The Last PHP 4

The Last PHP 4The PHP Group has shipped the last and final patch in the PHP 4.4 series.

The open-source group released PHP 4.4.9 with “security enhancements and fixes” and is making a strong plea for all users to upgrade as soon as possible.

“This release wraps up all the outstanding patches for the PHP 4.4 series, and is therefore the last PHP 4.4 release,” the Apache-backed group said.

Security enhancements and fixes in PHP 4.4.9:

  • Updated PCRE to version 7.7.
  • Fixed overflow in memnstr().
  • Fixed crash in imageloadfont when an invalid font is given.
  • Fixed open_basedir handling issue in the curl extension.
  • Fixed mbstring.func_overload set in .htaccess becomes global.

[ SEE: Flaw trifecta kicks off Month of PHP bugs ]

Despite the last-and-final warning, Stefan Esser — of Month of PHP Bugs fame — says the PHP 4.4 series will be around for a very long time.

“There are still millions of servers running PHP 4 that haven’t upgraded to the faster, more stable and more secure PHP 5 and most of them will continue to use it. So PHP 4 will still be around a while,” Esser said in a blog entry announcing plans to continue supporting PHP 4 with his Suhoshin patch.

  • This means the current Suhosin-Patch 0.9.6 will be ported to PHP 4.4.9 and also the next release of Suhosin-Patch will still support recent PHP 4 versions. However at the end of 2008 I will also discontinue Suhosin-Patch for PHP 4 and new features to the Suhosin-Extension will only be implemented for PHP 5.
[Source: zdnet]