The PHP development team is proud to announce the immediate release of
PHP 5.3.4. This is a maintenance release in the 5.3 series, which
includes a large number of bug fixes.

Security Enhancements and Fixes in PHP 5.3.4:
      * Fixed crash in zip extract method (possible CWE-170).
      * Paths with NULL in them (foo\0bar.txt) are now considered as
        invalid (CVE-2006-7243).
      * Fixed a possible double free in imap extension (Identified by
        Mateusz Kocielski). (CVE-2010-4150).
      * Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
      * Fixed possible flaw in open_basedir (CVE-2010-3436).
      * Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
      * Fixed symbolic resolution support when the target is a DFS
      * Fixed bug #52929 (Segfault in filter_var with
        FILTER_VALIDATE_EMAIL with large amount of data)

Key Bug Fixes in PHP 5.3.4 include:
      * Added stat support for zip stream.
      * Added follow_location (enabled by default) option for the http
        stream support.
      * Added a 3rd parameter to get_html_translation_table. It now
        takes a charset hint, like htmlentities et al.
      * Implemented FR #52348, added new constant ZEND_MULTIBYTE to
        detect zend multibyte at runtime.
      * Multiple improvements to the FPM SAPI.

Over 100 other bug fixes.

For users upgrading from PHP 5.2 there is a migration guide
available on <>, detailing the changes between
those releases and PHP 5.3.

For a full list of changes in PHP 5.3.4, see the ChangeLog on
<>. For source downloads
please visit our downloads page on <>,
Windows binaries can be found on <>.

Johannes Schlüter
PHP 5.3 Release Master

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to