PHP 5.2.11 has been published a few days ago by the PHP Group and its packages are now available for Debian Etch and Lenny, amd64 and i386. It fixes a lot of bugs and some security issues :
- Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
- Fixed sanity check for the color index in imagecolortransparent(). (Pierre)
- Added missing sanity checks around exif processing. (Ilia)
- Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)
To avoid the same negative feedbacks as about PHP 5.2.10, a lot of debug and changes has been made :
- The
embedded_timezonepatch has been disabled. You now have to setdate.timezonemanually in your/etc/php5/*/php.inifiles, depending on your machine.
- If you encounter problems with some applications and the CGI flavour, remember to set
cgi.fix_pathinfo=1in yourphp.ini(thanks Scott for reporting this)
As usual, read the full Changelog before upgrading.