Zend has released a new update for Zend Core 2.5 which includes the latest PHP 5.2.6 maintenance release and a number of other updates. This update is provided free of charge to any customer with a Zend Core support contract. This release includes:
- Latest PHP stable version, PHP 5.2.6 – This release includes over 120 bug fixes and security fixes. Key security fixes are:
- Fixed possible stack buffer overflow in the FastCGI SAPI
- Fixed integer overflow in printf()
- Fixed security issue detailed in CVE-2008-0599
- Fixed a safe_mode bypass in CURL
- Properly address incomplete multibyte chars inside escapeshellcmd()
- The Oracle oci8 support was updated to V.2.4 which adds support for Oracle 11g, several key enhancements and various bug fixes. Key improvements are:
- Fixed PECL bug #10194 (crash in Oracle client when memory limit reached in the callback)
- Allowed statement cache size to be set for non-persistent connections
- Improved oci_password_change() to close persistent connections on shutdown (to update hashed connection details)
- Changed oci_pconnect() to behave like oci_connect() when SYSDBA and SYSOPER privileges are used
- The Linux update also includes the latest version of OpenSSL (v0.9.8g), CURL (7.18.1) and Zend Optimizer (3.3.5)
All Zend Core customers are encouraged to upgrade as soon as possible for the most reliable PHP environment.