著名的开源脚本语言：PHP 5.2.5发布

PHP开发组将会立即宣布PHP 5.2.4的可用性。这个版本集中注意在通过除了解决一些低优先级安全漏洞外的超过60个错误修复来提高PHP 5.2.X分支版本的稳定性上。所有的PHP用户都被鼓励升级到这个版本。

关于PHP 5.2.5的更详细的资料可以在5.2.5的发布通知里找到，完全的更改列表在PHP 5的更改日志。

Security Enhancements and Fixes in PHP 5.2.5:

• Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
• Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.
• Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf
• Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
• Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.
• Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).
• Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).

For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.5.