February 27, 2021
Hot Topics:

News Brief: PHP 5.2.12 Update Stamps Out Bugs, Patches Holes

  • By Sean Michael Kerner
  • Send Email »
  • More Articles »

If you're using PHP 5.2.x, it's time to update.

The twelfth update to PHP 5.2 is now out with the PHP 5.2.12 release, providing fixes for five security flaws in addition to 61 other bugs that have now been patched.

Among the security fixes in PHP 5.2.12 is a new "max_file_uploads" directive. The new directive enables developers to set a maximum limit to file uploads, which could help to prevent a possible Denial of Service (DoS) attack vector.

There are also fixes for a pair of different bypass conditions, including a fix for a safe_mode bypass and an open_basedir bypass. The bypass conditions could potentially have enabled an attacker to get around php configurations to trigger some form of unwanted operation.

PHP 5.2.12 also provides additional input string validation for htmlspecialchars(), which is a function that converts special characters (such as ampersands) into HTML equivalents. The $_SESSION array that includes PHP session variables also gets a security boost with additional checks and protections for interrupt corruption.

PHP 5.2 was first released in November 2006. The PHP 5.2.x line had been the leading edge of the PHP language for production use until June of this year when PHP 5.3 was first released.

PHP 5.3 itself was updated to version 5.3.1 at the end of November, fixing five security issues in addition to 133 bugs.

PHP is widely used as part of the LAMP (Linux/Apache/MySQL/PHP) Web application stack and remains a widely deployed language. A recent Elance report gave PHP its "MVP" award as the most consistently in-demand skill during 2009.

This article was originally published on December 21, 2009

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date