PHP 5.2.0 Released!

[DReade83]

It's been released? Apparently so! But it's not listed anywhere on the PHP site, nor in WHM's Apache Update area. Read the subscription email from the PHP team below...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The PHP development team is proud to announce the immediate release of PHP 5.2.0. This release is a major improvement in the 5.X series, which includes a large number of new features, bug fixes and security enhancements.

The key features of PHP 5.2.0 include:

* New memory manager for the Zend Engine with improved performance and a more accurate memory usage tracking.
* Input filtering extension was added and enabled by default.
* JSON extension was added and enabled by default.
* ZIP extension for creating and editing zip files was introduced.
* Hooks for tracking file upload progress were introduced.
* Introduced E_RECOVERABLE_ERROR error mode.
* Introduced DateTime and DateTimeZone objects with methods to manipulate date/time information.
* Upgraded bundled SQLite, PCRE libraries.
* Upgraded OpenSSL, MySQL and PostgreSQL client libraries for Windows installations.
* Many performance improvements.
* Over 200 bug fixes.

Security Enhancements and Fixes in PHP 5.2.0:

* Made PostgreSQL escaping functions in PostgreSQL and PDO extension keep track of character set encoding whenever possible.
* Added allow_url_include, set to Off by default to disallow use of URLs for include and require.
* Disable realpath cache when open_basedir and safe_mode are being used.
* Improved safe_mode enforcement for error_log() function.
* Fixed a possible buffer overflow in the underlying code responsible for htmlspecialchars() and htmlentities() functions.
* Added missing safe_mode and open_basedir checks for the cURL extension.
* Fixed overflow is str_repeat() & wordwrap() functions on 64bit machines.
* Fixed handling of long paths inside the tempnam() function.
* Fixed safe_mode/open_basedir checks for session.save_path, allowing them to account for extra parameters.
* Fixed ini setting overload in the ini_restore() function.
All users of PHP, especially those using earlier PHP 5 releases are advised to upgrade to this release as soon as possible. This release also obsoletes the 5.1 branch of PHP.

For users upgrading from PHP 5.0 and PHP 5.1 there is an upgrading guide available at http://www.php.net/UPDATE_5_2.txt, detailing the changes between those releases and PHP 5.2.0.

For a full list of changes in PHP 5.2.0, see the ChangeLog (http:// www.php.net/ChangeLog-5.php#5.2.0).


Ilia Alshanetsky
5.2 Release Manager


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFFSjUoLKekh381/CERAkbWAJ9sYFdxCO3XSBi6TsCx1mec+lgJPACcCPtz
aYsI1OpWDYZOBvXu9iHNVWk=
=DQx2
-----END PGP SIGNATURE-----

--
PHP Announcements Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

All the links provided above either '404' or simply don't list PHP 5.2.0!

cPanel Staff: How do I add PHP 5.2.0 to my list of available PHP versions when updating Apache?

 

[kernow]

According to the post at php.net, it was released today ( 2-nov-2006 ) so don't expect cpanel to make it available any time soon.

 

[Bulent Tekcan]

Woooahhh tons of added function and bugfix

Thanks for this info

 

[NT]

Let's hope they add it fairly soon

 

[ealex]

yeah especially since:

http://secunia.com/advisories/22653/

and those two functions are relatively popular in blogging and forum software

 

[Olate]

http://bugzilla.cpanel.net/show_bug.cgi?id=4770

 

[netlook]

What about PHP4 users???? When this bug will be solved???

 

[Olate]

What do you mean "what about PHP 4 users"? This does not mean PHP 4 will disappear, although you should upgrade to PHP 5 since it has been out for several years now.

 

[kuwaitnt]

it is bad news if they stop php 4

there are alot of our hosting client use php4 scripts

 

[Olate]

I don't see them stopping PHP 4. This is just adding 5.2 to the options. Most scripts will actually work fine with PHP 5 anyway. At least they should do if they're written properly. Any decent 3rd party apps will also support PHP 5 now too. We upgraded our servers to PHP 5.1 ages ago and have had no complaints from customers.

 

[viptexting]

How long is it going to take cPanel to add this?!!!

It's been out 4 days already!!!

 

[d_t]

The problem is: why PHP didn't come with a new version for PHP 4.x, to solve the latest security problem? However, PHP4 is still listed in http://snaps.php.net/

There are some incompatibilities between PHP 4 and 5 (especially for classes) so an upgrade to php5 on a server that contains several hundred websites is not an easy task.

PHP 5.2.0 can be compiled and installed over PHP 5.1.6, even on a server with cPanel (from ssh console). Is better to have a copy of the previous php version /usr/local/apache/libexec/libphp5.so just in case apache is not starting.

 

[color]

latest Zend Optimizer is not compatible with PHP 5.2 yet

 

[viptexting]

The problem is: why PHP didn't come with a new version for PHP 4.x, to solve the latest security problem? However, PHP4 is still listed in http://snaps.php.net/

There are some incompatibilities between PHP 4 and 5 (especially for classes) so an upgrade to php5 on a server that contains several hundred websites is not an easy task.

PHP 5.2.0 can be compiled and installed over PHP 5.1.6, even on a server with cPanel (from ssh console). Is better to have a copy of the previous php version /usr/local/apache/libexec/libphp5.so just in case apache is not starting.

If your PHP 4 classes are well written you will have no problems with upgrading to PHP 5

 

[Bulent Tekcan]

PHP 5.2.0 available in WHM Apache Update...

Thanks for this update

 

[takeover]

How long is it going to take cPanel to add this?!!!

It's been out 4 days already!!!

i can't imagine how anoying this stuff is for the cpanel staff

4 days is nothing, it's out now, but to give that amount of exclimation points after something has been out for 4 days is rediculous. if you want to be an early adopter cpanel probably isn't for you, if you want stability, maybe it is.

 

[dreamwiz]

If you are still running PHP4... you really shouldn't. We upgraded to PHP 5 already in summer 2005 without any issues and this was done in multiple servers. Just let your users know about the update good time in advance. If the code is done properly you really shouldn't have any issues and almost all software works with PHP5 now. If it doesnt, it's just badly outdated or bad programming.

Let's face it, PHP6 is on it's way and support for PHP4 will come to an end sooner or later.


P.S. You dont have to wait for cPanel to get PHP 5.2.0 - you can install it manually and have it running right away.

 

[casey]

latest Zend Optimizer is not compatible with PHP 5.2 yet

That bears repeating.

 

[d_t]

Looks like it won't be a compatible Zend Optimizer soon ..
http://www.zend.com/forums/index.php?t=msg&th=2272

Also, php should first release a version for 5.1.x that only fix the security bugs before going to 5.2.x

I think the only way is to use the patched version from http://www.hardened-php.net/downloads.13.html until new Zend Optimizer is ready.