Here are the most important news items we have published in 2012 on PHP.net.
The PHP development team announces the immediate availability of PHP 5.5.0alpha2. This release adds new features and fix some bugs from alpha1. All users of PHP are encouraged to test this version carefully, and report any bugs in the bug tracking system.
THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION!PHP 5.5.0 Alpha 2 comes with new features and improvements such as (incomplete list) :
Please, note that this alpha version also introduces the ext/mysql depreciation.
You can read the full list of changes in the NEWS file contained in the release archive.
For source downloads of PHP 5.5.0 Alpha 2 please visit the download page, Windows binaries can be found on windows.php.net/qa/.
Thank you for helping us making PHP better.
After a very successful 2012 edition, we are proud to announce PHPBenelux Conference 2013. This event will take place on Friday January 25th and Saturday January 26th 2013 in Antwerp, Belgium. We organize a community oriented conference that is built around an excellent lineup and awesome socials. Our schedule has been announced and tickets are available. Go to http://conference.phpbenelux.eu/2013/ for more information.
The PHP development team announces the immediate availability of PHP 5.4.10 and PHP 5.3.20. These releases fix about 15 bugs. Please note that the PHP 5.3 series will enter an end of life cycle and receive only critical fixes as of March 2013. All users of PHP are encouraged to upgrade to PHP 5.4.
For source downloads of PHP 5.4.10 and PHP 5.3.20 please visit our downloads page, Windows binaries can be found on windows.php.net/download/.
The list of changes are recorded in the ChangeLog.
We are pleased to announce that tek13 will be taking place this year again at it's traditional location in Chicago, IL. This year's dates are from May 14th - 17th, 2013. It will again be a 3-track conference with a focus on the community.
The Call for Papers has been announced and will be running until January 15th, 2013. Conference registration will open on January 1st. We look forward to seeing many of you there this year!
The PHP development team announces the immediate availability of PHP 5.4.9 and PHP 5.3.19. These releases fix over 15 bugs. All users of PHP are encouraged to upgrade to PHP 5.4.9, or at least 5.3.19.
For source downloads of PHP 5.4.9 and PHP 5.3.19 please visit our downloads page, Windows binaries can be found on windows.php.net/download/.
The list of changes are recorded in the ChangeLog.
The PHP development team announces the immediate availability of PHP 5.5.0alpha1. This release marks the beginning of the PHP 5.5.0 release cycle. All users of PHP are encouraged to test this version carefully, and report any bugs in the bug tracking system.
THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION!PHP 5.5.0 Alpha 1 comes with new features such as (incomplete list) :
We also dropped support for Windows XP and 2003.
You can read the full list of changes in the NEWS file contained in the release archive.
For source downloads of PHP 5.5.0 Alpha 1 please visit the download page, Windows binaries can be found on windows.php.net/qa/.
Thank you for helping us making PHP better.
SoFloPHP is excited to present the inaugural SunshinePHP Developer Conference in Miami, Florida from February 8th - 9th, 2013. This 2 day event will feature 3 awesome tracks, with one track dedicated to Symfony. We are also planning an Uncon, as well as a hack event, and many opportunities to socialize with the PHP community. Please register soon to take advantage of our early bird discounted rate before it ends.
In February when the rest of the world is cold and snowy, it is sunny and beautiful in Florida. Come join us for some sun and learning.
Our call for papers runs until December 1st, 2012, so please get those talks in! We will be announcing the sessions and speakers around mid-December after our board has a chance to consider each submission.
PHP London are pleased to announce the 8th Annual PHP UK conference; a 2-day event with 4 great tracks held at at The Brewery in the heart of the City of London on February 22nd- 23rd 2013.
With over 600 delegates, speakers, and sponsors, PHP UK conference aims to deliver fantastic up to date content about PHP and related web technologies in a comfortable and professional setting. There are countless networking opportunities to engage with international speakers and delegates, which makes the event one you won't want to miss.
Our call for papers is open until November the 22nd and we would love to hear from you!
