5.4.12012-04-26stableThe PHP development team announces the immediate availability of PHP 5.4.1. This release focuses on improving the stability of the PHP 5.4 branch with over 60 bug fixes, some of which are security related.
Security Enhancements for PHP 5.4.1:
- Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). (Stas, lekensteyn at gmail dot com, Pierre)
- Add open_basedir checks to readline_write_history and readline_read_history. (Rasmus, reported by Mateusz Goik)
Key enhancements in PHP 5.4.1 include:
- Added debug info handler to DOM objects. (Gustavo, Joey Smith)
- Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones)
For a full list of changes in PHP 5.4.1, see the [ChangeLog](/ChangeLog-5.php#5.4.1). For source downloads please visit our [downloads page](/downloads.php), Windows binaries can be found on [windows.php.net/download/](http://windows.php.net/download/).
All users of PHP are strongly encouraged to upgrade to PHP 5.4.1.(missing checks around malloc() calls).61461Implemented FR [#60850](http://bugs.php.net/60850) (Built in web server does not set $_SERVER['SCRIPT_FILENAME'] when using router).Fixed crash in ZTS using same class in many threads.(html_entity_decode tries to decode code points that don't exist in ISO-8859-1).61374(Incorrect lexing of 0b00*+<NUM>).61225(Segfault when using header_register_callback).61106(Missing error check in trait 'insteadof' clause).61052(Crash when an exception is thrown by __autoload accessing a static property).61011(exit code incorrect).60978(Confusing error message when extending traits).60911(Order of traits in use statement can cause a fatal error).60717(type hinting with "self" keyword causes weird errors).60573Fix fileinfo test problems.(Incorrent bounds checking in grapheme_strpos).61487MFH mb_ereg_replace_callback() for security enhancements.(mysqlnd FTBFS when -Wformat-security is enabled).60948Fixed memory leak in substr_replace.Make max_file_uploads ini directive settable outside of php.(Bad formatting on phpinfo()).61409(time_nanosleep() does validate input params).60222(stream_socket_server silently truncates long unix socket paths).60106