På PHPportalen försöker vi i så hög grad som möjligt engagera våra medlemmar. Därför har du som medlem chansen att vara med och hjälpa till.
Nedan finner du en länk till en sida där du kan lägga till nyheter till vårt nyhetsarkiv. Våra trivsel- och förhållningsregler gäller givetvis även här. Posta inte heller någonting som inte är av allmänt intresse, reklam i alla dess former kommer redigeras bort.
Lägg till nyhet
MySQL 5.0.21 - 2006-05-02 12:08:37
MySQL 5.0.21, a new version of the popular Open Source Database
Management System, has been released. The Community Edition is now
available in source and binary form for a number of platforms from our
download pages at
and mirror sites.
Note that not all mirror sites may be up to date at this point in time -
if you can't find this version on some mirror, please try again later or
choose another download site.
This is a bugfix release for the current production release family.
This MySQL 5.0.21 release includes the patches for recently reported
security vulnerabilites in the MySQL client-server protocol. We would
like to thank Stefano Di Paola for finding
and reporting these to us.
This section documents all changes and bug fixes that have been
applied since the last official MySQL release. If you would like
to receive more fine-grained and personalised update alerts about
fixes that are relevant to the version and features you use,
please consider subscribing to MySQL Network (a commercial MySQL
offering). For more details please see
We welcome and appreciate your feedback!
Functionality added or changed:
* Security enhancement: Added the global max_prepared_stmt_count
system variable to limit the total number of prepared
statements in the server. This limits the potential for
denial-of-service attacks based on causing the server to run
causing the server to run out of memory by preparing huge numbers
of statements. The current number of prepared statements is
available through the 'prepared_stmt_count' status variable.
* NDB Cluster: It is now possible to perform a partial start of
a cluster. That is, it is now possible to bring up the cluster
without running ndbd --initial on all configured data nodes
first. (Bug#18606: http://bugs.mysql.com/18606)
* NDB Cluster: It is now possible to install MySQL with Cluster
support to a non-default location and change the search path
for font description files using either the --basedir or
--character-sets-dir options. (Previously in MySQL 5.0, ndbd
searched only the default path for character sets.)
* In result set metadata, the MYSQL_FIELD.length value for BIT
columns now is reported in number of bits. For example, the
value for a BIT(9) column is 9. (Formerly, the value was
related to number of bytes.)
* The default for the innodb_thread_concurrency system variable
was changed to 8. (Bug#15868: http://bugs.mysql.com/15868)
* Security bugfix: A malicious client, using specially crafted
invalid COM_TABLE_DUMP packets was able to trigger an exploitable
buffer overflow on the server. Thanks to Stefano Di Paola
for finding and reporting this bug.
* Security bugfix: A malicious client, using specially crafted
invalid login or COM_TABLE_DUMP packets was able to read
uninitialized memory, which potentially, though unlikely in MySQL,
could lead to an information disclosure. Thanks to Stefano Di Paola
for finding and reporting this bug.
* NDB Cluster: A simultaneous DROP TABLE and table update
operation utilising a table scan could trigger a node failure.
* Conversion of a number to a CHAR UNICODE string returned an
invalid result. (Bug#18691: http://bugs.mysql.com/18691)
* DELETE and UPDATE statements that used large NOT IN
(value_list) clauses could use large amounts of memory.
* Prevent recursive views caused by using RENAME TABLE on a view
after creating it. (Bug#14308: http://bugs.mysql.com/14308)
* A LOCK TABLES statement that failed could cause MyISAM not to
update table statistics properly, causing a subsequent CHECK
TABLE to report table corruption.
* For a reference to a non-existent stored function in a stored
routine that had a CONTINUE handler, the server continued as
though a useful result had been returned, possibly resulting
in a server crash. (Bug#18787: http://bugs.mysql.com/18787)
* InnoDB did not use a consistent read for CREATE ... SELECT
when innodb_locks_unsafe_for_binlog was set.
* InnoDB could read a delete mark from its system tables
incorrectly. (Bug#19217: http://bugs.mysql.com/19217)
* Corrected a syntax error in mysql-test-run.sh.
