Hello, okay, mistakes happen everyday but it really sucks that PHP.net continues trying to hide mistakes.
1) PHP 5.1.4 was released with a nonsense announcement claiming that there was only a problem with POST arrays or POST fileuploads. -> In reality a paid Zend developer had destroyed the handling of arrays in any kind of user input in PHP 5.1.3 completely. Ironically after that incident another Zend man came forward and dares to say "I don't trust our core testers anymore" 2) PHP 5.1.4 was lacking the PEAR installer which resulted in make install downloading the file from the web. a) this part should be removed from the make file completlely because 'make install' is usually executed as root and under no circumstances should download a file from an insecure HTTP source. b) this fact was again hidden by silently replacing the PHP 5.1.4 tarball with a new one, after the other one was out for more than a week. PHP.net is more and more turning into Microsoft (more than 3 months to resolve critical security problems). I guess that comes with the involvement of Enterprise companies. Yours, Stefan Esser -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php