タイトル PHP 4
URL http://www.php.net/downloads.php
バージョン 4.4.9   4.4.8   4.4.7   4.4.6   4.4.5   4.4.4   4.4.3   4.4.2   4.4.1   4.4.0   4.3.11  
更新日 2008/08/08
追加日 2013/08/17
種別 フリーソフト
説明 Webアプリケーションを容易に作成できるスクリプト言語。







2008/08/08 ver 4.4.9

Version 4.4.9
Updated PCRE to version 7.7.
Fixed overflow in memnstr().
Fixed crash in imageloadfont when an invalid font is given.
Fixed open_basedir handling issue in the curl extension.
Fixed bug #37421 (mbstring.func_overload set in .htaccess becomes global).
Added "max_input_nesting_level" php.ini option to limit nesting level of input variables. Fix for MOPB-03-2007.
Last updated: Thu Aug 7 21:40:28 2008 PDT

2008/01/06 ver 4.4.8

Version 4.4.8
Improved fix for MOPB-02-2007.
Fixed an integer overflow inside chunk_split(). Identified by Gerhard Wagner.
Fixed integer overlow in str[c]spn().
Fixed regression in glob when open_basedir is on introduced by #41655 fix.
Fixed money_format() not to accept multiple %i or %n tokens.
Addded "max_input_nesting_level" php.ini option to limit nesting level of input variables. Fix for MOPB-03-2007.
Fixed INFILE LOCAL option handling with MySQL - now not allowed when open_basedir or safe_mode is active.
Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378).
Fixed bug #43010 (Fixed regression in imagearc with two equivelent angles).
Fixed bug #41765 (Recode crashes/does not work on amd64).
Fixed bug #41630 (segfault when an invalid color index is present in the image data).
Fixed bug #41628 (PHP settings leak between Virtual Hosts in Apache 1.3).
Fixed bug #38798 (OpenSSL init corrected in php5 but not in php4).
show source |
Copyright © 2001-2008 The PHP Group
Last updated: Sat Jan 5 21:16:22 2008 PST

2007/05/04 ver 4.4.7

Version 4.4.7
Fixed MOPB-33-2007 (PHP mail() Message ASCIIZ Byte Truncation).
Fixed MOPB-32-2007 (Double free inside session_decode()).
Fixed MOPB-26-2007 (mb_parse_str() can be used to activate register_globals).
Fixed MOPB-24-2007 (Fixed unallocated memory access/double free in in array_user_key_compare()).
Fixed MOPB-22-2007 (PHP session_regenerate_id() Double Free Vulnerability).
Fixed MOPB-21-2007 (An open_basedir/safe_mode bypass inside the compress.bzip2 wraper).
Fixed MOPB-8-2007 (XSS in phpinfo()).
Fixed CVE-2007-1001 (GD wbmp used with invalid image size).
Fixed CVE-2007-0455 (Buffer overflow in gdImageStringFTEx, used by imagettf function).
Fixed bug #41252 (Calling mcrypt_generic without first calling mcrypt_generic_init crashes).
Fixed bug #40998 (long session array keys are truncated).
Fixed bug #40915 (addcslashes unexpected behavior with binary input).
Fixed bug #40831 (cURL extension doesn't clean up the buffer of reused handle).
Fixed bug #40747 (possible crash in session when save_path is out of open_basedir).
Fixed bug #38236 (Binary data gets corrupted on multipart/formdata POST).
Fixed huge CPU usage in imagearc when used with large angles (libgd bug #74).
Fixed CRLF injection inside ftp_putcmd().
Last updated: Fri May 4 04:38:52 2007 PDT

2007/03/01 ver 4.4.6

Version 4.4.6
Updated PCRE to version 7.0.
Fixed segfault in ext/session when register_globals=On.
Fixed bug #40635 (segfault in cURL extension).
Fixed bug #40611 (possible cURL memory error).
Fixed bug #40578 (imagettftext() multithreading issue).
Fixed bug #40502 (ext/interbase compile failure).
Fixed bug #40286 (PHP fastcgi with PHP_FCGI_CHILDREN don't kill children when parent is killed).
Last updated: Thu Mar 1 01:33:24 2007 PST

