* 스타호스트를 이용하시면서 꼭 참조해야할 공지들 입니다.
글 수 116
![[레벨:101]](http://www.starhost.co.kr/xe/modules/point/icons/default/101.gif "포인트:1153043point, 레벨:101/101"){kind=icon}
안녕하세요.
유무료 서버에 PHP 버전의 최근 안정버전인 PHP-5.2.14 로 업데이트 되었습니다.
기존에 사용하던 PHP-5.2.13 과는 큰 차이가 없으며, 많은 버그수정 및 보안 패치가 된것으로 알려지고 있습니다.
아울러 저희 스타호스트에서 제공하는 제어판의 제작사인 인터웍스 에서 배포중인 PHP-5.2.14 버전으로
업데이트 하여 "Suhosin(수호신)" 이라는 PHP 보안 프로그램을 포함하여 설치 되었습니다.
수호신 이란, 한국에 관심을 많이 가지고 있는 독일인이 제작 하였다고 하며, 이름 그대로 한글로 "수호신" 입니다.
PHP를 위한 진보된 보안 시스템이며,서버와 사용자로 하여금 알려진 또는 알려지지 않은 PHP 어플리케이션 및 PHP 코어의 결함을 보호하기 위해 디자인 되었다. 라고 합니다.
수호신 공식사이트 : http://www.hardened-php.net/suhosin/
저희 서버에서 기본으로 설치되어 운영되고 있는 SuPHP 와 같이 운영되어 PHP 보안이 좀 더 좋아질 것으로 기대하고 있습니다.
혹여 이상현상이 있으시다면 알려주시면 감사하겠습니다.
감사합니다.
Version 5.2.14
22-July-2010- Reverted bug fix #49521 (PDO fetchObject sets values before calling constructor). (Felipe)
- Updated timezone database to version 2010.5. (Derick)
- Upgraded bundled PCRE to version 8.02. (Ilia)
- Rewrote var_export() to use smart_str rather than output buffering, revents data disclosure if a fatal error occurs (CVE-2010-2531). (Scott)
- Fixed a possible interruption array leak in strrchr(). Reported by Péter Veres. (CVE-2010-2484) (Felipe)
- Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). (Felipe)
- Fixed a possible memory corruption in substr_replace() (Dmitry)
- Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas)
- Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan Esser (Ilia)
- Reset error state in PDO::beginTransaction() reset error state. (Ilia)
- Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
- Fixed handling of session variable serialization on certain prefix characters. Reported by Stefan Esser (Ilia)
- Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia)
- Fixed a crash when calling an inexistent method of a class that inherits PDOStatement if instantiated directly instead of doing by the PDO methods. (Felipe)
- Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64 bit)). (Adam)
- Fixed bug #52238 (Crash when an Exception occured in iterator_to_array). (Johannes)
- Fixed bug #52237 (Crash when passing the reference of the property of a non-object). (Dmitry)
- Fixed bug #52163 (SplFileObject::fgetss() fails due to parameter that can't be set). (Felipe)
- Fixed bug #52162 (custom request header variables with numbers are removed). (Sriram Natarajan)
- Fixed bug #52160 (Invalid E_STRICT redefined constructor error). (Felipe)
- Fixed bug #52061 (memory_limit above 2G). (Felipe)
- Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function). (Dmitry)
- Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at debian dot org, Kalle)
- Fixed bug #52019 (make lcov doesn't support TESTS variable anymore). (Patrick)
- Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command). (Ilia, Felipe)
- Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle, coreystup at gmail dot com)
- Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with constant array). (Felipe)
- Fixed bug #51905 (ReflectionParameter fails if default value is an array with an access to self::). (Felipe)
- Fixed bug #51822 (Segfault with strange __destruct() for static class variables). (Dmitry)
- Fixed bug #51671 (imagefill does not work correctly for small images). (Pierre)
- Fixed bug #51670 (getColumnMeta causes segfault when re-executing query after calling nextRowset). (Pierrick)
- Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading). (Pierre)
- Fixed bug #51617 (PDO PGSQL still broken against PostGreSQL <7.4). (Felipe, wdierkes at 5dollarwhitebox dot org)
- Fixed bug #51615 (PHP crash with wrong HTML in SimpleXML). (Felipe)
- Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter). (Felipe)
- Fixed bug #51608 (pg_copy_to: WARNING: nonstandard use of \\ in a string literal). (cbandy at jbandy dot com)
- Fixed bug #51607 (pg_copy_from does not allow schema in the tablename argument). (cbandy at jbandy dot com)
- Fixed bug #51604 (newline in end of header is shown in start of message). (Daniel Egeberg)
- Fixed bug #51562 (query timeout in mssql can not be changed per query). (ejsmont dot artur at gmail dot com)
- Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues). (Dmitry)
- Fixed bug #51532 (Wrong prototype for SplFileObject::fscanf()). (Etienne)
- Fixed bug #51445 (var_dump() invalid/slow *RECURSION* detection). (Felipe)
- Fixed bug #51393 (DateTime::createFromFormat() fails if format string contains timezone). (Adam)
- Fixed bug #51374 (Wrongly initialized object properties). (Etienne)
- Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is on). (Ilia, j dot jeising at gmail dot com)
- Fixed bug #51273 (Faultstring property does not exist when the faultstring is empty) (Ilia, dennis at transip dot nl)
- Fixed bug #51269 (zlib.output_compression Overwrites Vary Header). (Adam)
- Fixed bug #51263 (imagettftext and rotated text uses wrong baseline) (cschneid at cschneid dot com, Takeshi Abe)
- Fixed bug #51237 (milter SAPI crash on startup). (igmar at palsenberg dot com)
- Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia, alexr at oplot dot com)
- Fixed bug #51192 (FILTER_VALIDATE_URL will invalidate a hostname that includes '-'). (Adam, solar at azrael dot ws).
- Fixed bug #51190 (ftp_put() returns false when transfer was successful). (Ilia)
- Fixed bug #51183 (ext/date/php_date.c fails to compile with Sun Studio). (Sriram Natarajan)
- Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when an invalid option is provided). (Ilia)
- Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre)
- Fixed bug #51086 (DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones)
- Fixed bug #51062 (DBA DB4 uses mismatched headers and libraries). (Chris Jones)
- Fixed bug #51023 (filter doesn't detect int overflows with GCC 4.4). (Raphael Geissert)
- Fixed bug #50762 (in WSDL mode Soap Header handler function only being called if defined in WSDL). (mephius at gmail dot com)
- Fixed bug #50698 (SoapClient should handle wsdls with some incompatiable endpoints). (Justin Dearing)
- Fixed bug #50383 (Exceptions thrown in __call() / __callStatic() do not include file and line in trace). (Felipe)
- Fixed bug #49730 (Firebird - new PDO() returns NULL). (Felipe)
- Fixed bug #49723 (LimitIterator with empty SeekableIterator). (Etienne)
- Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus)
- Fixed bug #49320 (PDO returns null when SQLite connection fails). (Felipe)
- Fixed bug #49267 (Linking fails for iconv). (Moriyosh)
- Fixed bug #48601 (xpath() returns FALSE for legitimate query). (Rob)
- Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken). (Adam, patch from hiroaki dot kawai at gmail dot com).
- Fixed bug #43314 (iconv_mime_encode(), broken Q scheme). (Rasmus)
- Fixed bug #33210 (getimagesize() fails to detect width/height on certain JPEGs). (Ilia)
- Fixed bug #23229 (syslog() truncates messages). (Adam)