55759 (memory leak when using built-in server). (Laruence)
- Improved PHP-FPM SAPI:
. Enhance error log when the primary script can't be open. FR #60199. (fat)
. Remove EXPERIMENTAL flag. (fat)
. Added .phar to default authorized extensions. (fat)
- BCmath:
. Fixed bug #60377 (bcscale related crashes on 64bits platforms) (shm)
- Fileinfo:
. Fixed possible memory leak in finfo_open(). (Felipe)
. Fixed memory leak when calling the Finfo constructor twice. (Felipe)
- Intl:
. Fixed memory leak in several Intl locale functions. (Felipe)
- Mbstring
. Fixed bug #60306 (Characters lost while converting from cp936 to utf8).
(Laruence)
. Fixed possible crash in mb_ereg_search_init() using empty pattern. (Felipe)
- MS SQL:
. Fixed bug #60267 (Compile failure with freetds 0.91). (Felipe)
- OpenSSL:
. Fixed bug #60279 (Fixed NULL pointer dereference in
stream_socket_enable_crypto, case when ssl_handle of session_stream is not
initialized.) (shm)
- Oracle Database extension (OCI8):
. Fixed bug #59985 (show normal warning text for OCI_NO_DATA)
(Chris Jones)
- Output:
. Fixed bug #60321 (ob_get_status(true) no longer returns an array when
buffer is empty). (Pierrick)
. Fixed bug #60282 (Segfault when using ob_gzhandler() with open buffers).
(Laruence)
- Reflection:
. Fixed bug #60357 (__toString() method triggers E_NOTICE "Array to string
conversion"). (Laruence)
- SOAP extension:
. Added new SoapClient option "keep_alive". FR #60329. (Pierrick)
- Tidy:
. Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference).
(Maksymilian Arciemowicz, Felipe)
=================================================================================================================================================================
08 Dec 2011, PHP 5.4.0 RC3
- Core:
. Fixed bug #60444 (Segmentation fault with include & class extending).
(Laruence, Dmitry).
. Fixed bug #60350 (No string escape code for ESC (ascii 27), normally \e).
(php at mickweiss dot com)
. Fixed bug #60240 (invalid read/writes when unserializing specially crafted
strings). (Mike)
. Implement FR #54514 (Get php binary path during script execution).
(Laruence)
- CLI SAPI:
. Implement FR #60390 (Missing $_SERVER['SERVER_PORT']). (Pierre)
- cURL:
. Fixed bug #60439 (curl_copy_handle segfault when used with
CURLOPT_PROGRESSFUNCTION). (Pierrick)
- Intl:
. Added support for UTS #46. (Gustavo)
- OpenSSL:
. On error in openssl_random_pseudo_bytes() make sure we set strong result
to false. (Scott)
- Reflection:
. Fixed bug #60367 (Reflection and Late Static Binding). (Laruence)
=================================================================================================================================================================
22 Dec 2011, PHP 5.4.0 RC4
- Core:
. Added max_input_vars directive to prevent attacks based on hash collisions
(Dmitry).
. Fixed bug #60536 (Traits Segfault). (Laruence)
. Fixed bug #60362 (non-existent sub-sub keys should not have values).
(Laruence, alan_k, Stas)
. Fixed bug #60558 (Invalid read and writes). (Laruence)
- CLI SAPI:
. Fixed bug #60477 (Segfault after two multipart/form-data POST requests,
one 200 RQ and one 404). (Laruence)
. Fixed bug #60523 (PHP Errors are not reported in browsers using built-in
SAPI). (Laruence, Derick)
- OpenSSL:
. Fix segfault with older versions of OpenSSL. (Scott)
- Pdo Firebird:
. Fixed bug #48877 ("bindValue" and "bindParam" do not work for PDO Firebird).
(Mariuz)
=================================================================================================================================================================
07 Jan 2012, PHP 5.4.0 RC5
- Core:
. Fixed bug #60613 (Segmentation fault with $cls->{expr}() syntax). (Dmitry)
. Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax). (Laruence)
. Fixed bug #55871 (Interruption in substr_replace()). (Stas)
. Fixed bug #60627 (httpd.worker segfault on startup with php_value).
(Laruence)
- SAPI:
. Fixed bug #55500 (Corrupted $_FILES indices lead to security concern).
(Stas)
. Fixed bug #54374 (Insufficient validating of upload name leading to
corrupted $_FILES indices). (Stas, lekensteyn at gmail dot com)
- CLI SAPI:
. Fixed bug #60591 (Memory leak when access a non-exists file). (Laruence)
- Intl:
. Fixed build on Fedora 15 / Ubuntu 11. (Hannes)
- PHP-FPM SAPI:
. Fixed bug #60629 (memory corruption when web server closed the fcgi fd).
(fat)
. Fixed bug #60659 (FPM does not clear auth_user on request accept).
(bonbons at linux-vserver dot org)
- Improved Session extension:
. Fixed bug #60640 (invalid return values). (Arpad)
. Implement FR #60551 (session_set_save_handler should support a core's
session handler interface). (Arpad)
=================================================================================================================================================================
19 Jan 2012, PHP 5.4.0 RC6
- Core:
. Restoring $_SERVER['REQUEST_TIME'] as a long and introducing
$_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision. (Patrick)
. Fixed bug #60768 (Output buffer not discarded) (Mike)
- Hash
. Fixed bug #60221 (Tiger hash output byte order) (Mike)
. Removed Salsa10/Salsa20, which are actually stream ciphers (Mike)
- Pdo Firebird:
. Fixed bug #47415 (segfaults when passing lowercased column name to
bindColumn). (Mariuz)
. Fixed bug #53280 (segfaults if query column count less than param count).
(Mariuz)
- SNMP:
. Fixed bug #60585 (php build fails with USE flag snmp when IPv6 support
is disabled). (Boris Lytochkin)
. Fixed bug #60749 (SNMP module should not strip non-standard SNMP port
from hostname). (Boris Lytochkin)
=================================================================================================================================================================
02 Feb 2012, PHP 5.4.0 RC 7
- Core:
. Fix bug #60895 (Possible invalid handler usage in windows random
functions). (Pierre)
. Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry)
. Fixed (disabled) inline-caching for ZEND_OVERLOADED_FUNCTION methods.
(Dmitry)
- OpenSSL:
. Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
CVE-2011-3389. (Scott)
- Session:
. Fixed bug #60860 (session.save_handler=user without defined function core
dumps). (Felipe)
- SOAP:
. Fixed basic HTTP authentication for WSDL sub requests. (Dmitry)
Комментариев нет:
Отправить комментарий