xref: /web-php/releases/5_2_14.php (revision f1cb7e74) 
1<?php
2$_SERVER['BASE_PAGE'] = 'releases/5_2_14.php';
3include_once __DIR__ . '/../include/prepend.inc';
4site_header("PHP 5.2.14 Release Announcement");
5?>
6
7<h1>PHP 5.2.14 Release Announcement</h1>
8<p>
9The PHP development team would like to announce the immediate
10availability of PHP 5.2.14. This release focuses on improving the
11stability of the PHP 5.2.x branch with over 60 bug fixes, some of which
12are security related.</p>
13
14<p>
15This release marks the end of the active support for PHP
165.2. Following this release the PHP 5.2 series will receive no further
17active bug maintenance. Security fixes for PHP 5.2 might be published on a
18case by cases basis. All users of PHP 5.2 are encouraged to upgrade to
19PHP 5.3.</p>
20
21<p>
22<b>Security Enhancements and Fixes in PHP 5.2.14:</b>
23</p>
24<ul>
25
26	<li>Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.</li>
27	<li>Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)</li>
28	<li>Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().</li>
29	<li>Fixed a possible memory corruption in substr_replace().</li>
30	<li>Fixed SplObjectStorage unserialization problems (CVE-2010-2225).</li>
31	<li>Fixed a possible stack exaustion inside fnmatch().</li>
32	<li>Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).</li>
33	<li>Fixed handling of session variable serialization on certain prefix characters.</li>
34	<li>Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.</li>
35</ul>
36
37<p>
38<b>Key enhancements in PHP 5.2.14 include:</b>
39</p>
40<ul>
41
42	<li>Upgraded bundled PCRE to version 8.02.</li>
43	<li>Updated timezone database to version 2010.5.</li>
44	<li>Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).</li>
45	<li>Fixed bug #52237 (Crash when passing the reference of the property of a non-object).</li>
46	<li>Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).</li>
47	<li>Fixed bug #51822 (Segfault with strange __destruct() for static class variables).</li>
48	<li>Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues).</li>
49	<li>Fixed bug #49267 (Linking fails for iconv on MacOS: "Undefined symbols: _libiconv").</li>
50</ul>
51
52<p>To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a
53migration guide available on <a
54href="/migration53">http://php.net/migration53</a>, details the changes between
55PHP 5.2 and PHP 5.3.</p>
56
57<p>For a full list of changes in PHP 5.2.14 see the ChangeLog at
58<http://www.php.net/ChangeLog-5.php#5.2.14>.</p>
59
60<?php site_footer(); ?>
61