On InternetNews today, there's this new article about the release of PHP 4.4.1, fixing some larger problems with the GLOBALS and XSS, but poses the question if PHP5 users are still at risk.

A new patch is out for a prior version of open source scripting language PHP, which addresses a recently-discovered security issue in version 4.

But the current version of PHP 5 (define) may also be at risk from vulnerabilities that aren't currently patched in that version. PHP security group, the Hardened-PHP Project, reported today that PHP 4.x and 5.x were at risk from a number of vulnerabilities that could lead to denial of service attacks (define) against Web sites.

I'm sure that the patch (if one is even needed) for PHP5 users isn't far behind, especially with news like this post from Ilia stating that PHP 5.1.0 is on its last round of release candidates and should be posted soon...