The PHP development team announces the immediate availability of PHP 5.4.8 and PHP 5.3.18. These releases fix over 20 bugs. All users of PHP are encouraged to upgrade to PHP 5.4.8, or at least 5.3.18.
Key enhancements in these releases include:
For source downloads of PHP 5.4.8 and PHP 5.3.18 please visit our downloads page, Windows binaries can be found on windows.php.net/download/.
The list of changes are recorded in the ChangeLog.
True North PHP is a 2 day, multi-track, community-driven PHP conference. We believe that the PHP community is second to none, and also believe that Toronto has an awesome PHP community and deserves an equally awesome conference.
Come out November 2-3, 2012 and hear both local talent and internationally known members of the PHP community share their thoughts and tools they use to build the web.
The Web Developer Conference (WDC) is the conference for web developers from the 24th – 27th June 2013 in Nuremberg (Germany). The conference is addressed to developers of web applications, content and online managers, agencies and webmasters. The WDC will be presented by the German trade magazine "web & mobile developer". More information about the conference can be found on the website via www.web-developer-conference.de.
MidwestPHP (March 2 and 3rd, 2013 - St. Paul, MN, USA) is a two-day conference in the heart of Minnesota featuring 40+ sessions covering a wide range of topics ranging from PHP basics for newbies to advanced PHP concepts, frameworks, databases, third party tools and components, and web development.
The PHP development team announces the immediate availability of PHP 5.4.7 and PHP 5.3.17. These releases fix over 20 bugs. All users of PHP are encouraged to upgrade to PHP 5.4.7, or at least 5.3.17.
Key enhancements in these releases include:
For source downloads of PHP 5.4.7 and PHP 5.3.17 please visit our downloads page, Windows binaries can be found on windows.php.net/download/.
The list of changes are recorded in the ChangeLog.
CodeConnexx (8-9 November, 2012, Indianapolis, IN, USA) is a two-day, one track conference that aims to bring together men and women of all ages, races, backgrounds, and skillsets interested in talking about code. The first day is focused on technical talks, centered around PHP and related topics. The second day is dedicated to all the other things that we encounter as developers: mentoring, working together on a diverse team, getting started in open source, and other topics. Free onsite childcare will be available for those who need it. We hope you can join us!
The International PHP Conference (October 14-17th - Mainz, Germany) is a globally recognized event for PHP developers, web workers, IT managers and everyone interested in web technologies.
Once again the conference will explore key topics and core technologies for developers and decision makers. It will be demonstrated how to scale your applications, explain the details of Continuous Integration or evaluate different approaches to NoSQL.
Attendees will have the opportunity to meet with speakers, core developers and consultants, and there are often opportunities to evaluate your code. Community and enterprise projects profit from its international reputation and impulses given from the developer community.
ConFoo is one of the most important developer-oriented conferences loaded with PHP content. ConFoo 2013 will be held on February 25 through March 1 in Montreal, Canada.
The team just opened its call for papers. Candidates can submit proposals until September 23. Consult the call for papers page for details and to start submitting. That page also explains what expenses ConFoo can cover for speakers. You can even get advice on how to write proposals.
The call for papers is public, meaning that all proposals get published on the website for others to vote and comment on. This approach allows the organizers to pick subjects that have most interest in the community. The comments are only visible to speakers and organizers to avoid influencing the votes.
To stay in touch via Twitter, follow @confooca and use the #confoo tag. You can also help promote the event with these cool badges for your site.
Organised by developers for developers, PHPNW12 is the perfect opportunity to learn, network and mix with peers and industry leaders, as well as discover the latest tricks, techniques and innovations in PHP and internet development.
Come to Manchester and join in this year's fabulous PHPNW conference. Building on the success of previous years, we have a bigger schedule, more venues, more great content and hopefully more fun than ever! With speakers from across the PHP sphere and its allied technologies, there is something for everyone at this event, and always someone to talk tech to if you want to.
