PHP 5.2.1 Released

[Bulent Tekcan]

The PHP development team would like to announce the immediate availability of PHP 5.2.1 This release is a major stability and security enhancement of the 5.X branch, and all users are strongly encouraged to upgrade to it as soon as possible. Further details about this release can be found in the release announcement 5.2.1, the full list of changes is available in the ChangeLog PHP 5.

Security Enhancements and Fixes in PHP 5.2.1:

Fixed possible safe_mode & open_basedir bypasses inside the session extension.
Prevent search engines from indexing the phpinfo() page.
Fixed a number of input processing bugs inside the filter extension.
Fixed unserialize() abuse on 64 bit systems with certain input strings.
Fixed possible overflows and stack corruptions in the session extension.
Fixed an underflow inside the internal sapi_header_op() function.
Fixed allocation bugs caused by attempts to allocate negative values in some code paths.
Fixed possible stack overflows inside zip, imap & sqlite extensions.
Fixed several possible buffer overflows inside the stream filters.
Fixed non-validated resource destruction inside the shmop extension.
Fixed a possible overflow in the str_replace() function.
Fixed possible clobbering of super-globals in several code paths.
Fixed a possible information disclosure inside the wddx extension.
Fixed a possible string format vulnerability in *print() functions on 64 bit systems.
Fixed a possible buffer overflow inside mail() and ibase_{delete,add,modify}_user() functions.
Fixed a string format vulnerability inside the odbc_result_all() function.
Memory limit is now enabled by default.
Added internal heap protection.
Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.
The majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely. However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module. Therefore, we strongly advise all users of PHP, regardless of the version to upgrade to 5.2.1 release as soon as possible. PHP 4.4.5 with equivalent security corrections will be available shortly.

For users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.1.

[viptexting]

And still no cPanel support

[fusioncroc]

I just compile PHP my self now, a lot faster than waiting on other people

[Spiral]

Viptexting, PHP is one of those things that you don't need to wait for Cpanel to add
because manually upgrading PHP is brainlessly easy and actually is much easier to
do it yourself than do it with Cpanel's easyapache or easyphp scripts.

[gundamz]

we don't have to wait for cpanel to release it's own php5 ?

will it break the system if we compile using the source at php.net?

[viptexting]

Viptexting, PHP is one of those things that you don't need to wait for Cpanel to add
because manually upgrading PHP is brainlessly easy and actually is much easier to
do it yourself than do it with Cpanel's easyapache or easyphp scripts.

Oh yer I'm well aware of that, but when I've got several production servers that use PHP it's less time consuming to wait and click upgrade apache, load previous config then tick the correct PHP box and the go button

cPanel usually have the latest PHP versions added to easyapache within a few days anyway, we have to wait on Zend Platform updates which are a bit slow!

[MN-Robert]

Viptexting, PHP is one of those things that you don't need to wait for Cpanel to add
because manually upgrading PHP is brainlessly easy and actually is much easier to
do it yourself than do it with Cpanel's easyapache or easyphp scripts.

While we do our own upgrades, and this is very much the case please note cpanel will not assist you in any way with their control panel or any other software that cpanel installs if your running anything custom ie PHP

[Spiral]

it's less time consuming to wait and click upgrade apache, load previous config then tick the correct PHP box and the go button

Are you insane? That takes at least 10 times the time to upgrade than just simply
compiling yourself which only takes a few seconds and is simple enough that it
can even be totally automated by cronjob (as we do).

While we do our own upgrades, and this is very much the case please note cpanel will not assist you in any way with their control panel or any other software that cpanel installs if your running anything custom ie PHP

Don't make me laugh! 99 times out of 100, I know what's wrong when Cpanel support staff doesn't and I generally
have things resolved in a matter of seconds while they continue to work on the same issue for weeks or even months.

Thanks but no thanks .... not interested in "cpanel support".

[Nhojohl]

How-to: update PHP (5.x.x => 5.2.1)

Download PHP 5.2.1 and put it on your server...

# tar -xfvz php-5.2.1.tar.gz
# cd php-5.2.1

Open a PHP Info page on your server and copy the Configure Command box..

Past it in SSH and hit enter... When it's done, do:

# make
# make install
# service httpd restart


I followed these exact steps to do 5.2.0 => 5.2.1 and it worked well. The only thing I had to do was get rid of xCache to get apache to start.

[Bulent Tekcan]

Still wait cpanel update....

[BamaStangGuy]

As do I..........

[gdns]

As do I..........

so does many of us.

[Fernis]

Is eAccelerator compatible with 5.2.1?

[allanh]

yes , eccelerator is compatible with php 5.2.1