PHP 5.1.2. Release Announcement
The PHP development team is proud to announce the release of PHP 5.1.2. This release combines small feature enhancements with a fair number of bug fixes and addresses three security issues. All PHP 5 users are encouraged to upgrade to this release.
The security issues resolved include the following:
- HTTP Response Splitting has been addressed in ext/session and in the header() function. Header() can no longer be used to send multiple response headers in a single call.
- Format string vulnerability in ext/mysqli.
- Possible cross-site scripting problems in certain error conditions.
The feature enhancements include the following notables:
- Hash extension was added to core and is now enabled by default. This extension provides support for most common hashing algorithms without reliance on 3rd party libraries.
- XMLWriter was added and enabled by default.
- New OCI8 extension that includes numerous fixes.
- PNG compression support added to the GD extension.
- Added --enable-gcov configure option to enable C-level code coverage.
- getNamespaces() and getDocNamespaces() methods added to SimpleXML extension.
The release also includes over 85 bug fixes with a focus on:
- Correction of the many regressions in the strtotime() function.
- Fixes of several crashes, leaks and memory corruptions found in the imap, pdo, gd, mysqli, mcrypt and soap extensions.
- Corrected problems with the usage of SSI and virtual() in the Apache2 SAPI.
- Build fixes for iconv and sybase_ct extensions.
- Fixed the previously broken Sun(rise|set) functions.
- SQLite libraries upgraded to 2.8.17 and 3.2.8
- Win32 binaries now include libxml2-2.6.22 and libxslt-1.1.15.
For a full list of changes in PHP 5.1.2, see the ChangeLog.