2007/02/15 ver 4.4.5

conferences |
Version 4.4.5
Upgraded PEAR to 1.5.0.
Updated PCRE to version 6.7.
Moved extensions to PECL: ext/ovrimos
Added a meta tag to phpinfo() output to prevent search engines from indexing the page.
Backported a fix in the configure tests to detect the "rounding fuzz".
Backported fix for ext/imap compilation failure with recent c-client versions.
Fixed missing open_basedir check inside chdir() function.
Fixed bug #40335 (Compile fails when using GCC 4.1.1/binutils 2.17).
Fixed bug #39971 (pg_insert/pg_update do not allow now() to be used for timestamp fields).
Fixed bug #39890 (using autoconf 2.6x and --with-layout=GNU breaks PEAR install path).
Fixed bug #39819 (Using $this not in object context can cause segfaults).
Fixed bug #39653 (ext/dba doesn't check for db-4.5 and db-4.4 when db4 support is enabled).
Fixed bug #39583 (ftp_put() does not change transfer mode to ASCII).
Fixed bug #39458 (ftp_nlist() returns false on empty dirs).
Fixed bug #39354 (Allow building of curl extension against libcurl 7.16.0).
Fixed bug #39034 (curl_exec() with return transfer returns TRUE on empty files).

2006/08/18 ver 4.4.4

Version 4.4.4
Fixed memory_limit on 64bit systems.
Fixed overflow on 64bit systems in str_repeat() and wordwrap().
Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are enabled.
Fixed a memory corruption error with an invalid foreach() call.
Fixed bug #38431 (xmlrpc_get_type() crashes PHP on objects).
Fixed bug #38377 (session_destroy() gives warning after session_regenerate_id()).
Fixed bug #38322 (reading past array in sscanf() leads to arbitary code execution).
Fixed bug #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire).
Fixed bug #38251 (socket_select() and invalid arguments).
Fixed bug #38183 (disable_classes=Foobar causes disabled class to be called Foo).
Fixed bug #38112 (corrupted gif segfaults).
Fixed bug #37265 (Added missing safe_mode & open_basedir checks to imap_body()).
Fixed bug #29538 (number_format and problem with 0).
There is a separate announcement available for this release.
Last updated: Thu Aug 17 13:21:09 2006 PDT

2006/08/04 ver 4.4.3

all php.net sites
this mirror only
online documentation
Site News Archive
All Changelogs
just pear.php.net
just pecl.php.net
just talks.php.net
documentation mailing list
Version 4.4.3
Added control character checks for cURL extension's open_basedir/safe_mode checks.
Added overflow checks to wordwrap() function.
Added a check for special characters in the session name.
Improved safe_mode check for the error_log() function.
Updated PCRE to version 6.6.
Fixed handling of extremely long paths inside tempnam() function.
Fixed XSS inside phpinfo() with long inputs.
Fixed a possible buffer overflow inside create_named_pipe() for Win32 systems in libmysql.c.

2006/01/14 ver 4.4.2

Version 4.4.2
Added missing safe_mode/open_basedir checks into cURL extension.
Backported missing imap_mailcompose() fixes from PHP 5.x.
Prevent header injection by limiting each header to a single line.
Fixed possible XSS inside error reporting functionality.
Fixed Apache 2 regression with sub-request handling on non-linux systems.
Fixed bug #35817 (unpack() does not decode odd number of hexadecimal values).
Fixed bug #35735 ($EGREP not defined in configure).
Fixed bug #35669 (imap_mail_compose() crashes with multipart-multiboundary-email).
Fixed bug #35655 (whitespace following end of heredoc is lost).
Fixed bug #35646 (%{mod_php_memory_usage}n is not reset after exit).
Fixed bug #35594 (Multiple calls to getopt() may result in a crash).
Fixed bug #35571 (Fixed crash in Apache 2 SAPI when more then one php script is loaded via SSI include).
Fixed bug #35536 (mysql_field_type() doesn't handle NEWDECIMAL).
Fixed bug #35410 (wddx_deserialize() doesn't handle large ints as keys properly).
Fixed bug #35341 (Fix for bug #33760 breaks build with older curl).
Fixed bug #35278 (Multiple virtual() calls crash Apache 2 php module).
Fixed bug #35257 (Calling ob_flush after creating an ob callback causes segfault).

