News Archive
PhpRiot Newsletter
Your Email Address:

More information

PHP 5.3.4 Released!

Note: This article was originally published at news & announcements on 10 December 2010. news & announcements

The PHP development team is proud to announce the immediate release of PHP 5.3.4. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.

Security Enhancements and Fixes in PHP 5.3.4:

  • Fixed crash in zip extract method (possible CWE-170).
  • Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).
  • Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
  • Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
  • Fixed possible flaw in open_basedir (CVE-2010-3436).
  • Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
  • Fixed symbolic resolution support when the target is a DFS share.
  • Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).

Key Bug Fixes in PHP 5.3.4 include:

  • Added stat support for zip stream.
  • Added follow_location (enabled by default) option for the http stream support.
  • Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
  • Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.
  • Multiple improvements to the FPM SAPI.
  • Over 100 other bug fixes.

For users upgrading from PHP 5.2 there is a migration guide available here, detailing the changes between those releases and PHP 5.3.

For a full list of changes in PHP 5.3.4, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on