This was a great security fix, solving an issue with insecure passwords due to incorrect behavior. HOWEVER, what wasn't made clear, is that this change was actually a backwards compatibility break. If you upgraded to 5.3.7+ data hashed pre-5.3.7 would no longer match data hashed post-5.3.7; this means if you use it for passwords, it will no longer match. So what's the deal here?

He talks about the differences in the two methods of encryption, the newer being the "more correct" way of doing things. If you need the backwards compatibility because of previously hashed values, you can use the "$2x$" prefix instead of the usual "$2a$". He includes a snippet of code that can be used to upgrade all of your previously hashed blowfish passwords up to the new format.

It's incredibly rare for the Internals crew to ever consider breaking backwards compatibility, but some of the most important changes in PHP 5.4 do just that by removing old "features." None of these changes should impact modern PHP code. If somehow you get bitten by any of these changes, chances are that your code dates from the PHP 4 era.

Included in his list of updates/removals/improvements are things like the full removal of safe_mode, dropping register_globals, pulling out call time pass by reference and the removal of the session registration methods.