true]); ?>

News Archive - 2010

Here are the most important news items we have published in 2010 on PHP.net.


PHP 5.2.16 Released!

[16-Dec-2010]

The PHP development team would like to announce the immediate availability of PHP 5.2.16. This release marks the end of support for PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.

This release focuses on addressing a regression in open_basedir implementation introduced in 5.2.15 in addition to fixing a crash inside PDO::pgsql on data retrieval when the server is down. All users who have upgraded to 5.2.15 and are utilizing open_basedir are strongly encouraged to upgrade to 5.2.16 or 5.3.4.

To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a migration guide available on http://php.net/migration53, details the changes between PHP 5.2 and PHP 5.3.

For a full list of changes in PHP 5.2.16 see the ChangeLog at http://www.php.net/ChangeLog-5.php#5.2.16.


PHP 5.3.4 Released!

[10-Dec-2010]

The PHP development team is proud to announce the immediate release of PHP 5.3.4. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.

Security Enhancements and Fixes in PHP 5.3.4:

  • Fixed crash in zip extract method (possible CWE-170).
  • Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).
  • Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
  • Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
  • Fixed possible flaw in open_basedir (CVE-2010-3436).
  • Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
  • Fixed symbolic resolution support when the target is a DFS share.
  • Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).

Key Bug Fixes in PHP 5.3.4 include:

  • Added stat support for zip stream.
  • Added follow_location (enabled by default) option for the http stream support.
  • Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
  • Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.
  • Multiple improvements to the FPM SAPI.
  • Over 100 other bug fixes.

For users upgrading from PHP 5.2 there is a migration guide available here, detailing the changes between those releases and PHP 5.3.

For a full list of changes in PHP 5.3.4, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/.


PHP 5.2.15 Released!

[09-Dec-2010]

The PHP development team would like to announce the immediate availability of PHP 5.2.15. This release marks the end of support for PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.

This release focuses on improving the security and stability of the PHP 5.2.x branch with a small number, of predominatly security fixes.

Security Enhancements and Fixes in PHP 5.2.15:

  • Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE.
  • Fixed crash in zip extract method (possible CWE-170).
  • Fixed a possible double free in imap extension.
  • Fixed possible flaw in open_basedir (CVE-2010-3436).
  • Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
  • Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data).

Key enhancements in PHP 5.2.15 include:

  • Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4).
  • Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object).

To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a migration guide available on http://php.net/migration53, details the changes between PHP 5.2 and PHP 5.3.

For a full list of changes in PHP 5.2.15 see the ChangeLog at http://www.php.net/ChangeLog-5.php#5.2.15.


Confoo

[08-Nov-2010]

PHP Quebec is pleased to announce the 2011 edition of the http://confoo.ca/ Conference. The Conference will take place in Montréal, Québec, Canada between March 9 and 11th 2011. We are looking for speakers willing to share their expertise with Canadian and United States PHP professionals programmers and managers.

The Conference features technical one hour talks dedicated many aspects of Web development such as mobile apps, security, databases, cloud, web standards, accessibility, project management, agile methods, CMS & Frameworks, startups and of course, PHP.

Organizers will prioritize new and original topics in English or French. For more information, visit the website: http://confoo.ca/


PHP'n Rio 10

[02-Nov-2010]

The PHP Rio User Group is pleased to announce their second edition of the PHP'n Rio conference. It will be held on November 20th, 2010, at the PUC Rio university, Rio de Janeiro. It is a one day conference aimed on providing experienced developers and beginners a chance to learn more about PHP frameworks, web applications built in PHP, and the art of testing code.

No fees or subscription required. Participation is entirely free!

Whether you live here or are around just enjoying the marvelous city, come and join us :) For more information, please visit http://www.phprio.org/phpnrio10 (Portuguese only).


Zend / PHP Conference

[30-Sep-2010]

The 6th Annual Zend/PHP Conference will bring together PHP developers and IT managers from around the world to discuss PHP best practices and explore new technologies.

