The 2nd release candidate for PHP 5.2.1 is now available for download. The tarballs can be found here: http://downloads.php.net/ilia/php-5.2.1RC2.tar.bz2 (cc6024531e3d4058e32cf740e2fe535f) http://downloads.php.net/ilia/php-5.2.1RC2.tar.gz (3f89c31687762a39f1360b380dd315b4) Since the last release over 30 different bug fixes were made and the two pending patches relating to is_numeric_string() optimization and internal heap protection for the Zend Engine allocator were added. Another important change was the fact that the memory limit is now always enabled and to accommodate this change the default limit value was raised to 128 megabytes to avoid script breakage. We do not anticipate any regressions to be introduced by this RC, but I would still like to ask everyone to take a few minutes and test it against their code base. If you come across any issues report them via http://bugs.php.net/ or reply to this blog post.

The first release candidate of PHP 5.2.1 scheduled for late January is now available for download. The tarballs can be found here: php-5.2.1RC1.tar.bz2 (md5sum: cc6024531e3d4058e32cf740e2fe535f) php-5.2.1RC1.tar.gz (md5sum: bafcdff32bcaa564f65293c1c42d117e) For win32 users binaries are available courtesy of Edin php-5.2.1RC1-Win32.zip (md5sum: 00d6833308931fa58581574b8d364e12) php-debug-pack-5.2.1RC1-Win32.zip (md5sum: ac86975945193455658d85921d835e60) This release is primarily aimed at improving the stability of the language and finalization of features introduced in 5.2.0. There are over 70 different bug fixes, a great deal of performance improvements for Windows users, corrections to the memory manager and the improvement in the filter functionality. I'd like to ask everyone to try this release out and let us know if you come across any issues and/or regressions.

One of the common problems faced by web hosting companies offering PHP is the abuse of the mail() function to send spam. This problem has became further exasperated lately due to use of automated tools that seek sites vulnerable to PHP code execution and use the security hole to inject mailer code that then proceeds to send tons of spam. This of course causes a series problem for a web host such as increased server load, possibility of getting blacklisted and thus having all mail generated by the server rejected and even problems with an up-stream provider. One of the problems with solving the mail() abuse is figuring out who is doing it or perhaps what script was exploited to do it, since the mail() function does not offer any logging mechanism. The uid identifier is generally useless because when PHP is ran as an Apache modules all script share the web server's uid, which yet another reason to use FastCGI. To address this problem one my client's had asked me to write a mail() logging and tracking fac...

It looks like my first two conferences for 2007 are finalized. Things will start in March with the annual PHP Quebec conference where I'll be giving a tutorial on Securing PHP Applications and a session on Migration to PHP 5.2. The conference has an excellent selection of speakers, which includes Rasmus, Derick, Andrei, Marcus and many others and a slew of interesting topics. I'd definitely recommend attending it, especially to Canadians for whom this is probably going to be the closest conference this year. The next conference, PHP|Tek is about two month later in Chicago, organized by PHP|Architect, who are trying a new city every year :-). I have a fairly full agenda, courtesy of Sean, with two tutorials and a session, so I fully expect to lose my voice after the first day. The tutorials will be on High Performance PHP & Securing PHP Applications and will be followed by a quick session on PHP Security Pitfalls two days later. A lot of great speakers during this conference as well, with Sa...

Damien has published the November stats for PHP usage and the year to date summary and a few interesting trends emerge. It would seem that despite a 300% growth (from 12%) in PHP 5.X usage in 2006, it still only commands about 12% of the entire PHP user base. Majority of people still use PHP 4 and when it comes to upgrading (as you can see from a drop in