. Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
in its name). (PR #588)
-?? ??? 2014, PHP 5.4.28
+01 May 2014, PHP 5.4.28
- Core:
. Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
- FPM:
. Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
+ . Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure
+ default configuration) (CVE-2014-0185). (Stas)
- JSON:
. Fixed bug #66021 (Blank line inside empty array/object when
/* uninitialized */
wp->socket_uid = -1;
wp->socket_gid = -1;
- wp->socket_mode = 0666;
+ wp->socket_mode = 0660;
if (!c) {
return 0;
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
-; mode is set to 0666
+; mode is set to 0660
;listen.owner = @php_fpm_user@
;listen.group = @php_fpm_group@
-;listen.mode = 0666
+;listen.mode = 0660
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
projects / php / commitdiff