At ZendCon, you'll learn from a variety of technical sessions in 9 tracks, renowned speakers, in-depth tutorials, an Exhibit Hall featuring industry leaders and unique networking opportunities.

  • Learn PHP best practices for architecture, design and development
  • Discover new advances in the PHP language and how to best harness them
  • Gain insights from peers, PHP luminaries, community members and thought-leaders
  • Discover how to deploy and scale large PHP applications
  • Explore new technologies like NoSQL and Cloud Computing
  • Learn how to effectively leverage Zend Framework and the changes coming in Zend Framework 2.0

Register now so you don't miss out on the most popular tutorials and savings. And join us at the 2010 Zend/PHP Conference - the largest gathering of the PHP community!


PHP Barcelona Conference 2010

[25-Sep-2010]

The PHP Barcelona User Group is pleased to announce the 4th edition of the PHP Barcelona Conference. Come to the shores of the Mediterranean for two fun-packed days of cutting edge PHP, Application Scalability, High Performance, Databases, Integration, Testing, Clouds (not in the sky, we hope) and many many more topics and surprises. The event will take place from the 29th to the 30th of October and will bring together Ilia Alshanetsky, Fabien Potencier, Stefan Priebsch, Lorenzo Alberton, Enrico Zimuel and many more of the shiniest names in the industry for 48 hours of intensive PHP and fiesta!

For more information visit http://phpconference.es and book your spot now before tickets run out and don't lose out on one of the most appealing events on the PHP calendar :)

See you in Barcelona!


International PHP Conference

[25-Sep-2010]

Not just another conference - this year has seen some high-valued conferences (like our IPC Spring Edition in Berlin) and we are already preparing the next big PHP conference. But this year makes a difference. It's the 10th. anniversary of the International PHP Conference. Being in business for ten years, we met some great people, made true fans and encouraged PHP developers all over the world to commit their passion for web-development to a growing community, that is behind some of the most well-known websites today.

Of course, a great event is nothing without great developers and we are very happy to welcome the PHP community to our next International PHP Conference 2010! Again, this conference is packed with workshops, sessions and keynotes on some of the most trending topics in PHP and web development today. Wether you are the developer dealing with core PHP features, the project lead that is in continuous integration or the CTO looking for professional solutions, this conference is the place to be. Not because of our 10 years of experience in bringing together some of the most experienced heads in PHP development - but because of this conference being one of Europe's leading technology events that have been made possible by a really passionate community. And that is ... by you.


PHPNW10

[09-Sep-2010]

PHP North West is a PHP conference with a regional focus, bringing the best of PHP speakers to the north-west of England on Saturday 9th October. A full day of conference speakers over at least two tracks this should again prove to be one of the best events for PHP user-led conferences in Europe. We're also, as last year, having an informal half day of speakers on Sunday 10th October, at the Museum of Science and Industry (MOSI) nearby. With a weekend packed with all things PHP and a ticket price to suit business and hobbyists alike there are no reasons to miss out - see you in Manchester :)


PHP 5.3.3 Released!

[22-Jul-2010]

The PHP development team would like to announce the immediate availability of PHP 5.3.3. This release focuses on improving the stability and security of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users are encouraged to upgrade to this release.

Backwards incompatible change:

  • Methods with the same name as the last element of a namespaced class name will no longer be treated as constructor. This change doesn't affect non-namespaced classes.

    <?php
    namespace Foo;
    class Bar {
    public function Bar() {
    // treated as constructor in PHP 5.3.0-5.3.2
    // treated as regular method in PHP 5.3.3
    }
    }
    ?>

    There is no impact on migration from 5.2.x because namespaces were only introduced in PHP 5.3.