2005/11/01 ver 4.4.1

Version 4.4.1
Added missing safe_mode checks for image* functions and cURL.
Added missing safe_mode/open_basedir checks for file uploads.
Fixed a memory corruption bug regarding included files.
Fixed possible INI setting leak via virtual() in Apache 2 sapi.
Fixed possible crash and/or memory corruption in import_request_variables().
Fixed potential GLOBALS overwrite via import_request_variables().
Fixed possible GLOBALS variable override when register_globals are ON.
Fixed possible register_globals toggle via parse_str().
Added "new_link" parameter to mssql_connect(). Bug #34369.
Fixed bug #34850 (--program-suffix and --program-prefix not included in man page names).
Fixed bug #34790 (preg_match_all(), named capturing groups, variable assignment/return => crash).
Fixed bug #34742 (ftp wrapper failures caused from segmented command transfer).
Fixed bug #34704 (Infinite recursion due to corrupt JPEG).
Fixed bug #34645 (ctype corrupts memory when validating large numbers).
Fixed bug #34565 (mb_send_mail does not fetch mail.force_extra_parameters).
Fixed bug #34557 (php -m exits with "error" 1).
Fixed bug #34456 (Possible crash inside pspell extension).

2005/07/12 ver 4.4.0

Version 4.4.0
Added man pages for "phpize" and "php-config" scripts.
Added support for .cc files in extensions.
Added the sorting flag SORT_LOCALE_STRING to the sort() functions which makes them sort based on the current locale.
Changed sha1_file() and md5_file() functions to use streams instead of low level IO.
Fixed memory corruptions when using references in a wrong way.
Fixed memory corruption in pg_copy_from() in case the as_null parameter was passed.
Fixed memory corruption in stristr(). (Derick)
Fixed bug #32685, Fixed bug #29423 (Segfault when using assignment by reference within function).
Fixed bug #33242 (Mangled error message when stream fails).
Fixed bug #33222 (segfault when CURL handle is closed in a callback).
Fixed bug #33214 (odbc_next_result does not signal SQL errors with 2-statement SQL batches).
Fixed bug #33210 (relax jpeg recursive loop protection).
Fixed bug #33200 (preg_replace(): magic_quotes_sybase=On makes 'e' modifier misbehave).
Fixed bug #33150 (shtool: insecure temporary file creation).
Fixed bug #33072 (Add a safemode/open_basedir check for runtime save_path change).
Fixed bug #33070 (Improved performance of bzdecompress() by several orders of magnitude).
Fixed bug #33057 (Don't send extraneous entity-headers on a 304 as per RFC 2616 section 10.3.5).

2005/04/01 ver 4.3.11

Version 4.3.11
Added Oracle Instant Client support
Added checks for negative values to gmp_sqrt(), gmp_powm(), gmp_sqrtrem() and gmp_fact() to prevent SIGFPE
Changed phpize not to require libtool
Updated bundled libmbfl library (used for multibyte functions)
Fixed several leaks in ext/browscap and sapi/embed
Fixed several leaks in ext/filepro
Fixed build system to always use bundled libtool files
Fixed MacOSX shared extensions crashing on Apache startup
Fixed bug #32373 (segfault in bzopen() if supplied path to non-existent file).
Fixed bug #32340 (insert_before($node,NULL) does not return).
Fixed bug #32200 (Prevent using both --with-apxs2 and --with-apxs2filter).
Fixed bug #32114 (DOM crashing when attribute appended to Document).
Fixed bug #32063 (mb_convert_encoding ignores named entity 'alpha').
Fixed bug #31960 (msql_fetch_row() and msql_fetch_array() dropping columns with NULL values).
Fixed bug #31936 (set_h_errno() is redefined incompatibly).
Fixed bug #31911 (mb_decode_mimeheader() is case-sensitive to hex escapes).
Fixed bug #31858 (--disable-cli does not force --without-pear).