Starting on the Friday with our Tutorial Day which is a fantastic opportunity for individuals and teams of PHP developers to come together for a full day of hands on teaching tailored just for you. Whether you want to know more about Building a Zend Framework 2 Application, Tools of the PHP Trade, Hands on debugging with Xdebug, Test your code like a pro – PHPUnit in practice, Create your own PHP Extension step by step or Scaling Your Team Using HubFlow – A Git Workflow For Git Hub, this will be the experience for which you have been waiting.
The PHP 2012 conference (ZendCon) offers you the chance to learn from a huge variety of technical sessions and in-depth tutorials. International industry experts, renowned thought-leaders and experienced PHP practitioners are on-hand to discuss PHP best practices and explore future technological developments.
This year promises to be the best ZendCon ever! We are planning a fun new exhibit hall, some great parties including a hackathon and, of course, oodles of excellent PHP content!
The PHP development team announces the immediate availability of PHP 5.4.6 and PHP 5.3.16. These releases fix over 20 bugs. All users of PHP are encouraged to upgrade to PHP 5.4.6, or at least 5.3.16.
For source downloads of PHP 5.4.6 and PHP 5.3.16 please visit our downloads page, Windows binaries can be found on windows.php.net/download/. The list of changes are recorded in the ChangeLog.
This event, in the heart of London's vibrant technical scene, brings together the best minds from open source enterprise software development. The newly-formed Sensio Labs UK is delighted to serve up a UK edition of the wildly successful Symfony Live events, with two days (September 13th & 14th) of excellent technical content for you to enjoy.
Day one is workshop day, we'll spend the day absorbing knowledge from industry leaders in a choice of two in-depth workshops. On workshop day we're also offering the opportunity to take the Symfony Certified Developer Exam - be sure to book your slot if you think you have what it takes!
For the main conference day on Friday we're pulling out all the stops to make this a festival of technology and inspiration that you'll remember. Whether you're new to Symfony, already using Symfony 1, or an experienced developer looking to find out more, this event will have something to make you glad you came along.
The Web Developer Conference (WDC) for web developers from the 17th - 18th of September, 2012 in Hamburg, Germany. The conference is geared towards developers of web applications, content and online managers, agencies and web-masters.
The WDC will be represented by the German trade magazine web & mobile developer. More information about the conference can be found on the conference website.
The PHP development team would like to announce the immediate availability of PHP 5.4.5 and PHP 5.3.15. This release fixes over 30 bugs and includes a fix for a security related overflow issue in the stream implementation. All users of PHP are encouraged to upgrade to PHP 5.4.5 or PHP 5.3.15.
For source downloads of PHP 5.4.5 and PHP 5.3.15 please visit our downloads page, Windows binaries can be found on windows.php.net/download/. The list of changes are recorded in the ChangeLog.
The Northeast PHP conference is a two day event coordinated by three PHP user groups in the northeast region: Boston PHP, Atlantic Canada PHP, and Vermont PHP. The entire event is being organized organized by community volunteers and members just like you. We are completely non profit, and open source.
There will be nothing quite like it. With two fun-filled days full of great topics from over 40 experts, it's like three years of Meetups jam packed into two days!
Check out the Northeast PHP website for a listing of the talks and speakers lined up.
The PHP development team would like to announce the immediate availability of PHP 5.4.4 and PHP 5.3.14. All users of PHP are encouraged to upgrade to PHP 5.4.4 or PHP 5.3.14.
The release fixes multiple security issues: A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension
PHP 5.4.4 and PHP 5.3.14 fixes over 30 bugs. Please note that the use of php://fd streams is now restricted to the CLI SAPI
For source downloads of PHP 5.4.4 and PHP 5.3.14 please visit our downloads page, Windows binaries can be found on windows.php.net/download/. The list of changes are recorded in the ChangeLog.
