

PHP 5.3.7 Released - Popcorned23
http://www.php.net/ChangeLog-5.php#5.3.7

======
randallsquared
_mysqlnd

Fixed crash when using more than 28,000 bound parameters. Workaround is to set
mysqlnd.net_cmd_buffer_size to at least 9000. (Andrey)_

Whew. Thank goodness that's fixed?

~~~
fletchowns
Ya seriously, why in the world would you have so many bound parameters?

~~~
pornel
e.g. a Bayesian classifier that updates word counts:

    
    
       INSERT INTO words(word, spam, ham) VALUES(?, ?, ?),(?, ?, ?),(?, ?, ?),… 
            ON DUPLICATE KEY UPDATE …
    

and n-grams to this, and document with few thousand words will need 28k
parameters.

------
jbyers
Just bug fixes? If you allow file uploads, you would be wise to upgrade.

Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload
filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)

"The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does
not properly restrict filenames in multipart/form-data POST requests, which
allows remote attackers to conduct absolute path traversal attacks, and
possibly create or overwrite arbitrary files, via a crafted upload request,
related to a "file path injection vulnerability."

------
andre
Looks like mostly bug fixes.

------
debaserab2
High level overview anyone?

~~~
petervandijck
<http://www.php.net/archive/2011.php#id2011-08-18-1> Upgraded some libraries
and fixed a pile of bugs, basically. And PHP 5.2 series is NOT supported
anymore.

