Posted by & filed under PHP.

On April 16th 2015, the PHP group released PHP 5.4.40.

14 security-related bugs were fixed in this release, including CVE-2014-9709, CVE-2015-2301, CVE-2015-2783, CVE-2015-1352. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

  • for Debian 7 “Wheezy” and Debian 6 “Squeeze”,
  • on both amd64 and i386 architectures.

The following modules have been packaged too :

  • APC 3.1.13
  • apcu 4.0.7
  • ffmpeg 0.6.0 (Squeeze only)
  • gearman 0.8.3
  • geoip 1.0.8
  • imagick 3.1.2
  • memcache 3.0.8
  • memcached 2.2.0
  • mongo 1.6.6
  • pecl_http 1.7.6
  • pinba (master)
  • redis 2.2.7
  • spplus 1.1
  • ssh2 0.12
  • xcache 3.2.0
  • xdebug 2.3.2
  • xhprof 0.9.4
  • zendopcache 7.0.5

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

5 Responses to “PHP 5.4.40, for Wheezy and Squeeze”

  1. jools

    When you update php, please can you leave around old versions. including things like zendopcache – I have just seen a new problem that might be related, but am unable to downgrade the packages to test as they have been removed from your repository.

  2. Jools

    And it is in the documentation – my sincere apologies! Thanks for the info 🙂

  3. Daniele

    Just a question. I changed session.save_path for cli in php.ini, but it don’t seem to be considered (ini_get). Could it be hardcoded somewhere to: ‘/var/lib/php/session’?

  4. Guillaume Plessis

    @Daniele : no, there is no such thing, you can still overwrite the configuration directive in INI/Apache/.htaccess files.