PHP 发布了三个更新版本,分别是 5.4.44 、5.5.28 和 5.6.12,这三个版本主要是安全方面的更新,详细内容请看 ChangeLog。
Version 5.6.12
06 Aug 2015
Core:
Fixed bug #70012 (Exception lost with nested finally block).
Fixed bug #70002 (TS issues with temporary dir handling).
Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls).
Fixed bug #69892 (Different arrays compare indentical due to integer key truncation).
Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref).
CLI server:
Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL).
Fixed bug #64878 (304 responses return Content-Type header).
GD:
Fixed bug #53156 (imagerectangle problem with point ordering).
Fixed bug #66387 (Stack overflow with imagefilltoborder).
Fixed bug #70102 (imagecreatefromwebm() shifts colors).
Fixed bug #66590 (imagewebp() doesn't pad to even length).
Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px).
Fixed bug #70064 (imagescale(..., IMG_BICUBIC) leaks memory).
Fixed bug #69024 (imagescale segfault with palette based image).
Fixed bug #53154 (Zero-height rectangle has whiskers).
Fixed bug #67447 (imagecrop() add a black line when cropping).
Fixed bug #68714 (copy 'n paste error).
Fixed bug #66339 (PHP segfaults in imagexbm).
Fixed bug #70047 (gd_info() doesn't report WebP support).
ODBC:
Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns).
OpenSSL:
Fixed bug #69882 (OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra cert).
Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure).
Phar:
Improved fix for bug #69441.
Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory).
SOAP:
Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions).
SPL:
Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items).
Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject).
Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage).
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList).
Standard:
Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes).
Version 5.5.28
06-Aug-2015
Core:
Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls).
Fixed bug #69892 (Different arrays compare indentical due to integer key truncation).
Fixed bug #70002 (TS issues with temporary dir handling).
Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref).
OpenSSL:
Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure).
Phar:
Improved fix for bug #69441.
Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory).
SOAP:
Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions).
SPL:
Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items).
Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject).
Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage).
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList).
Version 5.4.44
06-Aug-2015
Core:
Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls).
Fixed bug #69892 (Different arrays compare indentical due to integer key truncation).
Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref).
OpenSSL:
Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure).
Phar:
Improved fix for bug #69441.
Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory).
SOAP:
Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions).
SPL:
Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items).
Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject).
Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage).
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList).
PHP 的详细介绍:请点这里
PHP 的下载地址:请点这里