xref: /web-php/releases/4_4_8.php (revision f1cb7e74)
1<?php
2$_SERVER['BASE_PAGE'] = 'releases/4_4_8.php';
3include_once __DIR__ . '/../include/prepend.inc';
4site_header("PHP 4.4.8 Release Announcement");
5?>
6
7<h1>PHP 4.4.8 Release Announcement</h1>
8<p>
9The PHP development team would like to announce the immediate availability of
10PHP 4.4.8.  It continues to improve the security and the stability of the 4.4
11branch and all users are strongly encouraged to upgrade to it as soon as
12possible. This release wraps up all the outstanding patches for the PHP 4.4
13series, and is therefore the last normal PHP 4.4 release. If necessary,
14releases to address security issues could be made until 2008-08-08.
15</p>
16
17<p>
18<b>Security Enhancements and Fixes in PHP 4.4.8:</b>
19</p>
20<ul>
21	<li>Improved fix for MOPB-02-2007.</li>
22	<li>Fixed an integer overflow inside chunk_split(). Identified by Gerhard Wagner.</li>
23	<li>Fixed integer overlow in str[c]spn().</li>
24	<li>Fixed regression in glob when open_basedir is on introduced by #41655 fix.</li>
25	<li>Fixed money_format() not to accept multiple %i or %n tokens.</li>
26	<li>Addded "max_input_nesting_level" php.ini option to limit nesting level of input variables. Fix for MOPB-03-2007.</li>
27	<li>Fixed INFILE LOCAL option handling with MySQL - now not allowed when open_basedir or safe_mode is active.</li>
28	<li>Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378).</li>
29</ul>
30
31<p>
32 For a full list of changes in PHP 4.4.8, see the <a href="/ChangeLog-4.php#4.4.8">ChangeLog</a>.
33</p>
34
35
36<?php site_footer(); ?>
37