If you are using crypt() in your code you might want to hold off on upgrading to 5.3.7 . I messed up. There will be a 5.3.8 soon.
44 plus ones
Shared publicly•View activity
View 7 previous comments
- Germany's Heise news just published a warning: http://www.heise.de/security/meldung/Finger-weg-von-PHP-5-3-7-1328482.htmlAug 23, 2011
- I'm not all that familiar with PHP Development processes, but don't you guys use some sort of Continuous Integration System that automatically builds runs the unit tests?
We set up Hudson for a rather small project in the third semester with automated tests and all that stuff and the PHP Developers haven't? It's seriously worth the trouble!Aug 23, 2011
- http://gcov.php.netWe do. See
You can see the code coverage, test case failures, Valgrind reports and more for each branch.
The crypt change did trigger a test to fail, we just went a bit too fast with the release and didn't notice the failure. This is mostly because we have too many test failures which is primarily caused by us adding tests for bug reports before actually fixing the bug. I still like the practice of adding test cases for bugs and then working towards making the tests pass, however for some of these non-critical bugs that are taking a while to change we should probably switch them to XFAIL (expected fail) so they don't clutter up the test failure output and thus making it harder to spot new failures like this crypt one.Aug 23, 2011
- Ah, thanks for the clarifiactions! So in this case all that was missing was a list of tests that began failing recently ;)Aug 23, 2011
- Correct, but we shouldn't need that. The plan to address this is to move the persistently failing tests from FAIL to XFAIL and then work through them and either fix/remove those tests or fix the code.Aug 23, 2011
- PHP 5.3.8 Released! http://www.php.net/archive/2011.php#id2011-08-23-1Aug 23, 2011