PHP 5.2.5

eunjea의 이미지

11월 8일에 PHP 5.2.5가 릴리즈 되었네요.

http://www.php.net/ChangeLog-5.php

Security Fixes

* Fixed dl() to only accept filenames. reported by Laurent Gaffie.
* Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
* Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences.
* Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
* Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications reported by SecurityReason.
* Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).
* Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).

소타의 이미지

제가 제출한 패치는 반영 되었는데 changes에는 나오지 않았네요 ㅋ;
어쨌든 빨리 우분투 패키지로 풀렸으면 좋겠네요 버그 때문에 소스 컴파일해서 쓰는거 이젠 너무 귀찮아요 ㅠㅠ