PHP6 suspended
For many days the eyes of the developers were facing the future of PHP 6. Rasmus Lerdorf hand a statement to announce that construction of the version 6 was deadlocked and therefore this branch has been stopped.
The decision of this difficult choice is caused by the integration of Unicode, which shows that this site is harder to implement than forecast.
Of course the contributors in this industry want to leave a little time to find a new trend.
Regarding other developments that would occur with PHP 6 are
- Improvement of Object Oriented Programming
- Improved security and functionality
- Evolution of deposit PECL
- Various improvements
These points are still valid and should be integrated in future versions
Drupal 6.16 and 5.22 released
Drupal 6.16 and 5.22, maintenance releases which fix issues reported through the bug tracking system, as well as security vulnerabilities, are now available for download. Drupal 6.16 also fixes other smaller
Upgrading your existing Drupal 5 and 6 sites is strongly recommended.
Download Drupal 6.16
Download Drupal 5.22
Drupal website
TYPO3 : The Bug Days are back!
The Bug Days went dormant for a couple of months, but they're not dead! Join us on Friday, March 26th.
After a spell of cold sleep, the Bug Days are back. As usual they are planned for every last Friday of each month. The next Bug Day is thus planned for Friday, March 26th.
TYPO3 4.3.2 and 4.2.12 released
The TYPO3 Core Team announces versions 4.3.2 and 4.2.12 of the TYPO3 Enterprise Content Management System.
They are announcing the release of the following TYPO3 updates:
- TYPO3 4.3.2
- TYPO3 4.2.12
All versions are maintenance releases and contain bugfixes and security fixes.
IMPORTANT: These versions include important security fixes to the TYPO3 core. A security announcement has just been released:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-004/
Techcrunch.com down !
Here's what you see when you want to go to techcrunch.com this morning...
New jailbreaked iPhone worm !
A new worm is added to the family of malware targeting smartphones from Apple. The International Institute SRI Malware Threat Center has published a study on a new variant of the worm iKee.B (duh) that transforms the jailbreaked iPhone into zombie machines.
Captured on 25 last month, this new variant targets jailbroken iPhones, one operator as its predecessors, a flaw in the SSH service present on all jailbroken iPhones.
IPhones become infected by the result of zombie machines controlled remotely by a server located in Lithuania, to divert their data.
This worm does not seem to worry that Apple keeps repeating that the use of jailbroken iPhones is a security risk
WordPress 2.9.1 Beta 1
Unfortunately, the recent 2.9 release triggered a bug in certain versions of PHP’s curl extension. With these versions of curl, scheduled posts and pingbacks are not processed correctly. To fix this problem as well as a handful of other, lesser issues, we are quickly releasing 2.9.1, the first maintenance release of the 2.9 line. Help us get 2.9.1 ready to go by testing 2.9.1 Beta 1. The easiest way to test Beta 1 is to install the WordPress Beta Tester plugin, elect to get on the point release development track, and then perform an automatic upgrade via the Tools->Upgrade menu. You can also download the Beta 1 package and install manually. Fourteen tickets have been fixed in 2.9.1 Beta 1. Since the curl problem and a couple of other problems are dependent on specific hosting configurations, any and all testing help is greatly appreciated.
Source : wordpress.org
PHP 5.2.12
PHP 5.2.12 is out now. It's really important to update the production servers.
Security Enhancements and Fixes in PHP 5.2.12:
- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
- Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)
- Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas)
- Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)
Source : php.net
TYPO3 Security Issues
Security vulnerabilities have been discovered in following third party TYPO3
extensions:
- "Calendar Base" (cal)
- "Direct Mail" (direct_mail)
- "[AN] Search it!" (an_searchit)
- "Simple download-system with counter and categories" (kk_downloader)
- "Automatic Base Tags for RealUrl" (lt_basetag)
- "Trips" (mchtrips)
- "simple Glossar" (simple_glossar)
- "TW Productfinder" (tw_productfinder)
- "DB Integration" (wfqbe)
Go there for cal
Go there for direct_mail
Go there for the rest