PHP 5.3.6 focuses on improving the stability of the PHP 5.3.x branch with over 60 bug fixes, some of which are security related.
Security enhancements and fixes
- Enforce security in the fastcgi protocol parsing with fpm SAPI.
- Fixed bug #54247 (format-string vulnerability on Phar).
- Fixed bug #54193 (Integer overflow in shmop_read()).
- Fixed bug #54055 (buffer overrun with high values for precision ini setting).
- Fixed bug #54002 (crash on crafted tag in exif).
- Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive).
- Upgraded bundled Sqlite3 to version 3.7.4.
- Upgraded bundled PCRE to version 8.11.
- Added ability to connect to HTTPS sites through proxy with basic authentication using stream_context/http/header/Proxy-Authorization.
- Added options to debug backtrace functions.
- Changed default value of ini directive serialize_precision from 100 to 17.
- Fixed Bug #53971 (isset() and empty() produce apparently spurious runtime error).
- Fixed Bug #53958 (Closures can’t ‘use’ shared variables by value and by reference).
- Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir with a trailing forward slash).
- Over 60 other bug fixes.