Very busy week at php.net, and very busy gift-season also ! PHP 5.2.8 have been officially released fixing a major security bug in 5.2.7 – a bug-fix version that was released two days before. So in addition to the ini bug fixed, you will get around 120 bug-fixes from the 5.2.7
The PHP development team would like to announce the immediate availability of PHP 5.2.8. This release addresses a regression introduced by 5.2.7 inregard to the magic_quotes functionality, that was broken by an incorrect fix to the filter extension. All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively you can apply a work-around for the bug by changing “filter.default_flags=0” in php.ini.
Note that 5.2.7 is no longer available. Security enhancements and fixes in PHP 5.2.7 include :
- Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)
- Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz.
- Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz.
- Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
- Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
- Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
- Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660)
- Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829)
- Fixed extraction of zip files and directories with crafted entries, reported by Stefan Esser.
Download current PHP 5 Stable 5.2.8
