PHP 5.1 Released

The new release fixes over 400 bugs, including the exploitable $GLOBALS overwrite, several open_basedir issues and the phpinfo() XSS vulnerability. As usual, the PHP team strongly advices all users to upgrade to 5.1 as soon as possible.

Furthermore, PHP 5.1 comes with array type hinting, the PDO extension enabled by default, PCRE 6.2, PEAR 1.4.5 and performance improvements in the Zend Engine II.

PHP 5.1 ChangeLog

Upgrade notes for PHP 5.1

PHP Downloads

Free book: Jump Start HTML5 Basics

Grab a free copy of one our latest ebooks! Packed with hints and tips on HTML5's most powerful new features.

  • Nico Edtinger

    If you’re using a class called Date or Timezone wait ’till next week. 5.1.1 should be release on Monday.

    b4n

  • Anonymous

    Hmm, I’m using PHP 5.1 beta on my public server since july and finally will update it to stable version. Great news!

  • http://www.dvdverdict.com/ mjackson42

    I installed PHP 5.1 last week, and it broke phpBB (which I’ve been using for several years, and desperately want to replace but don’t want to disrupt the community I’ve developed). Specifically, I could not log in – no errors, just no login. My guess is something with the date-checking. I’ll wait for 5.1.1

  • http://aplosmedia.com/ Eric.Coleman

    5.1.1 is out now. Upgrade, a bunch of regressions were fixed :)

    And if you aren’t on internals, it was a fun time last week. Plenty of flaming :)

  • http://aplosmedia.com/ Eric.Coleman

    mjackson:

    Are you keeping up 2 date with phpBB? I had an installation of phpBB and it seemed to work fine.

  • http://www.dvdverdict.com/ mjackson42

    Yes, latest copy of phpBB:

    “Your installation is up to date, no updates are available for your version of phpBB.”

    I’ll try it again with PHP 5.1.1.

  • realmsurfer

    Hopefully now a few more hosting companies will finally start to support PHP5.

  • http://www.bugfoo.com/docs/ James Coder

    One feature I really like is the new ini setting allow_url_include.
    This means that the old setting allow_url_fopen won’t cover remote includes any more. Hardly anyone needs to use remote includes, and they are pivotal in XSS attacks – but it’s a shame to inhibit reading of remote information just to prevent remote includes. Cheers for the php devteam.