PHP 5.3.9 release was mostly meant to fix a security bug, but it introduced a new more serious bug. PHP 5.3.10 was just released to fix this issue. [...] This time it is a bug that allows arbitrary remote code execution. This means that it allows to run arbitrary code on the server, injected by an eventual attacker, so it can be used to cause many types of damage inside a server.

The upgrade to PHP 5.3.10 is highly recommended to prevent this issue from effecting your applications. The post also mentions the dropping of Suhosin support (a security plugin for PHP) on the Debian linux distribution's default installation and how the PHP community has reacted to the decision.

The PHP development team would like to announce the immediate availability of PHP 5.3.10. This release delivers a critical security fix. [...] Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830.

It is highly recommended that users upgrade to this latest version to avoid falling victim to this recently introduced bug relating to the new "max_input_vars" setting added to protect from the overflow issue recently brought up in the PHP community.

PHP 5.4.0 is planned to be released on February, 2 2012. By the time you are reading this, it may already been out. It is a result of many months of development. Many features were proposed for this release. Some made into this version, others did not make it at least for now. So, now you may be wondering which interesting features really made it. Let me tell you more about some of the more interesting features present in this release.

The article mentions some of the usual major features that can be found in just about every "in PHP 5.4" list - traits, the built-in web server, binary notation for integers - but it also includes some of the features that didn't make the cut this time (like annotations and the inclusion of the APC caching extension). Also included are questions to ask to see if the upgrade is for you like:

• Do you need the new features?
• Do you need the updates now?
• Try it and test it in dev first - does it meet your needs or cause other bugs?

The planned release for PHP 5.4 is during the first week of February (2012). Additionally, if you'd like to give the PHP development group some help testing out the latest Release Candidate, you can find instructions here.

One set of changes that I think is particularly important was largely overlooked: For PHP 5.4 cataphract (Artefacto on StackOverflow) heroically rewrote large parts of htmlspecialchars thus fixing various quirks and adding some really nice new features. Here a quick summary of the most important changes: UTF-8 as the default charset, improved error handling (ENT_SUBSTITUTE) and Doctype handling (ENT_HTML401,...).

He goes into each of these three main features in a bit more detail, providing code to illustrate the improved error handling and the new flags for Doctype handling (covering HTML 4.01, HTML 5, XML 1 and XHTML).

The PHP development team announces the 6th release candidate of PHP 5.4. PHP 5.4 includes new language features and removes several legacy (deprecated) behaviours. Windows binaries can be downloaded from the Windows QA site. [...] The 6th release candidate focused on improving traits. Please test them carefully and help us to identify bugs in order to ensure that the release is solid and all things behave as expected.

You can download this latest release from the PHP QA site (Windows binaries) and test it on your local instance/applications. Any and all feedback about issues should be reported to either the QA mailing list or on the bug tracker. A complete list of updates is available in the NEWS file.

The PHP development team would like to announce the immediate availability of PHP 5.3.9. This release focuses on improving the stability of the PHP 5.3.x branch with over 90 bug fixes, some of which are security related.

Bugfixes and updates in this release include the max_input_vars directive, an autoloading issue with is_a and changes to the FPM SAPI module. You can see the full list of changes here or just go over and download this latest release and get to installing - source, Windows binaries.

The PHP development team announces the 5th release candidate of PHP 5.4. PHP 5.4 includes new language features and removes several legacy (deprecated) behaviours. Windows binaries can be downloaded from the Windows QA site.

Bugs fixed in this version include a few to the Core, SAPI/CLI SAPI, PHP-FPM support and improvements to the session extension. Download and test out this latest version on your systems - the more feedback they receive the better! You can report issues you might find on the PHP bug tracker.

When I initially announced the Aura project, it was targeted at PHP 5.3. With a stable release of PHP 5.4 impending, we have moved the target to PHP 5.4. In addition, we have made 1.0.0-beta1 releases of almost all the component packages. (See an earlier announcement from Hari KT.)

The components include: a dependency injection container, an autoloader and a view system that are all self-contained with no other dependencies. You can find the complete code for these containers (and one for combining them all into a single system) on the project's github page.

The PHP development team is proud to announce the 4th release candidate of PHP 5.4. PHP 5.4 includes new language features and removes several legacy (deprecated) behaviours. Windows binaries can be downloaded from the Windows QA site. THIS IS A RELEASE CANDIDATE - DO NOT USE IT IN PRODUCTION! This is the 4th release candidate. The release candidate phase is intended as a period of bug fixing prior to the stable release. No new features should be included before the final version of PHP 5.4.0.

Updates in this release candidate include an update to the max_input_vars directive and a fix for a segfault in the traits code. You can find the full notes for the release in the NEWS file and can download the latest from the PHP.net site - source downloads, Windows binaries.

The PHP development team is proud to announce the third release candidate of PHP 5.4. PHP 5.4 includes new language features and removes several legacy (deprecated) behaviours. Windows binaries can be downloaded from the Windows QA site. THIS IS A RELEASE CANDIDATE - DO NOT USE IT IN PRODUCTION!. This is the third release candidate. The release candidate phase is intended as a period of bug fixing prior to the stable release. No new features should be included before the final version of PHP 5.4.0.

Major changes include the introduction of UTS #46 mapping support in the intl extension and the inclusion of SERVER_NAME and SERVER_PORT into the $_SERVER superglobal for CLI. You can find more changes listed in the NEWS file and can download the latest from the PHP.net site (or your favorite mirror): source, Windows binaries.