The latest release of Perl, Perl 5.18, is now available as a stable release. Among the many changes that have taken place over the twelve months of development and 400,000 changed lines of code, is a major overhaul of how hashing is implemented.

The new hash implementation uses a random seed which will vary the return values from keys() , values() and each() each time a program is run; this change makes Perl's hashes more robust and exposes hash-order dependency bugs. This improvement in security is accompanied by a fix for code injection through translations (CVE-2012-6329) and stopping Perl calling memset with a negative value (CVE-2012-5195), a problem which could become a heap overrun.

Experimental features include lexical subroutines, which give control of scope to the coder when defining a subroutine, and set operations in regular expressions. One feature, the lexical $_ introduced in Perl 5.10, has been made experimental because "it has caused much confusion with no obvious solution".

Another change is related to how these experimental features are used; this means experimental features will emit warnings unless Perl's runtime is told not to warn. New features will emit these warnings as will some older experimental features; a list of experimental features is available. At the other end of the life cycle, the Perl developers have also decided to finally remove support for a number of abandoned platforms; BeOS, UTS Global, VM/ESA, MPE/IX, EPOC and Rhapsody.

Details of these and the many other changes in Perl 5.18 are available in the Perldelta file for 5.18. Perl 5.18 source code is also available and directions for installing or downloading Perl are on perl.org. Also just released is StrawberryPerl 5.18.01, a version of Perl with supporting tools that works on Windows. Perl is licensed under the GPL or the Artistic Licence.

(djwm)