PHP

5.4.20

Released on 19 Sep 2013
Project description.
PHP is a popular general-purpose scripting language that is especially suited to web development
PHP 5.4.20 Changelog
  • Core:
    • Fixed bug #60598 (cli/apache sapi segfault on objects manipulation).
    • Fixed bug #65579 (Using traits with get_class_methods causes segfault).
    • Fixed bug #65490 (Duplicate calls to get lineno & filename for DTRACE_FUNCTION_*).
    • Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding spaces).
    • Fixed bug #65481 (shutdown segfault due to serialize).
    • Fixed bug #65470 (Segmentation fault in zend_error() with --enable-dtrace).
    • Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference fails).
    • Fixed bug #65304 (Use of max int in array_sum).
    • Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very limited case).
    • Fixed bug #65225 (PHP_BINARY incorrectly set).
    • Improved fix for bug #63186 (compile failure on netbsd).
    • Fixed bug #62692 (PHP fails to build with DTrace).
    • Fixed bug #61759 (class_alias() should accept classes with leading backslashes).
    • Fixed bug #61345 (CGI mode - make install don't work).
    • Cherry-picked some DTrace build commits (allowing builds on Linux, bug #62691 and bug #63706) from PHP 5.5 branch.
    • Fixed bug #61268 (--enable-dtrace leads make to clobber Zend/zend_dtrace.d)
  • cURL:
    • Fixed bug #65458 (curl memory leak).
  • Datetime:
    • Fixed bug #65554 (createFromFormat broken when weekday name is followed by some delimiters)
    • Fixed bug #65564 (stack-buffer-overflow in DateTimeZone stuff caught by AddressSanitizer)
  • Openssl:
    • Fixed bug #64802 (openssl_x509_parse fails to parse subject properly in some cases).
  • Session:
    • Fixed bug #62129 (rfc1867 crashes php even though turned off).
    • Fixed bug #50308 (session id not appended properly for empty anchor tags).
    • Fixed possible buffer overflow under Windows. Note: Not a security fix.
    • Changed session.auto_start to PHP_INI_PERDIR.
  • SOAP:
    • Fixed bug #65018 (SoapHeader problems with SoapServer).
  • SPL:
    • Fixed bug #65328 (Segfault when getting SplStack object Value).
  • PDO:
    • Fixed bug #64953 (Postgres prepared statement positional parameter casting).
  • Phar:
    • Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for some specific contents).
  • Pgsql:
    • Fixed bug #65336 (pg_escape_literal/identifier() silently returns false).
    • Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update() /pg_delete()/pg_insert()).
  • Zlib:
    • Fixed bug #65391 (Unable to send vary header user-agent when ob_start('ob_gzhandler') is called).