The PHP development team announces the immediate availability of PHP 5.4.13 and PHP 5.3.23. These releases fix about 15 bugs, including fixes for CVE-2013-1643 and CVE-2013-1635. All users of PHP are encouraged to upgrade to PHP 5.4.13.
For source downloads of PHP 5.4.13 and PHP 5.3.23 please visit our downloads page, Windows binaries can be found on windows.php.net/download/.
Version 5.4.13
14-March-2013
Core:
Fixed bug #64235 (Insteadof not work for class method in 5.4.11).
Implemented FR #64175 (Added HTTP codes as of RFC 6585).
Fixed bug #64142 (dval to lval different behavior on ppc64).
Fixed bug #64070 (Inheritance with Traits failed with error).
CLI server:
Fixed bug #64128 (buit-in web server is broken on ppc64).
Mbstring:
mb_split() can now handle empty matches like preg_split() does.
OpenSSL:
Fixed bug #61930 (openssl corrupts ssl key resource when using openssl_get_publickey()).
PDO_mysql:
Fixed bug #60840 (undefined symbol: mysqlnd_debug_std_no_trace_funcs).
Phar:
Fixed timestamp update on Phar contents modification.
SOAP
Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635).
Disabled external entities loading (CVE-2013-1643).
SPL:
Fixed bug #64264 (SPLFixedArray toArray problem).
Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS).
Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended).
Fixed bug #52861 (unset fails with ArrayObject and deep arrays).
SNMP:
Fixed bug #64124 (IPv6 malformed).
Version 5.3.23
14-March-2013
Phar:
Fixed timestamp update on Phar contents modification.
SOAP
Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635).
Disabled external entities loading (CVE-2013-1643).
SPL:
Fixed bug #64264 (SPLFixedArray toArray problem).
Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS).
Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended).
Fixed bug #52861 (unset fails with ArrayObject and deep arrays).
=========插曲===========
近期可能需要到镇江做一个项目,如果有附近或者镇江的phper可以给我发消息,前端设计(js(原生)+html+css)感觉良好的也可以给我来个消息.
最近没关注官网。
额。居然是在php 5.0alpha版本发布之后
肯定又要升级了。每次都是安全问题被迫升级。