Scripting Language Security Fixes

Monday, April 30, 2012 @ 02:04 PM gHale


PHP developers released the first update for PHP 5.4, the latest version of their popular scripting language, and an update to PHP 5.3, the older stable branch of the language.

Developers said all users of PHP are strongly encouraged to upgrade to the new releases.

RELATED STORIES
Ruby Fixes RubyGems Security
OpenSSL Closes Security Holes
Python Updates Hash Collision
OpenSSL Not Completely Secure

PHP 5.4.1 has more than 20 bug fixes, including some related to security. One security bug concerned insufficient validating of an upload name, which then led to corrupted $_FILES indices. Another notable change was open_basedir checks adding into readline_write_history and readline_read_history.

The PHP 5.3.11 update fixes nearly 60 bugs including correcting a regression in a previously applied security fix for the magic_quotes_gpc directive. A new debug info handler also went into to DOM objects, and the developers have added support for version 2.4 of the Apache web server.

A full list of improvements and bug fixes for both versions are in the PHP 5 change log.

PHP 5.4.1 and 5.3.11 are available to download as source or as Windows binaries from the project’s site. PHP distributes under the terms of the PHP License v3.01.



Leave a Reply

You must be logged in to post a comment.