Software

Do not upgrade PHP to version 5.3.0!

If you are planing PHP upgrade on your server have in mind that the 5.3.0 version has a bug which was fixed in 5.3.1. If your websites requires register_globals set to On you will have troubles. If there is no php 5.3.1 package available in your distribution repositority try to find it elsewhere or wait a while until it’s compiled for your distro.

What the guys from PHP.net posted about the new version 5.3.1:

The PHP development team would like to announce the immediate availability of PHP 5.3.1. This release focuses on improving the stability of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users of PHP are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.3.1:

  • Added “max_file_uploads” INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
  • Added missing sanity checks around exif processing.
  • Fixed a safe_mode bypass in tempnam().
  • Fixed a open_basedir bypass in posix_mkfifo().
  • Fixed failing safe_mode_include_dir.

Leave a Reply