Friday, May 04, 2007

PHP 5.2.2 and 4.4.7 Released

"PHP 5.2.2 and 4.4.7 have been released with a plethora of security updates. Many of the security notifications come from the Month of PHP Bugs effort, and range from double freed memory to bugs in functions that allow attackers to enable register_globals, to memory corruption with unserialize(), to input validation flaws that allow e-mail header injections, with an unhealthy sprinkling of other bugs and flaws fixed. All administrators that run any version of PHP are encouraged to update immediately."

Our sysadmin installed 5.2.2 on our test instances earlier today, and we'll be testing (and closely watching for external reports) over the next few days before rolling it into production.

Via Slashdot.

No comments: