This release focuses on improving the stability of the
PHP 5.2.x branch with over 60 bug fixes, some of which
are security related. All users of PHP 5.2 are encouraged
to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.12:
- Fixed a safe_mode bypass in tempnam() identified by
Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo()
identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
- Added "max_file_uploads" INI directive, which can
be set to limit the number of file uploads per-request
to 20 by default, to prevent possible DOS via temporary
file exhaustion, identified by Bogdan Calin.
(CVE-2009-4017, Ilia)
- Added protection for $_SESSION from interrupt
corruption and improved "session.save_path" check,
identified by Stefan Esser. (CVE-2009-4143, Stas)
- Fixed bug #49785 (insufficient input string
validation of htmlspecialchars()). (CVE-2009-4142,
Moriyoshi, hello at iwamot dot com)