This release is identical to 5.4.5, but with the addition of all patches included in 5.5.0.
These patches, related to the database backends, include code to protect against SQL exploits (where user-entered data isn't escaped before placing it in a query). All queries are built with a modified version of sprintf that escapes dangerous characters from strings.
5.5.0 has been out for over 3 months with some people using it in
production environments without any reports of problems. Even so,
this will be a devel release until others can do more production testing.
Tom Collins - Consolidate table creation code in vmysql.c and vpgsql.c. - Increase SQL_BUF_SIZE from 600 to 2048 for Oracle, Postgres and Sybase. - Add qnprintf() to vpopmail.c for escaping strings in SQL queries. - Use qnprintf() when building queries in vmysql.c, vpgsql.c, voracle.pc, and vsybase.c. - Multiple fixes to vpgsql.c related to freeing PGresults and attempting to access NULL PGresults when reporting errors.