* A missing DBUG_RETURN() caused the server to emit a spurious
error message: missing DBUG_RETURN or DBUG_VOID_RETURN macro
in function "open_table".
* DROP DATABASE did not drop stored routines associated with the
database if the database name was longer than 21 characters.
* Avoid trying to include when it doesn't work in
C++ code. (Bug#13621: http://bugs.mysql.com/13621)
* Executing SELECT on a large table that had been compressed
within myisampack could cause a crash.
* NDB Cluster: When attempting to create an index on a BIT or
BLOB column, Error 743: Unsupported character set in table or
index was returned instead of Error 906: Unsupported attribute
type in index.
* Within stored routines, usernames were parsed incorrectly if
they were enclosed within quotes.
* Casting a string to DECIMAL worked, but casting a trimmed
string (using LTRIM() or RTRIM()) resulted in loss of decimal
digits. (Bug#17043: http://bugs.mysql.com/17043)
* NDB Cluster: On slow networks or CPUs, the management client
SHOW command could sometimes erroneously show all data nodes
as being master nodes belonging to nodegroup 0.
* If the second or third argument to BETWEEN was a constant
expression such as '2005-09-01 - INTERVAL 6 MONTH' and the
other two arguments were columns, BETWEEN was evaluated
incorrectly. (Bug#18618: http://bugs.mysql.com/18618)
* If the first argument to BETWEEN was a DATE or TIME column of
a view and the other arguments were constants, BETWEEN did not
perform conversion of the constants to the appropriate
temporary type, resulting in incorrect evaluation.
* Server and clients ignored the --sysconfdir option that was
passed to configure. (Bug#15069: http://bugs.mysql.com/15069)
* NDB Cluster: In a 2-node cluster with a node failure,
restarting the node with a low value for StartPartialTimeout
could cause the cluster to come up partitioned ("split-brain"
issue). (Bug#16447: http://bugs.mysql.com/16447)
A similar issue could occur when the cluster was first started
with a sufficiently low value for this parameter.
* NDB Cluster: On systems with multiple network interfaces, data
nodes would get "stuck" in startup phase 2 if the interface
connecting them to the management server was working on node
startup while the interface interconnecting the data nodes
experienced a temporary outage.
* NDB Cluster: Unused open handlers for tables in which the
metadata had changed were not properly closed. This could
result in stale results from Cluster tables following an ALTER
TABLE. (Bug#13228: http://bugs.mysql.com/13228)
* NDB Cluster: Uninitialised internal variables could lead to
unexpected results. (Bug#11033: http://bugs.mysql.com/11033,
* For InnoDB tables, an expression of the form col_name BETWEEN
col_name2 - INTERVAL x DAY AND col_name2 + INTERVAL x DAY when
used in a join returned incorrect results.
* INSERT DELAYED into a view caused an infinite loop.
* Lettercase in database name qualifiers was not consistently
handled properly in queries when lower_case_table_names was
set to 1. (Bug#15917: http://bugs.mysql.com/15917)
* The optimizer could cause a server crash or use a non-optimal
subset of indexes when evaluating whether to use Index
Merge/Intersection variant of index_merge optimization.
* The presence of multiple equalities in a condition after
reading a constant table could cause the optimizer not to use
an index. This resulted in certain queries being much slower
than in MySQL 4.1. (Bug#16504: http://bugs.mysql.com/16504)
* A recent change caused the mysql client not to display NULL
values correctly and to display numeric columns left-justified
rather than right-justified. The problems have been corrected.
* mysql_reconnect() sent a SET NAMES statement to the server,
even for pre-4.1 servers that do not understand the statement.
* COUNT(*) on a MyISAM table could return different results for
the base table and a view on the base table.
* DELETE with LEFT JOIN for InnoDB tables could crash the server
if innodb_locks_unsafe_for_binlog was enabled.
* InnoDB failure to release an adaptive hash index latch could
cause a server crash if the query cache was enabled.
