Release Notes: This release is a major stability and security enhancement of the 5.X branch, and all users are strongly encouraged to upgrade to it as soon as possible. The majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely. However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module.
Release Notes: This release addresses a crash problem with the session extension when register_globals is turned on that was introduced in PHP 4.4.5. This release also comes with the new version 7.0 of PCRE and it addresses a number of minor bugs.
Release Notes: A new memory manager for the Zend Engine. An input filtering extension. A JSON extension. A ZIP extension. Hooks for tracking file upload progress. An E_RECOVERABLE_ERROR error mode. DateTime and DateTimeZone objects. The bundled SQLite and PCRE libraries have been upgraded. OpenSSL, MySQL, and PostgreSQL client libraries have been upgraded for Windows installations. There are many performance improvements and over 200 bugfixes.
Release Notes: This release fixes memory_limit on 64bit systems and access to "php://stdin" and family crashes on win32.
Release Notes: Prevents header injection by limiting each header to a single line. Fixes possible XSS inside error reporting functionality. Fixes missing safe_mode/open_basedir checks in the cURL extension. Fixes Apache 2 regression with sub-request handling on non-Linux systems. key() and current() regressions related to references have been fixed. This release also fixes about 30 other defects.
Release Notes: A critical bug with $_POST array handling as well as the FastCGI SAPI has been fixed in PHP 5.1.3.
Release Notes: This is a regression correction release aimed at addressing several issues introduced by PHP 5.1.0. The native date class is withdrawn to prevent namespace conflict with PEAR's date package. A fatal parse error when the last line of the script is a PHP comment has been fixed. eval() no longer hangs when the code being evaluated ends with a comment. An inconsistency in the format of PHP_AUTH_DIGEST between Apache 1 and 2 SAPIs has been fixed. safe_mode/open_basedir checks inside the cURL extension are improved.
Release Notes: This version is a maintenance release that contains numerous bugfixes, including a number of security fixes related to the overwriting of the GLOBALS array. All users of PHP 4.3 and 4.4 are encouraged to upgrade to this version.