Sorry, I missed this completely. The PHP announcement mailing list isn’t as reliable as I would like to have seen.

The PHP team released 5.2.13 on the 25th of feb 2010 as a security release. Some of the bigger items where:

  • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /).
  • Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak.
  • Improved LCG entropy.

Read everything on this release in the 5.2.13 Release notes. I’ve tested it on one of my test machines without any issues.

The other release was 5.3.2 on the 4th of march 2010 as a regular maintenance release. It includes the fixes from 5.2.13 as described above. Read the 5.3.2 Release notes for everything that is covered in this release. Again tested this on one of my test machines without any problem.

For instructions on how to upgrade your PHP installation please read: Upgrading PHP.