We’ve been paying close attention to new PHP releases, with a focus on the 5.3.x series release branch, but an important security update has been made to the 5.2.x branch. The new max_file_uploads PHP directive will prevent DOS (denial of service) attacks that happen by using file uploads to create temporary file exhaustion. This is an important one, and should be implemented as soon as possible. Links to the release announcement, changelog, and download page are listed below. On a side note, WHM/cPanel has not updated EasyApache yet, but we are assuming this will come soon. We’ve also gotten word that, due to popular demand (thank you everyone), cPanel is working as fast as possible in getting PHP 5.3.1 into EasyApache (see cPanel forum post for more info: http://bit.ly/931YpZ).
Yes, that’s right, another PHP 5.2 version, and the fourth release candidate for PHP 5.3.1… the details are as follows:
- PHP 5.3.1 RC4
- Three bug fixes including one for mysqli and safe_mode_include_dir
- Complete list
- PHP 5.2.12 RC1
- Added max_file_uploads as seen in PHP 5.3.1 RC3, which helps prevent DOS attacks occurring via temporary file exhaustion
- Fixed Snow Leopard build error
- Fixed make install-pear failure
- Fixed parse_url() incorrect with ? in fragment
- Complete list
Clearly, the PHP 5.2.12 release candidate is much more exciting than PHP 5.3.1’s, which tells me we are getting closer to a stable PHP 5.3.1 release. A download link for both versions is included below.
We are yet another release candidate closer to PHP 5.3.1. A link to download PHP 5.3.1 RC3 is included below, as well as links to the changelog and current bugs. One bug fix will help prevent DOS (denial of service) attacks via a new INI directive labeled max_file_uploads. This will default to 100 files per request.