Security Enhancements and Fixes in PHP 5.3.3:

  • Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).
  • Fixed a possible resource destruction issues in shm_put_var().
  • Fixed a possible information leak because of interruption of XOR operator.
  • Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.
  • Fixed a possible memory corruption in ArrayObject::uasort().
  • Fixed a possible memory corruption in parse_str().
  • Fixed a possible memory corruption in pack().
  • Fixed a possible memory corruption in substr_replace().
  • Fixed a possible memory corruption in addcslashes().
  • Fixed a possible stack exhaustion inside fnmatch().
  • Fixed a possible dechunking filter buffer overflow.
  • Fixed a possible arbitrary memory access inside sqlite extension.
  • Fixed string format validation inside phar extension.
  • Fixed handling of session variable serialization on certain prefix characters.
  • Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
  • Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
  • Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.
  • Fixed possible buffer overflows when handling error packets in mysqlnd.

Key enhancements in PHP 5.3.3 include:

  • Upgraded bundled sqlite to version 3.6.23.1.
  • Upgraded bundled PCRE to version 8.02.
  • Added FastCGI Process Manager (FPM) SAPI.
  • Added stream filter support to mcrypt extension.
  • Added full_special_chars filter to ext/filter.
  • Fixed a possible crash because of recursive GC invocation.
  • Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
  • Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
  • Fixed bug #52060 (Memory leak when passing a closure to method_exists()).
  • Fixed bug #52001 (Memory allocation problems after using variable variables).
  • Fixed bug #51723 (Content-length header is limited to 32bit integer with Apache2 on Windows).
  • Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3).

For users upgrading from PHP 5.2 there is a migration guide available on http://php.net/migration53, detailing the changes between those releases and PHP 5.3.

For a full list of changes in PHP 5.3.3, see the ChangeLog.


PHP 5.2.14 Released!

[22-Jul-2010]

The PHP development team would like to announce the immediate availability of PHP 5.2.14. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related.

This release marks the end of the active support for PHP 5.2. Following this release the PHP 5.2 series will receive no further active bug maintenance. Security fixes for PHP 5.2 might be published on a case by cases basis. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.

Security Enhancements and Fixes in PHP 5.2.14:

  • Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.
  • Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
  • Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
  • Fixed a possible memory corruption in substr_replace().
  • Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
  • Fixed a possible stack exaustion inside fnmatch().
  • Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
  • Fixed handling of session variable serialization on certain prefix characters.
  • Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.

Key enhancements in PHP 5.2.14 include:

  • Upgraded bundled PCRE to version 8.02.
  • Updated timezone database to version 2010.5.
  • Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
  • Fixed bug #52237 (Crash when passing the reference of the property of a non-object).
  • Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
  • Fixed bug #51822 (Segfault with strange __destruct() for static class variables).
  • Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues).
  • Fixed bug #49267 (Linking fails for iconv on MacOS: "Undefined symbols: _libiconv").

To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a migration guide available on http://php.net/migration53, details the changes between PHP 5.2 and PHP 5.3.

For a full list of changes in PHP 5.2.14 see the ChangeLog at http://www.php.net/ChangeLog-5.php#5.2.14.


TestFest 2010

[23-Jun-2010]

PHP is proud to announce TestFest 2010. TestFest is PHP's annual campaign to increase the overall code coverage of PHP through PHPT tests. During TestFest, PHP User Groups and individuals around the world organize local events where new tests are written and new contributors are introduced to PHP's testing suite.

Last year was very successful with 887 tests submitted and a code coverage increase of 2.5%. This year we hope to do better.

TestFest's own SVN repository and reporting tools are back online for this year's event. New to TestFest this year are automated test environment build tools as well as screencasts showing those build tools in action.

Please visit the TestFest 2010 wiki page for all the details on events being organized in your area, or find out how you can organize your own event.


PHP | OSI Days 2010: Participate at the confluence of PHP's finest!

