A little less then a month had passed and we have a new PHP 5 release, 5.2.3 that can downloaded here. As with the prior patch level releases in 5.2.branch, the work continued on improving stability (over 40 bug fixes) and security with a 6 additional security fixes and improvements added. Also, this version contains a few optimizations that hopefully will make this the fastest 5.2 release yet, with improvements in string processing, md5()/sha1() generation and few less syscalls per request. The official release announcement can be found here and the nitty gritty details can be seen in the ChangeLog. I am also happy to say that two regressions introduced by prior releases were addressed, relating to timeouts on non-blocking SSL connection as well as lack of HTTP_RAW_POST_DATA under certain conditions.

Thanks to the surprisingly well working wifi at the moment the slides from the PHP Security pitfalls are now available can be downloaded here. I hope everyone who had been present at the talk had found something interesting that will help them improve the security of their code.

The two tutorials at php|tek went rather well, I am still surprised my voice held up for 6 hours of talking. The slides in PDF form can be found below: Securing PHP Applications PHP & Performance

The PHP 5.2.2 is finally out and can be downloaded at the following URL: http://www.php.net/downloads.php#v5 The release fixes over 120 different bugs in PHP and resolves the majority of MOPB issues identified by Stefan Esser as well as some security bugs that were identified by other security researchers as well as PHP's own developers. You can find out the full details of the changes made via the release announcement as well as the line-by-line changelog. I recommend that all users consider upgrading to this release regardless of the version that they are currently running. However, if you must stay on PHP 4, Derick had released PHP 4.4.7 today as well that contains relevant security fixes.