PHP 5.5.7/5.4.23/5.3.28 緊急發布

來源:互聯網
上載者:User
PHP 5.5.7/5.4.23/5.3.28緊急發布.2013-12-13.上個版本是2013-11-14的5.5.6/5.4.22。全部修正了一個 OpenSSL的安全性漏洞(CVE-2013-6420)5.3本來已停止常規開發也更新了。 總共修正了10幾個Bug(包括Opcache的幾個Bug)及安全性漏洞。

完全改進:
Version 5.5.7
12-Dec-2013
Core:
Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string).
Fixed bug #65969 (Chain assignment with T_LIST failure).
CLI server:
Added some MIME types to the CLI web server.
Implemented FR #65917 (getallheaders() is not supported by the built-in web server) - also implements apache_response_headers()
OPCache:
Fixed bug #66176 (Invalid constant substitution).
Fixed bug #65915 (Inconsistent results with require return value).
Fixed bug #65559 (Opcache: cache not cleared if changes occur while running).
readline:
Fixed bug #65714 (PHP cli forces the tty to cooked mode).
Openssl:
Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420).
Version 5.4.23
12-Dec-2013
Core:
Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string).
Fixed bug #65947 (basename is no more working after fgetcsv in certain situation).
JSON:
Fixed whitespace part of #64874 ("json_decode handles whitespace and case-sensitivity incorrectly").
MySQLi:
Fixed bug #66043 (Segfault calling bind_param() on mysqli).
mysqlnd:
Fixed bug #66124 (mysqli under mysqlnd loses precision when bind_param with 'i').
Fixed bug #66141 (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES after failed query).
OpenSSL:
Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser).
PDO:
Fixed bug #65946 (sql_parser permanently converts values bound to strings).
Version 5.3.28
12-Dec-2013
Openssl:
Fixed handling null bytes in subjectAltName (CVE-2013-4073).
Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser).
下載:
http://cn2.php.net/distributions/php-5.5.7.tar.bz2
http://cn2.php.net/distributions/php-5.4.23.tar.bz2
http://cn2.php.net/distributions/php-5.3.28.tar.bz2


回複討論(解決方案)

更新的也太快了點吧

不是吧!前幾天剛把php5.5.6安裝上去...看來這次漏洞還不小,緊急發布

愁苦,那?多服?器咋更新啊....

聖誕節前最後一版。

生產環境還是5.2.17 不準備升級 穩定才是王道

緊急更新。。。

5.3比5.2快10倍
5.4比5.3快10倍
生產環境還是5.2.17 不準備升級 穩定才是王道

5.3比5.2快10倍
5.4比5.3快10倍

生產環境還是5.2.17 不準備升級 穩定才是王道
對於一般網站來說,這10倍基本上是感覺不出來的,並且還要承擔不穩定的風險,還不如最佳化一下緩衝收益高。

Fixed whitespace part of #64874 ("json_decode handles whitespace and case-sensitivity incorrectly").
===========
這。。。難道是我上次遇到的那個問題。

  • 聯繫我們

    該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

    如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.