Yblog = yourblog,你的優質部落格。願真田幸村紅鎧策馬赤備突擊的身影,帶給我們更多的勇氣。
星期二, 十一月 1, 2005
PHP 4.4.1 正式推出
PHP官方組織幾個小時前剛釋出了PHP 4.4.1,PHP方面建議所有PHP4 網站用戶更新,這個版本是修正bugs為主,比較重要的更新有:
* Fixed a Cross Site Scripting (XSS) vulnerability in phpinfo() that could lead f.e. to cookie exposure, when a phpinfo() script is accidently left on a production server.
* Fixed multiple safe_mode/open_basedir bypass vulnerabilities in ext/curl and ext/gd that could lead to exposure of files normally not accessible due to safe_mode or open_basedir restrictions.
* Fixed a possible $GLOBALS overwrite problem in file upload handling, extract() and import_request_variables() that could lead to unexpected security holes in scripts assumed secure. (For more information, see here).
* Fixed a problem when a request was terminated due to memory_limit constraints during certain parse_str() calls. In some cases this can result in register_globals being turned on.
* Fixed an issue with trailing slashes in allowed basedirs. They were ignored by open_basedir checks, so that specified basedirs were handled as prefixes and not as full directory names.
* Fixed an issue with calling virtual() on Apache 2. This allowed bypassing of certain configuration directives like safe_mode or open_basedir.
* Updated to the latest pcrelib to fix a possible integer overflow vulnerability announced in CAN-2005-2491.

有興趣的話可以看看 PHP 4.4.1 完整的更新內容列表

下載連結:
windows版
原始檔
More... funp HemiDemi MyShare del.icio.us technorati Google Bookmarks Digg
ivan 發表於 2:56 PM | 文章分類: 數位科技, software, www | 標籤列表:

迴響留言
尚無迴響

張貼迴響:
名稱
電子郵件
網址



請輸入你在圖片中看到的文字
引用列表
本篇文章引用網址: http://yblog.org/api/trackback/?id=5238
沒有引用










Collablog Portal enabled