The PHP development team would like to announce the immediate availability of PHP 5.2.5. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release. Further details about the PHP 5.2.5 release can be found in the release announcement for 5.2.5, the full list of changes is available in the ChangeLog for PHP 5.Security Enhancements and Fixes in PHP 5.2.5:Fixed dl() to only accept filenames. Reported by Laurent Gaffie.Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus LerdorfFixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.5. More info

The PHP documentation team is pleased to announce the initial release of the new build system that generates the PHP Manual. Written in PHP, PhD ([PH]P based [D]ocBook renderer) builds are now available for viewing at docs.php.net. Everyone is encouraged to test and use this system so that bugs will be found and squashed. Once the new build system is stable, expect additional changes to the PHP manual that will include an improved navigation system and styling for OOP documentation. Feel free to set this developmental mirror as your default by using my.php. More info

The PHP documentation team is proud to present to the PHP community a few fixes and tweaks to the PHP Manual, including:an improved, XSL-based build system that will deliver compiled manuals to mirrors in a more timely manner (goodbye dsssl)manual pages can now contain images (see imagearc() for an example)updated function version information and capture system (fewer "no version information, might be only in CVS" messages)... and more to come!Please help us improve the documentation by submitting bug reports, and adding notes to undocumented functions. More info

Happy 2008! At the risk of being a cad (or just plain annoying and silly)&#8230; Zed Shaw, (ex-?)author of Mongrel, makes this remark in his end of year epiphany Rails is a Ghetto; (15:11:12) DHH: before fastthread we had ~400 restarts/day (15:11:22) DHH: now we have perhaps 10 (15:11:29) Zed S.: oh nice (15:11:33) Zed S.: and that&#8217;s still fastcgi [...]<br style="clear: both;"/> <img alt="" style="border: 0; height:1px; width:1px;" border="0" src="http://www.pheedo.com/img.phdo?i=d0ed98a3903a31af8b0c9fab7c66043e" height="1" width="1"/> <img src="http://www.pheedo.com/feeds/tracker.php?i=d0ed98a3903a31af8b0c9fab7c66043e" style="display: none;" border="0" height="1" width="1" alt=""/> More info

I&#8217;ve been using Emacs as my primary editor for a while now. A lot of people prefer IDE&#8217;s, but I&#8217;ve never been comfortable with them. I kind of like the ability to show a list of classes &#38; functions in a file though. Emacs can use ctags to generate a list of tokens for a [...]<br style="clear: both;"/> <img alt="" style="border: 0;" border="0" src="http://www.pheedo.com/img.phdo?i=1be077ffb19c4b95485c62ebfa181015"/> More info

The PHP development team would like to announce the immediate availability of PHP 5.2.4. This release focuses on improving the stability of the PHP 5.2.X branch with over 120 various bug fixes in addition to resolving several low priority security bugs. All users of PHP are encouraged to upgrade to this release. Further details about the PHP 5.2.4 release can be found in the release announcement for 5.2.4, the full list of changes is available in the ChangeLog for PHP 5. Security Enhancements and Fixes in PHP 5.2.4:Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)Fixed integer overflow in str[c]spn(). (Reported by Mattias Bengtsson)Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Mattias Bengtsson)Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz)Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)Fixed an open_basedir bypass inside glob() function (Reported by dr at peytz dot dk)Fixed a possible open_basedir bypass inside session extension when the session file is a symlink (Reported by c dot i dot morris at durham dot ac dot uk)Improved fix for MOPB-03-2007.Corrected fix for CVE-2007-2872. For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.4. More info

The news on the front page of php.net has changed, the conference announcements are now located on their own page. The idea is to keep php.net specific news clear and also opens the door for additional news entries, like for RC releases. More changes are on the way so keep an eye out. More info

'The release of PDT 1.0 is great news as it will allow the estimated 4.5 million PHP developers to begin using Eclipse-based tools and greatly expand the entire Eclipse community,' said Mike Milinkovich, general director of the Eclipse organization, as The Eclipse Foundation this week announced the availability of the 1.0 release of the Eclipse PHP Development Tools (PDT) project. More info

The PHP development team would like to announce the immediate availability of PHP 5.2.3. This release continues to improve the security and the stability of the 5.X branch as well as addressing two regressions introduced by the previous 5.2 releases. These regressions relate to the timeout handling over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in certain conditions. All users are encouraged to upgrade to this release. Further details about the PHP 5.2.3 release can be found in the release announcement for 5.2.3, the full list of changes is available in the ChangeLog for PHP 5. Security Enhancements and Fixes in PHP 5.2.3:Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.Added mysql_set_charset() to allow runtime altering of connection encoding. For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.3. More info

The PHP development team would like to announce the immediate availability of PHP 4.4.6. The main issue that this release addresses is a crash problem that was introduced in PHP 4.4.5. The problem occurs when session variables are used while register_globals is enabled. Details about the PHP 4.4.6 release can be found in the release announcement for 4.4.6, the full list of changes is available in the ChangeLog for PHP 4. More info