0
MySQL Community Server 5.1 (5.1.50 GA, published on Wednesday, 18 Aug 2010)
Our approach with WordPress has always been to make it run on common server configurations. We want users to have flexibility when choosing a host for their precious content. Because of this strategy, WordPress runs pretty much anywhere. Web hosting platforms, however, change over time, and we occasionally are able to reevaluate some of the requirements for running WordPress. Now is one of those times. You probably guessed it from the title — we’re finally ready to announce the end of support for PHP 4 and MySQL 4!
First up, the announcement that developers really care about. WordPress 3.1, due in late 2010, will be the last version of WordPress to support PHP 4.
For WordPress 3.2, due in the first half of 2011, we will be raising the minimum required PHP version to 5.2. Why 5.2? Because that’s what the vast majority of WordPress users are using, and it offers substantial improvements over earlier PHP 5 releases. It is also the minimum PHP version that the Drupal and Joomla projects will be supporting in their next versions, both due out this year.
The numbers are now, finally, strongly in favor of this move. Only around 11 percent of WordPress installs are running on a PHP version below 5.2. Many of them are on hosts who support PHP 5.2 — users merely need to change a setting in their hosting control panel to activate it. We believe that percentage will only go down over the rest of the year as hosting providers realize that to support the newest versions of WordPress (or Drupal, or Joomla), they’re going to have to pull the trigger.
In less exciting news, we are also going to be dropping support for MySQL 4 after WordPress 3.1. Fewer than 6 percent of WordPress users are running MySQL 4. The new required MySQL version for WordPress 3.2 will be 5.0.15.
WordPress users will not be able to upgrade to WordPress 3.2 if their hosting environment does not meet these requirements (the built-in updater will prevent it). In order to determine which versions your host provides, we’ve created the Health Check plugin. You can download it manually, or use this handy plugin installation tool I whipped up. Right now, Health Check will only tell you if you’re ready for WordPress 3.2. In a future release it will provide all sorts of useful information about your server and your WordPress install, so hang on to it!
In summary: WordPress 3.1, due in late 2010, will be the last version of WordPress to support PHP 4 and MySQL 4. WordPress 3.2, due in the first half of 2011, will require PHP 5.2 or higher, and MySQL 5.0.15 or higher. Install the Health Check plugin to see if you’re ready!
The PHP development team would like to announce the immediate
availability of PHP 5.3.3. This release focuses on improving the
stability and security of the PHP 5.3.x branch with over 100 bug
fixes, some of which are security related. All users are encouraged
to upgrade to this release.
Backwards incompatible change:
- Methods with the same name as the last element of a namespaced class name
will no longer be treated as constructor. This change doesn't affect
non-namespaced classes.
<?php namespace Foo; class Bar { public function Bar() { // treated as constructor in PHP 5.3.0-5.3.2 // treated as regular method in PHP 5.3.3 } } ?>There is no impact on migration from 5.2.x because namespaces were only introduced in PHP 5.3.
- Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).
- Fixed a possible resource destruction issues in shm_put_var().
- Fixed a possible information leak because of interruption of XOR operator.
- Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.
- Fixed a possible memory corruption in ArrayObject::uasort().
- Fixed a possible memory corruption in parse_str().
- Fixed a possible memory corruption in pack().
- Fixed a possible memory corruption in substr_replace().
- Fixed a possible memory corruption in addcslashes().
- Fixed a possible stack exhaustion inside fnmatch().
- Fixed a possible dechunking filter buffer overflow.
- Fixed a possible arbitrary memory access inside sqlite extension.
- Fixed string format validation inside phar extension.
- Fixed handling of session variable serialization on certain prefix characters.
- Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
- Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
- Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.
- Fixed possible buffer overflows when handling error packets in mysqlnd.
- Upgraded bundled sqlite to version 3.6.23.1.
- Upgraded bundled PCRE to version 8.02.
- Added FastCGI Process Manager (FPM) SAPI.
- Added stream filter support to mcrypt extension.
- Added full_special_chars filter to ext/filter.
- Fixed a possible crash because of recursive GC invocation.
- Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
- Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
- Fixed bug #52060 (Memory leak when passing a closure to method_exists()).
- Fixed bug #52001 (Memory allocation problems after using variable variables).
- Fixed bug #51723 (Content-length header is limited to 32bit integer with Apache2 on Windows).
- Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3).
The PHP development team would like to announce the immediate
availability of PHP 5.2.14. This release focuses on improving the
stability of the PHP 5.2.x branch with over 60 bug fixes, some of which
are security related.
This release marks the end of the active support for PHP
5.2. Following this release the PHP 5.2 series will receive no further
active bug maintenance. Security fixes for PHP 5.2 might be published on a
case by cases basis. All users of PHP 5.2 are encouraged to upgrade to
PHP 5.3.
Security Enhancements and Fixes in PHP 5.2.14:
- Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.
- Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
- Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
- Fixed a possible memory corruption in substr_replace().
- Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
- Fixed a possible stack exaustion inside fnmatch().
- Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
- Fixed handling of session variable serialization on certain prefix characters.
- Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.
- Upgraded bundled PCRE to version 8.02.
- Updated timezone database to version 2010.5.
- Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
- Fixed bug #52237 (Crash when passing the reference of the property of a non-object).
- Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
- Fixed bug #51822 (Segfault with strange __destruct() for static class variables).
- Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues).
- Fixed bug #49267 (Linking fails for iconv on MacOS: "Undefined symbols: _libiconv").
Based on community requests, we are excited to announce the release of Magento CE 1.3.3.0-Stable with support for 3-D Secure. This release is intended for Magento merchants using version 1.3.x, who want to add support for 3-D Secure. The release is available through Magento Connect Manager, or through our download section under “Release Archives”.
To see a full list of features and fixed issues, please visit our release notes page. Diff files are available here.
Please report all issues with this release in the bug tracker.
Important Note 1: If the Magento Compilation Module is enabled it must be disabled before attempting to upgrade. After upgrading is done, click on “Run Compilation Process” to process and enable it again.
Please Note: We do NOT recommend upgrading a production installation of Magento directly. Please backup database and all files before upgrading. Please make sure to check file permissions before trying to upgrade through your Magento Connect Manager.
 | FROM THE MAGENTO TWITTER FEED Magento CAB Meeting - May 17th 2010 - http://bit.ly/9nOKEx #magento |   |  | NOW AVAILABLE |
Hi everyone,
We are sorry to announce the immediate release of phpBB 3.0.7-PL1 to address a security issue which was introduced in 3.0.7, unfortunately the issue wasn't noticed during testing and has only surfaced a week after the release of 3.0.7.
Lees verder »
Lees verder »
The PHP development team is proud to announce the immediate release of PHP 5.3.2. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.
Security Enhancements and Fixes in PHP 5.3.2:
- Improved LCG entropy. (Rasmus, Samy Kamkar)
- Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
Key Bug Fixes in PHP 5.3.2 include:
- Added support for SHA-256 and SHA-512 to php's crypt.
- Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check.
- Fixed bug #51059 (crypt crashes when invalid salt are given).
- Fixed bug #50940 Custom content-length set incorrectly in Apache sapis.
- Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long).
- Fixed bug #50723 (Bug in garbage collector causes crash).
- Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16).
- Fixed bug #50632 (filter_input() does not return default value if the variable does not exist).
- Fixed bug #50540 (Crash while running ldap_next_reference test cases).
- Fixed bug #49851 (http wrapper breaks on 1024 char long headers).
- Over 60 other bug fixes.
For users upgrading from PHP 5.2 there is a migration guide available here, detailing the changes between those releases and PHP 5.3.
Further information and downloads:
For a full list of changes in PHP 5.3.2, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/.
Hello everyone,
We are pleased to announce the release of phpBB "Run bugs, run! Bertie is coming!" 3.0.7. This new version is a maintenance release fixing a number of a bugs as well as improving on usability and performance. We have entirely overhauled the Feed feature, fixing a lot of bugs and odd behaviours. Some problems with the automated updater have been solved, so if you are still on 3.0.5 this update should work a lot better for you.
Lees verder »
Lees verder »
The PHP development team would like to announce the immediate availability of PHP 5.2.13. This release focuses on improving the stability of the PHP 5.2.x branch with over 40 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.13:
- Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. (Ilia)
- Improved LCG entropy. (Rasmus, Samy Kamkar)
Further details about the PHP 5.2.13 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.
Magento CE version 1.4.0.1 Stable is now available for download and upgrade.
Please Note: We do NOT recommend upgrading a production installation of Magento directly. Please backup database and all files before upgrading. Please make sure to check file permissions before trying to upgrade through your Magento Connect Manager.
This release mainly fixes an upgrade issue that was experienced while upgrading through Magento Connect Manager and a cache issue in specific environments.
We highly recommend disabling Magento cache before upgrading.
To see a full list of features and fixed issues please visit our release notes page. Diff files are available here.
Since version 1.4.0.0 for security reasons the trace in the Magento error report page is disabled by default. The “Error log number” does not give any information about the error. To enable the trace copy the errors/local.xml.sample to errors/local.xml and follow the instructions described in that file.
Please report all issues with this release in the bug tracker.
Important Note 1: If the Magento Compilation Module is enabled it must be disabled before attempting to upgrade. After upgrading is done, click on “Run Compilation Process” to process and enable it again.
Important Note 2: If you are running Magento in a cluster environment and are using a shared cache (e.g. Memcached) you will now need to also make sure to configure Magento to use Database as the “slow” backend cache.
| FROM THE MAGENTO TWITTER FEED | | | NOW AVAILABLE |
Terug naar boven