A new release in the PHP 4.4 branch is now available PHP 4.4.8, focused on security and stability since there will be no longer new features on the PHP4 branch. The security releases of PHP4 will stop anyway by 2008-08-08. Users of the PHP 4.4 branch are urged to update as soon as possible. Changes in this release include :
- Improved fix for MOPB-02-2007.
- Fixed an integer overflow inside chunk_split(). Identified by Gerhard Wagner.
- Fixed integer overlow in str[c]spn().
- Fixed regression in glob when open_basedir is on introduced by #41655 fix.
- Fixed money_format() not to accept multiple %i or %n tokens.
- Addded “max_input_nesting_level” php.ini option to limit nesting level of input variables. Fix for MOPB-03-2007.
- Fixed INFILE LOCAL option handling with MySQL – now not allowed when open_basedir or safe_mode is active.
- Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378).
Full list of changes in PHP 4.4.8 is available in the Changelog
