PHP

5.5.22

Released on 19 Feb 2015
Project description.
PHP is a popular general-purpose scripting language that is especially suited to web development
PHP 5.5.22 Changelog
  • Core:
    • Fixed bug #67068 (getClosure returns somethings that's not a closure).
    • Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow).
    • Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273)
    • Added NULL byte protection to exec, system and passthru.
    • Removed support for multi-line headers, as they are deprecated by RFC 7230.
  • Date:
    • Fixed bug #45081 (strtotime incorrectly interprets SGT time zone).
  • Dba:
    • Fixed bug #68711 (useless comparisons).
  • Enchant:
    • Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()). (CVE-2014-9705)
  • Fileinfo:
    • Fixed bug #68827 (Double free with disabled ZMM).
  • FPM:
    • Fixed bug #66479 (Wrong response to FCGI_GET_VALUES).
    • Fixed bug #68571 (core dump when webserver close the socket).
  • Libxml:
    • Fixed bug #64938 (libxml_disable_entity_loader setting is shared between threads).
  • PDO_mysql:
    • Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of named pipes).
  • Phar:
    • Fixed bug #68901 (use after free). (CVE-2015-2301)
  • Pgsql:
    • Fixed bug #65199 (pg_copy_from() modifies input array variable).
  • Sqlite3:
    • Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args).
  • Mysqli:
    • Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support).
    • Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient has rounding errors).
  • Session:
    • Fixed bug #68941 (mod_files.sh is a bash-script).
    • Fixed bug #66623 (no EINTR check on flock).
    • Fixed bug #68063 (Empty session IDs do still start sessions).
  • Standard:
    • Fixed bug #65272 (flock() out parameter not set correctly in windows).
    • Fixed bug #69033 (Request may get env. variables from previous requests if PHP works as FastCGI).
  • Streams:
    • Fixed bug which caused call after final close on streams filter.