The PHP development team first released 5.4.2 which had a security fix for CGI string parameters and shortly thereafter the released 5.4.3 which solved some other security problems with buffer overflows. I urge you to update it if you are using older versions on a production platform. I’ve successfully tested it on my servers without a noticeable problem.

• Fixed bug #61807 Buffer Overflow in apache_request_headers, CVE-2012-2329.
• Fixed bug #61910 Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311.
• Fixed bug #61910 Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.

To see the complete buglist solved in this release, read them in the ChangeLog.

For instructions on how to upgrade PHP please read: Upgrading PHP.

The PHP development team released 5.4.1, it contains some security updates and I urge you to update it if you were using 5.4.0 on a production platform. I’ve successfully tested it on my servers without a noticeable problem.

• Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
• Add open_basedir checks to readline_write_history and readline_read_history.

To see the complete buglist solved in this release, read them in the ChangeLog.

For instructions on how to upgrade PHP please read: Upgrading PHP.

The PHP development team released 5.4.0, it is the next major milestone in the development of PHP. I’ve successfully tested it on my servers without a noticeable problem. First use this on a development machine, if you can wait for 5.4.1 before putting it on a production machine there might be some nasty bugs in it which haven’t been found.

Some of the key new features include (copied from the PHP website):
traits, a shortened array syntax, a built-in webserver for testing purposes and more. PHP 5.4.0 significantly improves performance, memory footprint and fixes over 100 bugs.

For users upgrading from PHP 5.3 there is a migration guide available here, detailing the changes between those releases and PHP 5.4.0.

For instructions on how to upgrade your PHP installation please read: Upgrading PHP.

The PHP development team released 5.3.10, it contains a critical security update and I urge you to perform the update. I’ve successfully tested it on my servers without a noticeable problem.

• Fixed arbitrary remote code execution vulnerability reported by
  Stefan Esser, CVE-2012-0830.

To see the buglist solved in this release, read them in the ChangeLog.

For instructions on how to upgrade PHP please read: Upgrading PHP.

The PHP development team released 5.3.9, it is an improvement on the stability and contains some security fixes. I’ve successfully tested it on my servers without a noticeable problem.

Security Enhancements and Fixes in PHP 5.3.9:

• Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885)
• Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566)

Key enhancements in PHP 5.3.9 include:

• Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of).
• Fixed bug #55609 (mysqlnd cannot be built shared)
• Many changes to the FPM SAPI module

To see the buglist solved in this release, read them in the ChangeLog.

For instructions on how to upgrade PHP please read: Upgrading PHP.