I test extensively with embedding (compiling to C) across all versions and most OS for a commercial environment on the net.

5.6.2 with hardened hashes is the best, memory efficient and speed wise. I know of no leaks. I posted my hash patch to p5p some year ago.

The 2nd best is 5.14.4 but it has the mandatory unicode and warnings/Carp overhead. regex cannot exhaust the stack since 5.10 but anything between 5.10.0 and 5.14.4 is not recommended.
I don't have the hash patch for 5.8 which would be needed for 5.8.2 - 5.8.9 (5.8.1 is fine, but then 5.6.2 is better)

I would also strongly recommend against 5.16 or 5.18 for security and maturity reasons, and 5.16 is very half-baked in handling binary names. 5.18.2 still not good enough to be trusted in the wild and hashes are slower.

5.20.0 is a bit better. It tests now at least against rogue syscalls, but still not against binary names, unicode is taking too much time and memory and random hash seeds got more secure but slower.

I wouldn't trust perlpolicy too much as p5p doesn't even understand the simpliest security concepts needed in the commercial environment and does nothing against them. They usually need to year to get it. And they are not too familiar with the code they are supporting. Their release schedule is fixed, so you cannot trust numbers, you can only trust stability, which needs a few major versions.

So:

  1. 5.14.4
  2. 5.6.2
  3. 5.20.0
perlbrew and perlall apply the needed patches to build, perlall also has some more patches to help embedding with --allpatches. --patches=Asan against buffer overflows and --patches=Compiler to help perlcc for better embedding code.

In reply to Re: Best min. version of perl for use with C embedding? by rurban
in thread Best min. version of perl for use with C embedding? by falinf

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.