Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: PHP Group has released PHP version 5.2.8 SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
PHP Group has released PHP version 5.2.8

Our reader Roseman, dropped us an e-mail (which eventually arrived):

"The PHP Group has released PHP version 5.2.8 to address a vulnerability in the magic_quotes functionality. This vulnerability was introduced in PHP version 5.2.7. In addition to correcting this regression, PHP version 5.2.8 addresses a number of vulnerabilities that were originally addressed by version 5.2.7.

US-CERT encourages users to upgrade to PHP 5.2.8 or implement the workaround as described in the PHP 5.2.8 Release Announcement."

From PHP:
"PHP 5.2.8 Release Announcement

The PHP development team would like to announce the immediate availability of PHP 5.2.8. This release addresses a regression introduced by 5.2.7 in regard to the magic_quotes functionality, that was broken by an incorrect fix to the filter extension. All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively you can apply a work-around for the bug by changing "filter.default_flags=0" in php.ini

For users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.8.

For a full list of changes in PHP 5.2.8, see the ChangeLog."

More details here :


89 Posts
Dec 10th 2008

Sign Up for Free or Log In to start participating in the conversation!