PHP 5.1.2. Release Announcement

The PHP development team is proud to announce the release of PHP 5.1.2. This release combines small feature enhancements with a fair number of bug fixes and addresses three security issues. All PHP 5 users are encouraged to upgrade to this release.

The security issues resolved include the following:

• HTTP Response Splitting has been addressed in ext/session and in the header() function. Header() can no longer be used to send multiple response headers in a single call.
• Format string vulnerability in ext/mysqli.
• Possible cross-site scripting problems in certain error conditions.

The feature enhancements include the following notables:

• Hash extension was added to core and is now enabled by default. This extension provides support for most common hashing algorithms without reliance on 3rd party libraries.
• XMLWriter was added and enabled by default.
• New OCI8 extension that includes numerous fixes.
• PNG compression support added to the GD extension.
• Added --enable-gcov configure option to enable C-level code coverage.
• getNamespaces() and getDocNamespaces() methods added to SimpleXML extension.

The release also includes over 85 bug fixes with a focus on:

• Correction of the many regressions in the strtotime() function.
• Fixes of several crashes, leaks and memory corruptions found in the imap, pdo, gd, mysqli, mcrypt and soap extensions.
• Corrected problems with the usage of SSI and virtual() in the Apache2 SAPI.
• Build fixes for iconv and sybase_ct extensions.
• Fixed the previously broken Sun(rise|set) functions.
• SQLite libraries upgraded to 2.8.17 and 3.2.8
• Win32 binaries now include libxml2-2.6.22 and libxslt-1.1.15.

For a full list of changes in PHP 5.1.2, see the ChangeLog.