For anyone that missed the security release this week, the main PHP site has some information about the XML-RPC bug that has hit several applications. Unfortunately, this includes the XML_RPC functionality that was included in PHP 4.4.x, so the PHP group have released a patch.

An easily exploitable security issue was discovered in PEAR XML_RPC <= 1.3.0. We recommend that users of this PEAR class immediately upgrade to the latest version with: pear upgrade XML_RPC The same security problem exists in many other XML RPC implementations, please check if the installed applications that you use might have a similar problem. The new PEAR XML_RPC package is also bundled with the second release candidation of PHP 4.4.0RC2. Besides this new PEAR package there are two minor issues fixed since PHP 4.4.0RC1.

As the improved reference support in PHP 4.4 might show as notices and warnings in your existing applications - in cases where PHP formerly just silently ignored this and often causing memory corruptions - we also recommend to test PHP 4.4.0RC2 with your applications. The final release is planned for July 11th. PHP 4.4.0RC2 can be found here.

To get the latest release and upgrade your PHP version to be patched against the bug, you can download the latest release here...