* For mysql.server, if the basedir option was specified after
datadir in an option file, the setting for datadir was ignored
and assumed to be located under basedir.
* The euro sign () was not stored correctly in columns using
the latin1_german1_ci or latin1_general_ci collation.
* EXTRACT(QUARTER FROM date) returned unexpected results.
* TRUNCATE did not reset the AUTO_INCREMENT counter for MyISAM
tables when issued inside a stored procedure.
Note: This bug did not affect InnoDB tables. Also, TRUNCATE
does not reset the AUTO_INCREMENT counter for NDBCluster
tables regardless of when it is called (see
* The server was always built as though
--with-extra-charsets=complex had been specified.
* A query using WHERE (column_1, column_2) IN ((value_1,
value_2)[, (..., ...), ...]) would return incorrect results.
* Queries of the form SELECT DISTINCT timestamp_column WHERE
date_function(timestamp_col) = constant did not return all
matching rows. (Bug#16710: http://bugs.mysql.com/16710)
* When running a query that contained a GROUP_CONCAT( SELECT
GROUP_CONCAT(...) ), the result was NULL except in the ROLLUP
part of the result, if there was one.
* For tables created in a MySQL 4.1 installation upgraded to
MySQL 5.0 and up, multiple-table updates could update only the
first matching row. (Bug#16281: http://bugs.mysql.com/16281)
* NDB Cluster: When multiple node restarts were attempted
without allowing each restart to complete, the error message
returned was Array index out of bounds rather than Too many
crashed replicas. (Bug#18349: http://bugs.mysql.com/18349)
* CAST (double AS SIGNED INT) for large double values outside the
signed integer range truncates the result to be within range,
but the result sometimes had the wrong sign, and no warning
was generated. (Bug#15098: http://bugs.mysql.com/15098)
* Updating a field value when also requesting a lock with
GET_LOCK() would cause slave servers in a replication
environment to terminate.
Joerg Bruehe, Senior Production Engineer
MySQL AB, www.mysql.com
Nyheten inskickad av hagman
PHP 5.1.3 - 2006-05-02 12:08:02
The PHP development team is proud to announce the release of PHP 5.1.3. This release combines a few feature enhancements with a significant amount of bug fixes and resolves a number of security issues. All PHP users are encouraged to upgrade to this release as soon as possible.
The security issues resolved include the following:
Disallow certain characters in session names.
Fixed a buffer overflow inside the wordwrap() function.
Prevent jumps to parent directory via the 2nd parameter of the tempnam() function.
Enforce safe_mode for the source parameter of the copy() function.
Fixed cross-site scripting inside the phpinfo() function.
Fixed offset/length parameter validation inside the substr_compare() function.
Fixed a heap corruption inside the session extension.
Fixed a bug that would allow variable to survive unset().
The feature enhancements include the following notables:
The use of the var keyword to declare properties no longer raises a deprecation E_STRICT.
FastCGI interface was completely reimplemented.
Multitude of improvements to the SPL, SimpleXML, GD, CURL and Reflection extensions.
Support for many additional date formats added to the strtotime() function.
A number of performance improvements added to the engine the core extensions.
Added imap_savebody() that allows message body to be written to a file.
Added lchown() and lchgrp() to change user/group ownership of symlinks.
Upgraded bunbled PCRE library to version 6.6
The release also includes over 120 bug fixes with a focus on:
Make auto_globals_jit work without too many INI changes.
Fixed tiger hash algorithm generating wrong results on big endian platforms.
Fixed a number of errors in the SOAP extension.
Fixed recursion handling in the serialize() functionality.
Make is_*() function account of open_basedir restrictions.
Fixed a number of crashes in the DOM and PDO extensions.
Addressed a number of regressions in the strtotime() extension.
Make memory_limit work in Win32 systems.
Fixed a deadlock in the sqlite extension caused by the sqlite_fetch_column_types() function.
Fixed memory leaks in the realpath() cache.
