PHP 4.3.11 Release Announcement
PHP Development Team is would like to announce the immediate release of PHP 4.3.11. This is a maintenance release that in addition to over 70 non-critical bug fixes addresses several security issues inside the exif and fbsql extensions as well as the unserialize(), swf_definepoly() and getimagesize() functions.All Users of PHP are strongly encouraged to upgrade to this release.
- Crash in bzopen() if supplied path to non-existent file.
- DOM crashing when attribute appended to Document.
- unserialize() float problem on non-English locales.
- Crash in msg_send() when non-string is stored without being serialized.
- Possible infinite loop in imap_mail_compose().
- Fixed crash in chunk_split(), when chunklen > strlen.
- session_set_save_handler crashes PHP when supplied non-existent object ref.
- Memory leak in zend_language_scanner.c.
- Compile failures of zend_strtod.c.
- Fixed crash in overloaded objects & overload() function.
- cURL functions bypass open_basedir.
For a full list of changes in PHP 4.3.11, see the ChangeLog.