1
h
http://www.php.net/archive/2010.php#id2010-12-10-1Security Enhancements and Fixes in PHP 5.3.4:Fixed crash in zip extract method (possible CWE-170).
Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).
Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
Fixed symbolic resolution support when the target is a DFS share.
Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).
Key Bug Fixes in PHP 5.3.4 include:
Added stat support for zip stream.
Added follow_location (enabled by default) option for the http stream support.
Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.
Multiple improvements to the FPM SAPI.
Over 100 other bug fixes.
I've installed
5.3.4 Windows binary (VC9 x86 Thread Safe) on my
WampServer version using
these instructions, and everything seems to work fine so far with XOOPS 2.5.0.
