PHP 5.1.3 Released [01-May-2006] The PHP development team is proud to announce the release of PHP 5.1.3 [php.net]. This release combines small number of feature enhancements with a significant amount of bug fixes and resolves a number of security issues. All PHP users are encouraged to upgrade to this release as soon as possible. Some of the key changes of PHP 5.1.3 include:
- Disallow certain characters in session names.
- Fixed a buffer overflow inside the wordwrap() function.
- Prevent jumps to parent directory via the 2nd parameter of the tempnam() function.
- Enforce safe_mode for the source parameter of the copy() function.
- Fixed cross-site scripting inside the phpinfo() function.
- Fixed offset/length parameter validation inside the substr_compare() function.
- Fixed a heap corruption inside the session extension.
- Fixed a bug that would allow variable to survive unset().
- Fixed a number of crashes in the DOM, SOAP and PDO extensions.
- Upgraded bunbled PCRE library to version 6.6
- The use of the var keyword to declare properties no longer raises a deprecation E_STRICT.
- FastCGI interface was completely reimplemented.
- Multitude of improvements to the SPL, SimpleXML, GD, CURL and Reflection extensions.
- Over 120 various bug fixes.
Further details about this release can be found in the
release announcement [php.net] and the full list of changes is available in the
PHP 5 ChangeLog [php.net].
