max_input_varsdirective to a suitably low value, it makes it impossible to send sufficient parameters to trigger that problem. Another denial of service fix in 5.3.9 addresses an integer overflow when processing EXIF headers in JPEG files.
The release also contains numerous non-security-related fixes to areas including garbage collection, memory management, DateTime, PHP-FPM SAPI and SOAP. The developers describe key enhancements that include stopping the
is_afunction triggering autoload and allowing mysqlnd to be built shared. A full list of the changes can be found in the change log and the updated source code is available from the download page. Windows binaries for 5.3.9 are also available. All PHP users are encouraged to upgrade to 5.3.9 by the developers.
In other PHP news, the fifth release candidate of PHP 5.4.0 has been released. The first release candidate was made available in November 2011. The developers expect another release candidate, which they hope will be "probably the last release candidate", to be released around 21 January. PHP is distributed under the terms of the PHP Licence 3.01.
Visto en www.h-online.com