[05-Jun-2010]

PHP | OSI Days 2010 is the premier PHP conference being organised at Asia's largest Open Source Conference - OSI Days 2010. We invite you to come and lead a tutorial / session or participate in Panel Discussions at OSI Days 2010 specifically for the PHP domain. The last date for submitting a proposal for the conference is 15th June 2010. The conference is scheduled for September 19-21, 2010 at Chennai, India.

Submit a proposal now! <http://osidays.com/node/add/proposal>

If you are one of the following:

We invite you to submit a proposal on one of the topics below:

Types of Presentation

Your proposals Should

Speaker Benefits

OSI Days offers its speakers tremendous opportunities for exposure and recognition as an industry leader. Your session will attract many technical & Business professionals interested in learning from your example, expertise and experience. In appreciation of your contributions as a Conference Speaker, we provide you many benefits, read them in full detail. <http://osidays.com/speaker-benefit>

Contact

For registration and more details visit: http://osidays.com or contact Dhiraj Khare at dhiraj@osidays.com or call at +919811206582

Team,
OSI Days 2010


PHP 5.3.2 Released!

[04-Mar-2010]

The PHP development team is proud to announce the immediate release of PHP 5.3.2. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.

Security Enhancements and Fixes in PHP 5.3.2:

  • Improved LCG entropy. (Rasmus, Samy Kamkar)
  • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
  • Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)

Key Bug Fixes in PHP 5.3.2 include:

  • Added support for SHA-256 and SHA-512 to php's crypt.
  • Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check.
  • Fixed bug #51059 (crypt crashes when invalid salt are given).
  • Fixed bug #50940 Custom content-length set incorrectly in Apache sapis.
  • Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long).
  • Fixed bug #50723 (Bug in garbage collector causes crash).
  • Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16).
  • Fixed bug #50632 (filter_input() does not return default value if the variable does not exist).
  • Fixed bug #50540 (Crash while running ldap_next_reference test cases).
  • Fixed bug #49851 (http wrapper breaks on 1024 char long headers).
  • Over 60 other bug fixes.

For users upgrading from PHP 5.2 there is a migration guide available here, detailing the changes between those releases and PHP 5.3.

Further information and downloads:

For a full list of changes in PHP 5.3.2, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/.


PHP 5.2.13 Released!

[25-Feb-2010]

The PHP development team would like to announce the immediate availability of PHP 5.2.13. This release focuses on improving the stability of the PHP 5.2.x branch with over 40 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.13:

  • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
  • Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. (Ilia)
  • Improved LCG entropy. (Rasmus, Samy Kamkar)

Further details about the PHP 5.2.13 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.


Dutch PHP Conference

[19-Feb-2010]

The Dutch PHP Conference is now in its 4th year and yet again promises a varied and inspiring few days of excellent technical content including Sebastian Bergmann, Kevlin Henney, Chris Shiflett, Ilia Alshanetsky and many other fascinating speakers and topics.

The event is held in Amsterdam from 10th to 12th June 2010, for more information see the website at http://phpconference.nl - we hope you can join us in Amsterdam in June!


ConFoo Web Techno Conference

[16-Jan-2010]

PHP Quebec and the ConFoo team is pleased to announce the schedule of the ConFoo Web Techno Conference. With over 130 presentations in 8 rooms, ConFoo brings you the best of Web development.

The event will take place on March 8th to 12th in Montreal, at the prestigious Hilton Bonaventure Hotel.

Over 100 specialists will be present at the conference to share their knowledge during talks and training. Among them will be: Rasmus Lerdorf, Terry Chay, Chris Shiflett and Morgan Tocker

You would not want to miss the following presentations: HTML5: Where Are We Now? (Mark Pilgrim), Andrei's Regex Clinic (Andrei Zmievski), Security-Centered Design (Chris Shiflett) and Welcome to the Wild Wild Web (Carl Mercier)

Register online before January 22nd and save 200$!
Looking forward to see you at the conference.

true, 'sidebar' => $SIDEBAR_DATA]);