Forgot your password?
typodupeerror
PHP Open Source Programming Software Upgrades

PHP 5.6.0 Released 118

Posted by timothy
from the still-hard-to-pronounce dept.
An anonymous reader writes The PHP team has announced the release of PHP 5.6.0. New features include constant scalar expressions, exponentiation using the ** operator, function and constant importing with the use keyword, support for file uploads larger than 2 GB, and phpdbg as an interactive integrated debugger SAPI. The team also notes important changes affecting compatibility. For example: "Array keys won't be overwritten when defining an array as a property of a class via an array literal," json_decode() is now more strict at parsing JSON syntax, and GMP resources are now objects. Here is the migration guide, the full change log, and the downloads page.
This discussion has been archived. No new comments can be posted.

PHP 5.6.0 Released

Comments Filter:
  • by wisnoskij (1206448) on Thursday August 28, 2014 @02:27PM (#47777801) Homepage
    I know. They have been adding standard default programming language features for years now. The last time I worked with it a year or two ago I was struck by how you could not even `getArray()[3];`, you needed to `$tmp = getArray(); $tmp = $tmp[3];`. It is a potentially decent generic language with some really retarded areas, that does not seem to be out of the beta phase of its development yet.
  • by mr_mischief (456295) on Thursday August 28, 2014 @04:21PM (#47779017) Journal

    Here are the lines matching for grep -P 'CVE-\d{4}-\d+':

    Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981)
    Fixed bug #66060 (Heap buffer over-read in DateInterval). (CVE-2013-6712)
    Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)
    Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538)
    Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)
    Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)
    Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)
    Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478)
    Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479)
    Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480)
    Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487)
    Fixed bug #66731 (file: infinite recursion). (CVE-2014-1943)
    Fixed bug #66820 (out-of-bounds memory access in fileinfo). (CVE-2014-2270)
    Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression). (CVE-2013-7345)
    Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure default configuration). (CVE-2014-0185)
    Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120)
    Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497)
    Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()). (CVE-2013-7226)
    Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer). (CVE-2013-7327)
    Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597)
    Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049)
    Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (CVE-2014-4698)
    Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670)
    Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion). (CVE-2014-3515)

    That's not the applications written in PHP, mind you. That's the language system.

Support bacteria -- it's the only culture some people have!

Working...