5.3.12009-11-19stableThe PHP development team is proud to announce the immediate release of PHP 5.3.1. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.
**Security Enhancements and Fixes in PHP 5.3.1:**
- Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
- Added missing sanity checks around exif processing.
- Fixed a safe_mode bypass in tempnam().
- Fixed a open_basedir bypass in posix_mkfifo().
- Fixed bug #50063 (safe_mode_include_dir fails).
- Fixed bug #44683 (popen crashes when an invalid mode is passed).
**Key Bug Fixes in PHP 5.3.1 include:**
- Fixed crash in com_print_typeinfo when an invalid typelib is given.
- Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection.
- Fixed crash when instantiating PDORow and PDOStatement through Reflection.
- Fixed bug #49910 (no support for ././@LongLink for long filenames in phar tar support).
- Fixed bug #49908 (throwing exception in __autoload crashes when interface is not defined).
- Around 100 other bug fixes
For users upgrading from PHP 5.2 there is a migration guide available [here](http://php.net/migration53), detailing the changes between those releases and PHP 5.3.
For a full list of changes in PHP 5.3.1, see the [ChangeLog](/ChangeLog-5.php#5.3.1).Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia)Added missing sanity checks around exif processing. (Ilia)Fixed a safe_mode bypass in tempnam(). (Rasmus)Fixed a open_basedir bypass in posix_mkfifo(). (Rasmus)(safe_mode_include_dir fails). (Johannes, christian at elmerot dot se)50063