The PHP development team would like to announce the immediate availability of PHP 5.4.3 and PHP 5.3.13. All users are encouraged to upgrade to PHP 5.4.3 or PHP 5.3.13
The releases complete a fix for a vulnerability in CGI-based setups (CVE-2012-2311). Note: mod_php and php-fpm are not vulnerable to this attack.
PHP 5.4.3 fixes a buffer overflow vulnerability in the apache_request_headers() (CVE-2012-2329). The PHP 5.3 series is not vulnerable to this issue.
For source downloads of PHP 5.4.3 and PHP 5.3.13 please visit our downloads page, Windows binaries can be found on windows.php.net/download/. The list of changes are recorded in the ChangeLog.
PHP 5.3.12/5.4.2 do not fix all variations of the CGI issues described in CVE-2012-1823. It has also come to our attention that some sites use an insecure cgiwrapper script to run PHP. These scripts will use $* instead of "$@" to pass parameters to php-cgi which causes a number of issues. Again, people using mod_php or php-fpm are not affected.
One way to address these CGI issues is to reject the request if the query string contains a '-' and no '='. It can be done using Apache's mod_rewrite like this:
RewriteCond %{QUERY_STRING} ^[^=]*$
RewriteCond %{QUERY_STRING} %2d|\- [NC]
RewriteRule .? - [F,L]
Note that this will block otherwise safe requests like ?top-40 so if you
have query parameters that look like that, adjust your regex accordingly.
Another set of releases are planned for Tuesday, May, 8th. These releases will fix the CGI flaw and another CGI-related issue in apache_request_header (5.4 only).
We apologize for the inconvenience created with these releases and the (lack of) communication around them.
There is a vulnerability in certain CGI-based setups (Apache+mod_php and nginx+php-fpm are not affected) that has gone unnoticed for at least 8 years. Section 7 of the CGI spec states:
Some systems support a method for supplying a [sic] array of strings to the CGI script. This is only used in the case of an `indexed' query. This is identified by a "GET" or "HEAD" HTTP request with a URL search string not containing any unencoded "=" characters.So, requests that do not have a "=" in the query string are treated differently from those who do in some CGI implementations. For PHP this means that a request containing ?-s may dump the PHP source code for the page, but a request that has ?-s&=1 is fine.
A large number of sites run PHP as either an Apache module through mod_php or using php-fpm under nginx. Neither of these setups are vulnerable to this. Straight shebang-style CGI also does not appear to be vulnerable.
If you are using Apache mod_cgi to run PHP you may be vulnerable. To see if you are, just add ?-s to the end of any of your URLs. If you see your source code, you are vulnerable. If your site renders normally, you are not.
To fix this, update to PHP 5.3.12 or PHP 5.4.2.
We recognize that since CGI is a rather outdated way to run PHP, it may not be feasible to upgrade these sites to a modern version of PHP. An alternative is to configure your web server to not let these types of requests with query strings starting with a "-" and not containing a "=" through. Adding a rule like this should not break any sites. For Apache using mod_rewrite it would look like this:
RewriteCond %{QUERY_STRING} ^(%2d|-)[^=]+$ [NC]
RewriteRule ^(.*) 1ドル? [L]
If you are writing your own rule, be sure to take the urlencoded ?%2ds version into account.
Making a bad week worse, we had a bug in our bug system that toggled the private flag of a bug report to public on a comment to the bug report causing this issue to go public before we had time to test solutions to the level we would like. Please report any issues via bugs.php.net.
For source downloads of PHP 5.3.12 and PHP 5.4.2 please visit our downloads page, Windows binaries can be found on windows.php.net/download/. A ChangeLog exists.
DevConf 2012 in Moscow, Russia on Jun 9 - Jun 10
DevConf is the ultimate meeting place for russian-speaking web-developers, combining several language-specific conferences under one roof.
This year DevConf will include the following sections:
Each section will feature several talks from the active contributors/authors of the language. Among the invited speakers are Derick Rethans (XDebug creator), David Soria Parra (active PHP contributor), Andrey Aksyonov (author of Sphinx), Alexander Makarov (one of the main contributors to Yii), Sergey Petrunya (of MariaDB fame), Ilya Alekseev (OpenStack Nova contributor) and many others, see more details on the official website.
