|
1 | 1 | PHP NEWS |
2 | 2 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| |
3 | | -5 Feb 2015, PHP 5.6.6RC1 |
| 3 | +19 Feb 2015, PHP 5.6.6 |
4 | 4 |
|
5 | 5 | - Core: |
| 6 | + . Removed support for multi-line headers, as the are deprecated by RFC 7230. |
| 7 | + (Stas) |
6 | 8 | . Fixed bug #67068 (getClosure returns somethings that's not a closure). |
7 | 9 | (Danack at basereality dot com) |
| 10 | + . Fixed bug #68942 (Use after free vulnerability in unserialize() with |
| 11 | + DateTimeZone). (CVE-2015-0273) (Stas) |
8 | 12 | . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname |
9 | 13 | buffer overflow). (Stas) |
10 | 14 | . Fixed Bug #67988 (htmlspecialchars() does not respect default_charset |
11 | 15 | specified by ini_set) (Yasuo) |
| 16 | + . Added NULL byte protection to exec, system and passthru. (Yasuo) |
12 | 17 |
|
13 | 18 | - Dba: |
14 | 19 | . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info) |
15 | 20 |
|
16 | | -- JSON: |
17 | | - . Fixed bug #50224 (json_encode() does not always encode a float as a float) |
18 | | - by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso) |
| 21 | +- Enchant: |
| 22 | + . Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()). |
| 23 | + (Antony) |
19 | 24 |
|
20 | 25 | - Fileinfo: |
21 | 26 | . Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers) |
|
29 | 34 | . Fixed bug #68571 (core dump when webserver close the socket). |
30 | 35 | (redfoxli069 at gmail dot com, Laruence) |
31 | 36 |
|
| 37 | +- JSON: |
| 38 | + . Fixed bug #50224 (json_encode() does not always encode a float as a float) |
| 39 | + by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso) |
| 40 | + |
32 | 41 | - LIBXML: |
33 | 42 | . Fixed bug #64938 (libxml_disable_entity_loader setting is shared |
34 | 43 | between threads). (Martin Jansen) |
35 | 44 |
|
| 45 | +- Mysqli: |
| 46 | + . Fixed bug #68114 (linker error on some OS X machines with fixed |
| 47 | + width decimal support) (Keyur Govande) |
| 48 | + . Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient |
| 49 | + has rounding errors) (Keyur Govande) |
| 50 | + |
36 | 51 | - Opcache: |
37 | 52 | . Fixed bug with try blocks being removed when extended_info opcode |
38 | 53 | generation is turned on. (Laruence) |
39 | 54 |
|
40 | 55 | - PDO_mysql: |
41 | 56 | . Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of |
42 | | - named pipes). (steffenb198@aol.com) |
| 57 | + named pipes). (steffenb198 at aol dot com) |
43 | 58 |
|
44 | 59 | - Phar: |
45 | 60 | . Fixed bug #68901 (use after free). (bugreports at internot dot info) |
|
59 | 74 | - Standard: |
60 | 75 | . Fixed bug #65272 (flock() out parameter not set correctly in windows). |
61 | 76 | (Daniel Lowrey) |
62 | | - |
63 | | -- Mysqli: |
64 | | - . Fixed bug #68114 (linker error on some OS X machines with fixed |
65 | | - width decimal support) (Keyur Govande) |
66 | | - . Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient |
67 | | - has rounding errors) (Keyur Govande) |
| 77 | + . Fixed bug #69033 (Request may get env. variables from previous requests |
| 78 | + if PHP works as FastCGI). (Anatol) |
68 | 79 |
|
69 | 80 | - Streams: |
70 | 81 | . Fixed bug which caused call after final close on streams filter. (Bob) |
|
86 | 97 | . Fixed bug #68583 (Crash in timeout thread). (Anatol) |
87 | 98 | . Fixed bug #65576 (Constructor from trait conflicts with inherited |
88 | 99 | constructor). (dunglas at gmail dot com) |
89 | | - . Fixed bug #68676 (Explicit Double Free). (Kalle) |
| 100 | + . Fixed bug #68676 (Explicit Double Free). (CVE-2014-9425) (Kalle) |
90 | 101 | . Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()). |
91 | 102 | (CVE-2015-0231) (Stefan Esser) |
92 | 103 |
|
|
297 | 308 | (Matteo, Alain Laporte) |
298 | 309 | . Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo) |
299 | 310 |
|
| 311 | +- OpenSSL: |
| 312 | + . Revert regression introduced by fix of bug #41631 |
| 313 | + |
300 | 314 | - Reflection: |
301 | 315 | . Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi) |
302 | 316 |
|
|
563 | 577 | . Fixed bug #67606 (revised fix 67541, broke mod_fastcgi BC). (David Zuelke) |
564 | 578 | . Fixed bug #67530 (error_log=syslog ignored). (Remi) |
565 | 579 | . Fixed bug #67635 (php links to systemd libraries without using pkg-config). |
566 | | - (pacho@gentoo.org, Remi) |
| 580 | + (pacho at gentoo dot org, Remi) |
567 | 581 | . Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi) |
568 | 582 | . Fixed bug #67541 (Fix Apache 2.4.10+ SetHandler proxy:fcgi:// |
569 | 583 | incompatibilities). (David Zuelke) |
|
965 | 979 |
|
966 | 980 | - FPM: |
967 | 981 | . Fixed bug #67635 (php links to systemd libraries without using pkg-config). |
968 | | - (pacho@gentoo.org, Remi) |
| 982 | + (pacho at gentoo dot org, Remi) |
969 | 983 |
|
970 | 984 | - GD: |
971 | 985 | . Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). |
|
0 commit comments