5.4.42012-06-14stablePHP 5.4.4 fixes an security issue in the implementation of crypt() and a heap overflow in the Phar extension. Over 30 bugs were fixed
Please note that php://fd is now only available if the CLI SAPI is usedImproved performance while sending error page, this also fixed bug (Memory leak when access a non-exists file without router)61785(functions related to current script failed when chdir() in cli sapi)61546Fixed missing bound check in iptcparse()Fixed CVE-2012-2143CVE-2012-2143(fix for bug [#54547](http://bugs.php.net/54547))62097(unexpected behavior when incrementally assigning to a member of a null object)62005(Object recursion not detected for classes that implement JsonSerializable)61978(long overflow in realpath_cache_get())61991(ZTS build doesn't accept zend.script_encoding config)61922(incorrect \e processing on Windows)61827(__clone/__destruct do not match other methods when checking access controls)61782('Overriding' a private static method with a different signature causes crash)61761(Segfault from array_walk modifying an array passed by reference)61730(PHP crash when calling ob_start in request_shutdown phase)61728(bin2hex(hex2bin($data)) != $data)61660(ini parser crashes when using ${xxxx} ini variables (without apache2))61650(header_remove() does not remove all headers)61605(wrong equality of string numbers)54547([PATH=] sections incompatibility with user_ini.filename set to null)54197Changed php://fd to be available only for CLI(CURLOPT_COOKIEFILE '' raises open_basedir restriction)61948com_dotnet cannot be built shared62146(Uninitialised value used in libmagic)61812(Uninitialised value used in libmagic)61812where php_stream_open_wrapper_ex tries to open a directory descriptor under windows61565failure caused by the posix lseek and read versions under windows in cdf_read()61566Fixed a bug that iconv extension fails to link to the correct library when another extension makes use of a library that links to the iconv library. See [https://bugs.gentoo.org/show_bug.cgi?id=364139](https://bugs.gentoo.org/show_bug.cgi?id=364139) for detail(Memory corruption in internal function get_icu_disp_value_src_php()62082(json_encode() incorrectly truncates/discards information)61537(Libxml tests failed(ht is already destroyed))61617(A parsing bug in the prepared statements can lead to access violations). (CVE-2012-3450)61755CVE-2012-3450(Secunia SA44335) (CVE-2012-2386)61065CVE-2012-2386(file_get_contents leaks when access empty file with maxlen set)61961(using ob_gzhandler will complain about headers already sent when no compression)61820(can't change zlib.output_compression on the fly)61443(zlib.output_compression fails on refresh)60761