PHP 5.4.45/5.5.29/5.6.13 发布,主要是安全问题修复。 下载:http://www.php.net/downloads.php Windows 下载:http://windows.php.net/download/ PHP 5.4.45 更新列表: Core: Fixed bug #70172 (Use After Free Vulnerability in unserialize()). Fixed bug #70219 (Use after free vulnerability in session deserializer). EXIF: Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). hash: Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). PCRE: Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). SOAP: Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). SPL: Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). XSLT: Fixed bug #69782 (NULL pointer dereference). ZIP: Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). PHP 5.5.29 更新列表: Core: Fixed bug #70172 (Use After Free Vulnerability in unserialize()). Fixed bug #70219 (Use after free vulnerability in session deserializer). EXIF: Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). hash: Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). PCRE: Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). SOAP: Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). SPL: Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). XSLT: Fixed bug #69782 (NULL pointer dereference). ZIP: Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). PHP 5.6.13 更新列表: Core: Fixed bug #69900 (Too long timeout on pipes). Fixed bug #69487 (SAPI may truncate POST data). Fixed bug #70198 (Checking liveness does not work as expected). Fixed bug #70172 (Use After Free Vulnerability in unserialize()). Fixed bug #70219 (Use after free vulnerability in session deserializer). CLI server: Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). Fixed bug #70264 (CLI server directory traversal). Date: Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional). Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte). EXIF: Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). hash: Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). MCrypt: Fixed bug #69833 (mcrypt fd caching not working). Opcache: Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled). PCRE: Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match). Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). SOAP: Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). SPL: Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start). Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). Standard: Fixed bug #70052 (getimagesize() fails for very large and very small WBMP). Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED). XSLT: Fixed bug #69782 (NULL pointer dereference). ZIP: Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). 更多内容请看发行说明。 PHP 5.4.45/5.5.29/5.6.13 发布下载地址
