I’m pleased to announce that we have released today, not only the latest and greatest Perl 5 version to date, 5.26, but we have updates to 5.24 and 5.22 as well. As with all of our releases, you can find them on our download page.
Now let’s dig into the goodness that 5.26 brings.
5.26 has a full fix for CVE-2016-1238. The headline is the “.” in the module load path (“@INC”) is no longer allowed. There is a chance that this will be a breaking change to some code bases, and fixing the root cause is best, but the Perl team has provided a way to disable this solution by setting the PERL_USE_UNSAFE_INC environment variable to 1. Note this is a temporary solution only as it will be phased out in future releases.
The Perl team has been working hard on performance and 5.26 is no different! Performance changes include improvements in hashing, readline, optimized array and hash assignment, conversion of a single digit string to a number, split, and reference assignment.
This release also includes an update to Perl’s fantastic unicode support with the addition of Unicode 9.0. This is a fairly minor update with some new character sets and 72 new emoji characters.
There are a few other potentially breaking changes in this release, and it is recommended that developers review the items listed in the detailed release pod.
On the 5.24 and 5.22 series, we now have 5.24.2 and 5.22.4 maintenance releases with changes to how the @INC issue was originally handled and a few minor bug fixes.
As always, enjoy the new Perls! Download ActivePerl 5.26, 5.24 and 5.22 here.
Vendor risk management spikes when evaluating the cybersecurity practices of open source authors. Learn how you can better manger their risk.