I got an email from the PHP announcement list that version 5.2.6 is released. I have tested it today on Tiger and Leopard and I can tell you everything works as far as I can tell.

Security Enhancements in PHP 5.2.6:

  • Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
  • Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
  • Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
  • Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
  • Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
  • Upgraded bundled PCRE to version 7.6

For all the changes in 5.2.6 read the ChangeLog.