The full details of the changes in PHP 5.1.3 can be found here:
PHP Development Team
Nyheten inskickad av hagman
Apache HTTP Server 2.2.2 - 2006-05-01 08:13:03
The Apache Software Foundation and The Apache HTTP Server Project are
pleased to announce the release of version 2.2.2 of the Apache HTTP
We consider this release to be the best version of Apache available, and
encourage users of all prior versions to upgrade.
Apache HTTP Server 2.2.2 is available for download from:
Apache 2.2 offers numerous enhancements, improvements, and performance
boosts over the 2.0 codebase. For an overview of new features introduced
since 2.0 please see:
Please see the CHANGES_2.2 file, linked from the download page, for a
full list of changes.
Apache HTTP Server 1.3.35 and 2.0.58 legacy releases are also available
with minor bugfixes. See the appropriate CHANGES from the url above.
The Apache HTTP Project developers strongly encourages all users to
migrate to Apache 2.2, as only limited maintenance is performed on these
This release includes the Apache Portable Runtime (APR) version 1.2.7
bundled with the tar and zip distributions. The APR libraries libapr,
libaprutil, and (on Win32) libapriconv must all be updated to ensure
binary compatibility and address many known platform bugs.
This release has been through extensive testing, including live at some
of the world's busiest sites, and is now considered stable. This means
that modules and applications developed for Apache 2.2.2 will be both
source- and binary-compatible with future 2.2.x releases. This release
builds on and extends the Apache 2.0 API. Modules written for Apache 2.0
will need to be recompiled in order to run with Apache 2.2, but no
substantial reworking should be necessary.
When upgrading or installing this version of Apache, please bear in mind
that if you intend to use Apache with one of the threaded MPMs, you must
ensure that any modules you will be using (and the libraries they depend
on) are thread-safe.
Nyheten inskickad av hagman
phpBB 2.0.20 released - 2006-04-08 09:18:02
Ja då var det dags för release av det utmärkta forum systemet phpBB 2.0.20
Här nedan är en kort sammanfattning om ändringar i denna version:
För att läsa allt gå till denna länk:
| The changelog (contained within this release) is as follows:|
* [Fix] Prevent login attempts from incrementing for inactive users
* [Fix] Do not check maximum login attempts on re-authentication to the admin panel - tomknight
* [Fix] Regenerate session keys on password change
* [Fix] retrieving category rows in index.php (Bug #90)
* [Fix] improved index performance by determining the permissions before iterating through all forums (Bug #91)
* [Fix] Better handling of short usernames within the search (bug #105)
* [Fix] Send a no-cache header on admin pages as well as normal board pages (Bug #149)
* [Fix] Apply word censors to the message when quoting it (Bug #405)
* [Fix] Improved performance of query in admin_groups (Bug #753)
* [Fix] Workaround for an issue in either PHP or MSSQL resulting in a space being returned instead of an empty string (bug #830)
* [Fix] Correct use of default_style config value (Bug #861)
* [Fix] Replace unneeded unset calls in admin_db_utilities.php - vanderaj
* [Fix] Improved error handling in modcp.php
* [Fix] Improved handling of forums to which the user does not have any explicit permissions - vanderaj
* [Fix] Assorted fixes and cleanup of admin_ranks.php, now requires confirmation of deletions
* [Fix] Assorted fixes and cleanup of admin_words.php, now requires confirmation of deletions
* [Fix] Addition and editing of smilies can no longer be performed via GET, now requires confirmation of deletions
* [Fix] Escape group names in admin_groups.php
* [Sec] Replace strip_tags with htmlspecialchars in private message subject
* [Sec] Some changes to HTML handling if enabled
* [Sec] Escape any special characters in reverse dns - Anthrax101
* [Sec] Typecast poll id values - Anthrax101
* [Sec] Added configurable search flood control to reduce the effect of DoS style attacks
* [Sec] Changed the way we create "random" values for use as keys - chinchilla/Anthrax101
* [Sec] Enabled Visual Confirmation by default
* [Change] Changed handling of the case where a selected style doesn't exist in the database
* [Change] Changed handling of topic pruning to improve performance
* [Change] Changed default forum permissions to only allow registered users to post in new forums
Nyheten inskickad av BlueEyes