PHP 5.2.0 Release

PHP 5.2.0 Release Announcement

The PHP development team is proud to announce the immediate release of PHP 5.2.0. This release is a major improvement in the 5.X series, which includes a large number of new features, bug fixes and security enhancements.

The key features of PHP 5.2.0 include:

* New memory manager for the Zend Engine with improved performance and a more accurate memory usage tracking.
* Input filtering extension was added and enabled by default.
* JSON extension was added and enabled by default.
* ZIP extension for creating and editing zip files was introduced.
* Hooks for tracking file upload progress were introduced.
* Introduced E_RECOVERABLE_ERROR error mode.
* Introduced DateTime and DateTimeZone objects with methods to manipulate date/time information.
* Upgraded bundled SQLite, PCRE libraries.
* Upgraded OpenSSL, MySQL and PostgreSQL client libraries for Windows installations.
* Many performance improvements.
* Over 200 bug fixes.

Security Enhancements and Fixes in PHP 5.2.0:

* Made PostgreSQL escaping functions in PostgreSQL and PDO extension keep track of character set encoding whenever possible.
* Added allow_url_include, set to Off by default to disallow use of URLs for include and require.
* Disable realpath cache when open_basedir and safe_mode are being used.
* Improved safe_mode enforcement for error_log() function.
* Fixed a possible buffer overflow in the underlying code responsible for htmlspecialchars() and htmlentities() functions.
* Added missing safe_mode and open_basedir checks for the cURL extension.
* Fixed overflow is str_repeat() & wordwrap() functions on 64bit machines.
* Fixed handling of long paths inside the tempnam() function.
* Fixed safe_mode/open_basedir checks for session.save_path, allowing them to account for extra parameters.
* Fixed ini setting overload in the ini_restore() function.

Ref