[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: php 4.3.7 request
> Stardate [040606 21:50]. van Helsing of Borg wrote:
>> From: van Helsing <vh@helith.net>
>> To: Anil Madhavapeddy <anil@recoil.org>
>> Cc: ports@openbsd.org
>> Subject: Re: php 4.3.7 request
>> Organization: Helith Network
>> X-Virus-Scanned: clamd / ClamAV version 0.72, clamav-milter version 0.72
>> on informant.helith.net
>> X-Virus-Status: Clean
>>
>> On Sun, 6 Jun 2004 19:23:42 +0100
>> Anil Madhavapeddy <anil@recoil.org> wrote:
>>
>> Thank you for the information. :)
>> But is it a good choice to run -current ports on a -stable OS?
>> I thought 4.3.7 could be declared as 'patch' of the 4.3.5RC3 becourse
>> it's just a patch release with no new feautures and so it could be part
>> of the -stable ports/packages.
> Why? Is there any security or reliability problem with 3.4.5RC3? Only
> security & reliability fixes go to stable.
php.net says:
------------------------
PHP 4.3.7. This is a maintenance release that in addition to several
non-critical bug fixes, addresses an input validation vulnerability in
escapeshellcmd() and escapeshellarg() functions on the Windows platform.
Users of PHP on Windows are encouraged to upgrade to this release as soon
as possible.
All in all this release fixes over 30 bugs that have been discovered and
resolved since the 4.3.6 release. For a full list of changes in PHP 4.3.7,
see the ChangeLog.
------------------------
AFAIK 4.3.6 and 4.3.7 are only bugfix-releases.
Jonathan