PHP 5.2.11 has been published a few days ago by the PHP Group and its packages are now available for Debian Etch and Lenny, amd64 and i386. It fixes a lot of bugs and some security issues :
- Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
- Fixed sanity check for the color index in imagecolortransparent(). (Pierre)
- Added missing sanity checks around exif processing. (Ilia)
- Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)
To avoid the same negative feedbacks as about PHP 5.2.10, a lot of debug and changes has been made :
- The embedded_timezone patch has been disabled. You now have to set date.timezone manually in your /etc/php5/*/php.ini files, depending on your machine.
- If you encounter problems with some applications and the CGI flavour, remember to set cgi.fix_pathinfo=1 in your php.ini (thanks Scott for reporting this)
As usual, read the full Changelog before upgrading.