Version 5.5.12

01 May 2014

Core:

Fixed bug #61019 (Out of memory on command stream_get_contents).
Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets).
Fixed bug #66182 (exit in stream filter produces segfault).
Fixed bug #66736 (fpassthru broken).
Fixed bug #67024 (getimagesize should recognize BMP files with negative heighty).
Fixed bug #67043 (substr_compare broke by previous change).

cURL:

Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).

Date:

Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is supplied).

Embed:

Fixed bug #65715 (php5embed.lib isn't provided anymore).

Fileinfo:

Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).

FPM:

Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185)).

· Json:

Fixed bug #66021 (Blank line inside empty array/object when JSON_PRETTY_PRINT is set).

· LDAP:

Fixed issue with null bytes in LDAP bindings.

· mysqli:

Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter (extra comma) and third parameters (lack of escaping).

· Openssl:

Fixed bug #66942 (memory leak in openssl_seal()).
Fixed bug #66952 (memory leak in openssl_open()).

· SimpleXML:

Fixed bug #66084 (simplexml_load_string() mangles empty node name).

· SQLite:

Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3)

· XSL:

Fixed bug #53965 (<xsl:include> cannot find files with relative paths when loaded with "file://")

· Apache2 Handler SAPI:

Fixed Apache log issue caused by APR's lack of support for %zu (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120)

Version 5.5.11

03 Apr 2014

Core:

Fixed bug #60602 (proc_open() changes environment array).
Allow zero length comparison in substr_compare().

cURL:

Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour).
Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.

Fileinfo:

Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression (CVE-2013-7345)).

FPM:

Added clear_env configuration directive to disable clearenv() call.

Fixed bug #66714 (imageconvolution breakage).
Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget).
Fixed bug #66887 (imagescale - poor quality of scaled image).
Fixed bug #66890 (imagescale segfault).
Fixed bug #66893 (imagescale ignore method argument).

GMP:

Fixed bug #66872 (invalid argument crashes gmp_testbit).

· Hash:

hash_pbkdf2() now works correctly if the $length argument is not specified.

· Intl:

Fixed bug #66873 A reproductible crash in UConverter when given invalid encoding.

· Mail:

Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script).

· MySQLi:

Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed).

· OPCache:

Added function opcache_is_script_cached().
Added information about interned strings usage.

· Openssl:

Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1).

· SQLite:

Updated bundled libsqlite to 3.8.3.1.

· SPL:

Added feature #65545 (SplFileObject::fread()).

Version 5.5.10

06 Mar 2014

Core:

Fixed bug #66574 (Allow multiple paths in php_ini_scanned_path).

Date:

Fixed bug #45528 (Allow the DateTimeZone constructor to accept timezones per offset too).

Fileinfo:

Fixed bug #66731 (file: infinite recursion (CVE-2014-1943)).
Fixed bug #66820 (out-of-bounds memory access in fileinfo (CVE-2014-2270)).

Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer (CVE-2013-7327)).

JSON:

Fixed bug #65753 (JsonSerializeable couldn't implement on module extension).

LDAP:

Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch).

Openssl:

Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).

PCRE:

Upgraded to PCRE 8.34.

Pgsql:

Added warning for dangerous client encoding and remove possible injections for pg_insert()/pg_update()/pg_delete()/pg_select().