The new release fixes over 400 bugs, including the exploitable $GLOBALS overwrite, several open_basedir issues and the phpinfo() XSS vulnerability. As usual, the PHP team strongly advices all users to upgrade to 5.1 as soon as possible.
Furthermore, PHP 5.1 comes with array type hinting, the PDO extension enabled by default, PCRE 6.2, PEAR 1.4.5 and performance improvements in the Zend Engine II.
Related posts:
- Free PHP Webinar: How to Increase Performance with Caching Zend are running a free webinar today, with a live...
- Introducing Bucket: A Minimal Dependency Injection Container for PHP Troels got fed up with the lack of a decent...
- Opera 10 Final Released Opera 10 is the latest and greatest browser from the...
- How to Install PHP 5.3 on Windows PHP 5.3 is the most significant update since version 5.0....
- How to Install PHP on Windows In his final installation tutorial, Craig provides a step-by-step guide...
If you’re using a class called Date or Timezone wait ’till next week. 5.1.1 should be release on Monday.
b4n
November 26th, 2005 at 2:24 pm
Hmm, I’m using PHP 5.1 beta on my public server since july and finally will update it to stable version. Great news!
November 27th, 2005 at 9:03 pm
I installed PHP 5.1 last week, and it broke phpBB (which I’ve been using for several years, and desperately want to replace but don’t want to disrupt the community I’ve developed). Specifically, I could not log in – no errors, just no login. My guess is something with the date-checking. I’ll wait for 5.1.1
November 28th, 2005 at 11:30 am
5.1.1 is out now. Upgrade, a bunch of regressions were fixed :)
And if you aren’t on internals, it was a fun time last week. Plenty of flaming :)
November 28th, 2005 at 11:52 am
mjackson:
Are you keeping up 2 date with phpBB? I had an installation of phpBB and it seemed to work fine.
November 28th, 2005 at 11:53 am
Yes, latest copy of phpBB:
“Your installation is up to date, no updates are available for your version of phpBB.”
I’ll try it again with PHP 5.1.1.
November 30th, 2005 at 4:34 pm
Hopefully now a few more hosting companies will finally start to support PHP5.
December 1st, 2005 at 4:36 am
One feature I really like is the new ini setting allow_url_include.
This means that the old setting allow_url_fopen won’t cover remote includes any more. Hardly anyone needs to use remote includes, and they are pivotal in XSS attacks – but it’s a shame to inhibit reading of remote information just to prevent remote includes. Cheers for the php devteam.
December 1st, 2005 at 2:11 pm