Bug#751112: release-notes: [jessie] Document changes in PHP 5.4->5.5 upgrade
Package: release-notes
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
this needs to be documented in the release notes:
PHP 5.4->5.5
- All internal case insensitivity handling for class, function and constant
names is done according to ASCII rules. Current locale settings are ignored.
- self, parent & static keywords now are always case-insensitive (see bug
#60833).
- Removed Logo GUIDs: php_logo_guid(), php_egg_logo_guid(),
php_real_logo_guid() and zend_logo_guid()
PHP 5.5->5.6
- Core:
By fixing bug #66015 it is no longer possible to overwrite keys in static scalar
arrays. Quick example to illustrate:
class Test {
const FIRST = 1;
public $array = array(
self::FIRST => 'first',
'second',
'third'
);
}
Test::$array will have as expected three array keys (1, 2, 3) and no longer
two (0, 1). self::FIRST will no longer overwrite 'third' having key 1 then,
but will mark the beginning of indexing.
- JSON:
json_decode() no longer accepts non-lowercase variants of lone JSON true,
false or null values. For example, True or FALSE will now cause json_decode to
return NULL and set an error value you can fetch with json_last_error().
This affects JSON texts consisting solely of true, false or null. Text
containing non-lowercase values inside JSON arrays or objects has never been
accepted.
- OpenSSL:
To prevent man-in-the-middle attacks against encrypted transfers client
streams now verify peer certificates by default. Previous versions
required users to manually enable peer verification. As a result of this
change, existing code using ssl:// or tls:// stream wrappers (e.g.
file_get_contents(), fsockopen(), stream_socket_client()) may no longer
connect successfully without manually disabling peer verification via the
stream context's "verify_peer" setting. Encrypted transfers delegate to
operating system certificate stores by default if not overridden via the
new openssl.cafile and openssl.cafile ini directives or via call-time SSL
context options, so most users should be unaffected by this transparent
security enhancement. (https://wiki.php.net/rfc/tls-peer-verification)
- Mcrypt:
The mcrypt_encrypt(), mcrypt_decrypt() and mcrypt_{MODE}() functions no
longer accept keys or IVs with incorrect sizes. Furthermore an IV is now
required if the used block cipher mode requires it.
Especially the OpenSSL change will hit many users.
Ondrej
- -- System Information:
Debian Release: 7.5
APT prefers stable
APT policy: (900, 'stable'), (800, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJTlv0GAAoJEAyZtw70/LsHnYAP/0LfasRQcpE4X4lIaUS5W4cV
61FgAxNku+xKxsmT+qzKoO90pgPQWPHLUxI8sv9Co2sgMeswDtkspdzLOYa9LFWS
3GMsqXNXQB9sz3A13t4UuLt2Ro6VQQGoNN09FYe9Qg9ngx60IUnoF8yrmUiyDxFD
dim+e4G3Jmhv9OnlJC2A0a07qxr72MMcp2AyiF454Rz0/1JEaMw7UusyD4zbac3M
BCrynd5+YWiY8v4VmbTQcavMwHW8FqEHfUpJ1znDjjyCT53cFi8sm3bcToOqUMqo
RhvWvhXmn0NTb/YhSjmcXSmwLWTBA5llNNS7kIOzBN9DEVqrSUjPXh8CYBpiAFHq
tFdPmZYEDd2RRS7OjStUkixyr5yffHaJe/YXyslFrax7ddqAesWRDpFLPMXcz4Zf
+whrNrg1wF/JIMf3lnkmPsz/WLv5PG5jCUW8OnQDXCulzhP446BRBBH0ggqRczjT
pa0b+1/VPUGfKK5u0sIsxGFtdDuUlHRIaDdEgbPykDeHrigAiGOcroRu03TC7nff
KGqKPUC2McF0AEq2YJQ0vJ1a05pEUxrirLl9jfn95GkdLxr2E81oXgmzVKI8IF7C
DB4BqRsWFvId6xwy1TadZq2/hujArm6I86cKoR/oogDmns2GFpsm+qa912hISnJy
PFYrylrTBC9lBGSRhmMf
=48o+
-----END PGP SIGNATURE-----
Reply to: