News Archive - 2009

Here are the most important news items we have published in 2009 on PHP.net.


PHP 5.2.12 Released!

[17-Dec-2009]

The PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.12:

  • Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
  • Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
  • Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)
  • Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas)
  • Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

Further details about the PHP 5.2.12 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.


PHP UK Conference 2010

PHP UK Conference 2010

[09-Dec-2009]

PHP London are pleased to announce the date, venue and registration availability of their 5th annual UK PHP conference, building on the success of previous events and accommodating the continual growth of the PHP community and PHP development industry.

The event takes place on Friday 26th February 2010 at the Business Design Centre in the Islington area of London. Information on the venue is available on our website.

Registration is now available, with an early bird discount of £20 putting the price at £100 (ex. UK VAT), available for the rest of December 2009, increasing to £110 during January 2010, whilst the standard £120 price is available now (for those that wish to significantly contribute towards the running of the conference) until either the event takes place or we run out of places - so register as soon as you can to get the best price and secure your place.

Feel free to create an account on the PHP UK Conference website at and sign-up for notifications of updates to the website.

Important announcements will also be made to the PHP London announcement mailing list - sign up at http://lists.phplondon.org/cgi-bin/mailman/listinfo/phplondon-announce - via which you may be receiving this message now, and you can also follow the conference on Twitter (@phpukconference - #phpuk2010) and be a fan on Facebook.

We expect to announce the initial line up of talks and speakers before Christmas, whilst potential sponsors/exhibitors can find information at http://www.phpconference.co.uk/sponsors and contact the conference committee using the form at http://www.phpconference.co.uk/contact.

We hope to see you at the event in 2010!


PHP 5.3.1 Released!

[19-Nov-2009]

The PHP development team would like to announce the immediate availability of PHP 5.3.1. This release focuses on improving the stability of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users of PHP are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.3.1:

  • Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
  • Added missing sanity checks around exif processing.
  • Fixed a safe_mode bypass in tempnam().
  • Fixed a open_basedir bypass in posix_mkfifo().
  • Fixed failing safe_mode_include_dir.

Further details about the PHP 5.3.1 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.


International PHP Conference

International PHP Conference

[21-Oct-2009]

With its mixture of topics the International PHP Conference provides an ideal resource for all professionals and their successful daily routine within the whole PHP spectrum. Insights into current Web 2.0 technologies, Security, Best Practices for tools and components, Enterprise know-how, databases, architectures and more are presented at the International PHP Conference 2009.

More than 30 Experts explain current trends and demonstrate how to make the most of your code and your business. They will answer your questions not only in the 40+ sessions and panel discussions but also during personal meetings.

And for the very first time ever, on Sunday, 15th November, the PHP community will warm up with our free IPC Unconference. This is the place, where YOU decide about the sessions - just pick your favorite topics and get in touch with some of our speakers and other developers.

Make use of this opportunity and make yourself a part of the worldwide PHP community – at the International PHP Conference 2009.


PHP World Kongress

PHP World Kongress

[01-Oct-2009]

On 24th and 25th of November you should not miss the lectures of the top speakers of the PHP Industry on Professional Software Development with PHP at Munich Conference Center.

10 international speakers offer you more than 20 hours of knowledge transfer in the topics "Development", "Tools & Technologies", "PHP 5 Certification", "TYPO3 Certification", "Search Engine Optimization" and "Design Patterns with PHP" on two days.

On November 24th, Pierre Joye from the PHP core team under Windows opens the congress with his keynote "PHP 5.3 and PHP 6". Amongst others topics include OOP, Web Application Security 2.0, SOAP in PHP and Zend Framework.

The 25th November is a workshop day aimed at expanding and deepening your knowledge in PHP 5 Certification, TYPO3 Certification, Search Engine Optimization and Design Patterns with PHP.

More detailed information is available on our website Twitter or in our group on Facebook.


PHP Barcelona

PHP Barcelona Conference 2009

[28-Sep-2009]

The PHP Barcelona User Group is proud to announce that the PHP Barcelona Conference 2009 is here, and it is arriving bigger than ever! Two days, three parallel tracks of talks and workshops, and some of the biggest names and companies in the industry covering the hottest subjects to date.

Come to Barcelona (Citilab) to see Rasmus Lerdorf, Fabien Potencier, Derick Rethans, Sebastian Bergmann and many more open the hood and expose the secrets of PHP and PHP related technologies that make the Internet what it is today, and that power what the Internet will be tomorrow. Discover the newest evolution of the most popular scripting language and its intimate bonding with security, stability and scalability, and how its integration with cutting edge technology make it one of the most powerful and state of the art building blocks for robust applications.

For more information about PHP Barcelona Conference 2009 and to register, please visit http://phpconference.es


PHP 5.2.11 Released!

[17-Sep-2009]

The PHP development team would like to announce the immediate availability of PHP 5.2.11. This release focuses on improving the stability of the PHP 5.2.x branch with over 75 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.11:

  • Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
  • Fixed sanity check for the color index in imagecolortransparent(). (Pierre)
  • Added missing sanity checks around exif processing. (Ilia)
  • Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)

Further details about the PHP 5.2.11 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.


ZendCon 2009

ZendCon 2009!

[26-Aug-2009]

The Zend PHP Conference 2009 (ZendCon) is the largest event of the PHP community and a unique opportunity to meet with PHP developers, web experts and IT managers. This year's conference will be held October 19- 22, 2009 in San Jose, California. It will bring together developers and business managers from around the world for three days of exceptional presentations and networking events.

At ZendCon 2009, sessions will focus on creating, deploying and managing applications that take advantage of the speed, scalability and simplicity of PHP. To find out more about ZendCon, see the full session listing, and register, visit http://zendcon.com/.


PHP TestFest 2009 Winners

[30-Jul-2009]

A group of winners of PHP elePHPhants or TestFest mugs have been picked at random from the people that contributed the 887 tests during the 2009 PHP TestFest.

Winners of elePHPhants

  • Mark Schaschke TestFest London May 2009
  • Patrick Allae