The PHP development team would like to announce the immediate availability of PHP 5.3.9. This release focuses on improving the stability of the PHP 5.3.x branch with over 90 bug fixes, some of which are security related.
Security Enhancements and Fixes in PHP 5.3.9:
Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885)
Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566)
Key enhancements in PHP 5.3.9 include:
Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of).
Fixed bug #55609 (mysqlnd cannot be built shared)
Many changes to the FPM SAPI module
For a full list of changes in PHP 5.3.9, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/.
All users are strongly encouraged to upgrade to PHP 5.3.9.
What I like about this version is that they were implemented OnDemand Process Manager and also added process.max to limit max process. Now, PHP-FPM should be ready for multiple domains that is hosted on the same server especially useful for Webhosting business. (PHP-FPM process only loaded when needed.) Below is the changed log just for PHP-FPM :
- Fixed bug #60659 (FPM does not clear auth_user on request accept). (bonbons at linux-vserver dot org)
- Fixed bug #60629 (memory corruption when web server closed the fcgi fd). (fat)
- Fixed bug #60179 (php_flag and php_value does not work properly). (fat)
- Fixed bug #55526 (Heartbeat causes a lot of unnecessary events). (fat)
- Fixed bug #55533 (The -d parameter doesn't work). (fat)
- Implemented FR #52569 (Add the "ondemand" process-manager to allow zero children). (fat)
- Fixed bug #55486 (status show BIG processes number). (fat)
- Fixed bug #55577 (status.html does not install). (fat)
- Backported from 5.4 branch (Dropped restriction of not setting the same value multiple times, the last one holds). (giovanni at giacobbi dot net, fat)
- Backported FR #55166 from 5.4 branch (Added process.max to control the number of process FPM can fork). (fat)
- Backported FR #55181 from 5.4 branch (Enhance security by limiting access to user defined extensions). (fat)
- Backported FR #54098 from 5.4 branch (Lowered process manager default value). (fat)
- Backported FR #52052 from 5.4 branch (Added partial syslog support). (fat)
- Implemented FR #54577 (Enhanced status page with full status and details about each processes. Also provide a web page (status.html) for real-time FPM status. (fat)
- Enhance error log when the primary script can't be open. FR #60199. (fat)
- Added .phar to default authorized extensions. (fat)