Version 5.5.12
- Core:
- Fixed
bug #61019 (Out of memory on command stream_get_contents).
- Fixed
bug #64330 (stream_socket_server()
creates wrong Abstract Namespace
UNIX sockets).
- Fixed
bug #66182 (exit in stream filter produces segfault).
- Fixed
bug #66736 (fpassthru
broken).
- Fixed
bug #67024 (getimagesize
should recognize BMP
files with negative heighty).
- Fixed
bug #67043 (substr_compare
broke by previous change).
- cURL:
- Fixed
bug #66562 (curl_exec
returns differently than
curl_multi_getcontent).
- Date:
- Fixed
bug #66721 (__wakeup
of DateTime segfaults
when invalid object
data is supplied).
- Embed:
- Fixed
bug #65715 (php5embed.lib isn't provided anymore).
- Fileinfo:
- Fixed
bug #66987 (Memory corruption in fileinfo ext / bigendian).
- FPM:
- Fixed
bug #66482 (unknown
entry 'priority' in php-fpm.conf).
- Fixed
bug #67060 (possible
privilege escalation due
to insecure default configuration). (CVE-2014-0185)).
·
Json:
- Fixed
bug #66021 (Blank line inside empty array/object when
JSON_PRETTY_PRINT is set).
·
LDAP:
- Fixed
issue with null bytes
in LDAP bindings.
·
mysqli:
- Fixed
problem in mysqli_commit()/mysqli_rollback() with
second parameter (extra comma) and third parameters (lack of escaping).
·
Openssl:
- Fixed
bug #66942 (memory leak in openssl_seal()).
- Fixed
bug #66952 (memory leak in openssl_open()).
·
SimpleXML:
- Fixed
bug #66084 (simplexml_load_string()
mangles empty node name).
·
SQLite:
- Fixed
bug #66967 (Updated
bundled libsqlite to 3.8.4.3)
·
XSL:
- Fixed
bug #53965 (<xsl:include> cannot find files with relative paths when loaded with "file://")
·
Apache2 Handler SAPI:
- Fixed
Apache log issue caused by
APR's lack of support for %zu (APR issue
https://issues.apache.org/bugzilla/show_bug.cgi?id=56120)
Version 5.5.11
- Core:
- Fixed
bug #60602 (proc_open()
changes environment array).
- Allow
zero length comparison
in substr_compare().
- cURL:
- Fixed
bug #66109 (Can't
reset CURLOPT_CUSTOMREQUEST to default behaviour).
- Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
- Fileinfo:
- Fixed
bug #66946 (fileinfo:
extensive backtracking in awk
rule regular expression (CVE-2013-7345)).
- FPM:
- Added
clear_env configuration
directive to disable clearenv() call.
- GD:
- Fixed
bug #66714 (imageconvolution
breakage).
- Fixed
bug #66869 (Invalid
2nd argument crashes imageaffinematrixget).
- Fixed
bug #66887 (imagescale
- poor quality of scaled image).
- Fixed
bug #66890 (imagescale
segfault).
- Fixed
bug #66893 (imagescale
ignore method
argument).
- GMP:
- Fixed
bug #66872 (invalid
argument crashes gmp_testbit).
·
Hash:
- hash_pbkdf2() now works correctly if the $length argument is not specified.
·
Intl:
- Fixed
bug #66873 A reproductible
crash in UConverter when
given invalid encoding.
·
Mail:
- Fixed
bug #66535 (Don't
add newline after X-PHP-Originating-Script).
·
MySQLi:
- Fixed
bug #66762 (Segfault
in mysqli_stmt::bind_result()
when link closed).
·
OPCache:
- Added
function opcache_is_script_cached().
- Added
information about interned
strings usage.
·
Openssl:
- Fixed
bug #66833 (Default disgest algo is still MD5, switch to SHA1).
·
SQLite:
- Updated
bundled libsqlite to 3.8.3.1.
·
SPL:
- Added
feature #65545 (SplFileObject::fread()).
Version
5.5.10
06 Mar 2014
- Core:
- Fixed
bug #66574 (Allow
multiple paths in php_ini_scanned_path).
- Date:
- Fixed
bug #45528 (Allow
the DateTimeZone constructor
to accept timezones per offset too).
- Fileinfo:
- Fixed
bug #66731 (file: infinite recursion
(CVE-2014-1943)).
- Fixed
bug #66820 (out-of-bounds memory access in fileinfo
(CVE-2014-2270)).
- GD:
- Fixed
bug #66815 (imagecrop():
insufficient fix for
NULL defer (CVE-2013-7327)).
- JSON:
- Fixed
bug #65753 (JsonSerializeable
couldn't implement on
module extension).
- LDAP:
- Implemented
ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch).
- Openssl:
- Fixed
bug #66501 (Add
EC key support to php_openssl_is_private_key).
- PCRE:
- Pgsql:
- Added
warning for dangerous client encoding and remove possible injections for pg_insert()/pg_update()/pg_delete()/pg_select().