In his latest posting on his blog, Robert Peake discussses the latest PHP release and how it seems that there are forces at work who are "spinning this release as a knock against PHP".

Since we are now starting to see news reports about the latest release of PHP, and since these reports seem to be spinning this release as a knock against PHP, I thought I'd offer some context. My understanding is that the biggest security problem this release fixes is an infinite loop/buffer overflow problem with getimagesize, wherein a specially crafted user-defined image passed to the getimagesize function could create a DoS or arbitrary code execution problem.

He talks more about the security release, how it has labeled the above issue as a "high risk" situation (because of the potential for damage to a server/application). However, the security update does seem to leave out the fact that only sites that accept user-provided images are really the ones at risk.

So, narrow the field on that risk and I'd have to agree with Robert here - things are getting a little too out of control on security responses. Though, when it all comes down to it, I'd much rather everyone out there really jump on an issue like this rather than see it, disregard it with an "it'll never happen to me", and then suffer the consequences. That said, I think drama like this does seem a bit excessive...