The PHP development team would like to announce the immediateavailability of PHP 5.2.7. This release focuses on improving the stability ofthe PHP 5.2.x branch with over 120 bug fixes, several of which are security related.All users of PHP are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.7:

• Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)
• Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz.
• Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz.
• Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
• Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
• Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
• Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660)
• Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829)

Further details about the PHP 5.2.7 release can be found in the release announcement for 5.2.7, the full list of changes is available in the ChangeLog for PHP 5.

The PHP development team is proud to announce the third alpha release of the upcoming PHP 5.3.0 minor version update of PHP. Several new features have already been documented in the official documentation, others are listed on the wiki in preparation of getting documented. It is imperative that more people join the effort to complete the documentation for PHP 5.3.0. Please also review the NEWS file.

The purpose of this alpha release is to encourage users to not only actively participate in identifying bugs, but also in ensuring that all new features or necessary backwards compatibility breaks are noted in the documentation. Please report any findings to the QA mailinglist or the bug tracker.

There have been a great number of other additions and improvements since the last alpha, but here is a short overview of the most important changes:

• Namespaces (documentation has been updated to the current state)
• Rounding behavior
• ext/msql has been removed, while ext/ereg will now raise E_DEPRECATED notices
• ext/mhash has been replaced by ext/hash but full BC is maintained
• PHP now uses cc as the default compiler, instead of gcc
• A number of bug fixes to ext/pdo, ext/soap, the stream layer among others

Several under the hood changes also require in depth testing with existing applications to ensure that any backwards compatibility breaks are minimized.

The current release plan expects a stable release sometime around the end of Q1 2009.

December is a busy and exciting time of the year. PHP Advent is an attempt to capture and share doses of wisdom from a few of the people in the PHP community who have been kind enough to share their thoughts and tips. Please join us on our daily journey by subscribing to our feed or following us on Twitter. Happy holidays.

The PHP development team would like to announce the immediate availability of PHP 4.4.9. It continues to improve the security and the stability of the 4.4 branch and all users are strongly encouraged to upgrade to it as soon as possible. This release wraps up all the outstanding patches for the PHP 4.4 series, and is therefore the last PHP 4.4 release.

Security Enhancements and Fixes in PHP 4.4.9:

• Updated PCRE to version 7.7.
• Fixed overflow in memnstr().
• Fixed crash in imageloadfont when an invalid font is given.
• Fixed open_basedir handling issue in the curl extension.
• Fixed mbstring.func_overload set in .htaccess becomes global.

For a full list of changes in PHP 4.4.9, see the ChangeLog.

The PHP development team is proud to announce the first alpha release of the upcoming minor version update of PHP. Windows binaries will be available starting with alpha2 (intermediate snapshots available at snaps.php.net). The new version PHP 5.3 is expected to improve stability and performance as well as add new language syntax and extensions. Several new features have already been documented in the official documentation, others are listed on the wiki in preparation of getting documented. Please also review the NEWS file.

The purpose of this alpha release is to encourage users to not only actively participate in identifying bugs, but also in ensuring that all new features or necessary backwards compatibility breaks are noted in the documentation. Please report any findings to the QA mailinglist or the bug tracker.

There have been a great number of other additions and improvements, but here is a short overview of the most important changes:

• Namespaces (documentation maybe out dated)
• Late static binding and __callStatic
• Lambda functions and closures
• Addition of the intl, phar (phar is scheduled for some more work a head of alpha2), fileinfo and sqlite3 extensions
• Optional cyclic garbage collection
• Optional support for the MySQLnd replacement driver for libmysql
• Windows older than Windows 2000 (Windows 98, NT4, etc.) are not supported anymore (details)
• New syntax features like NOWDOC, limited GOTO, ternary short cut "?:"

Several under the hood changes also require in depth testing with existing applications to ensure that any backwards compatibility breaks are minimized. This is especially important for users that require the undocumented Zend engine multibyte support.

The current release plan states that there will be alpha/beta/RC releases in 2-3 week intervals with an expected stable release of PHP 5.3 between mid September and mid October of 2008.