The PHP development team announces the immediate availability of PHP 5.3.11 and PHP 5.4.1. These releases focuses on improving the stability of the current PHP branches with over 60 bug fixes, some of which are security related.
Security Enhancements for both PHP 5.3.11 and PHP 5.4.1:
Security Enhancement affecting PHP 5.3.11 only:
Key enhancements in these releases include:
For a full list of changes in PHP 5.3.11 and PHP 5.4.1, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/.
All users of PHP are strongly encouraged to upgrade to PHP 5.3.11 or PHP 5.4.1.
The PHP development team would like to announce the 2nd release candidate of PHP 5.4.1. Windows binaries can be downloaded from the Windows QA site.
THIS IS A RELEASE CANDIDATE - DO NOT USE IT IN PRODUCTION!
This is the 2nd release candidate. The release candidate phase is intended as a period of bug fixing prior to the stable release. The release candidate fixes a critical issue when using the internal classes in multiple threads.
A complete list of changes since the last release candidate can be found in the NEWS file.
Please help us to identify bugs in order to ensure that the release is solid and all things behave as expected by taking the time to test this release candidate against your code base and reporting any problems that you encounter to the QA mailing list and/or the PHP bug tracker.
PHP 5.4.1 final will be released on April 26.
The migration of the PHP source code from Subversion to Git is complete. You can clone or fork the source from our GitHub, and we also now support pull requests made via GitHub, and full instructions on cloning the php-src tree can be found at php.net/git.
One immediate benefit is that future PHP release tags will be signed by the PHP development team. We will be releasing GPG keys for verification purposes in the next few days.
More information on the migration and the new workflow can be found at the Moving to Git FAQ on the PHP Wiki.
Please note that the PHP manual, including translations, continues to be hosted in Subversion for the time being and will be migrated to Git at a later date.
Many thanks to David Soria Parra for his hard work on making the conversion to Git a reality, and to Alexander Moskaliov, Florian Anderiasch and Johannes Schlüter for their work on the scripts required to support the conversion. Let the forking begin!
The PHP development team is proud to announce the immediate availability of PHP 5.4.0. This release is a major leap forward in the 5.x series, which includes a large number of new features and bug fixes.
Some of the key new features include: traits, a shortened array syntax, a built-in webserver for testing purposes and more. PHP 5.4.0 significantly improves performance, memory footprint and fixes over 100 bugs.
For users upgrading from PHP 5.3 there is a migration guide available here, detailing the changes between those releases and PHP 5.4.0.
Further details about the PHP 5.4.0 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.
Please note that it may take a while until the release is available on all mirrors.
The PHP development team would like to announce the immediate availability of PHP 5.3.10. This release delivers a critical security fix.
Security Fixes in PHP 5.3.10:
All users are strongly encouraged to upgrade to PHP 5.3.10.
For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/.
ConFoo 2012 in Montreal, Canada on Feb 29 - Mar 02
ConFoo is the unique web conference in Canada gathering different tech communities in one place.
Don't miss this great opportunity and register today! Also check out our two training days around PHP, HTML5, Symfony2 and security topics right before the conference.
The PHP development team would like to announce the immediate availability of PHP 5.3.9. This release focuses on improving the stability of the PHP 5.3.x branch with over 90 bug fixes, some of which are security related.
Security Enhancements and Fixes in PHP 5.3.9:
Key enhancements in PHP 5.3.9 include:
For a full list of changes in PHP 5.3.9, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/.
All users are strongly encouraged to upgrade to PHP 5.3.9.
The PHPBenelux Conference is ready for its third edition and takes place January 27th & 28th in Antwerp (Belgium).
We're very proud to have a great lineup this year and some awesome social events. All information about the conference can be found on our conference website http://conference.phpbenelux.eu/2012.
There are some tickets still available, get them at http://shop.phpbenelux.eu.