MarkL wrote in this morning to tell us (and you) about a pretty serious PHP security flaw discovered just recently.

A serious security flaw has been found in the upload code of PHP in v3.10-v3.18, v4.0.1-v4.1.1. Details of the flaw can be found at http://security.e-matters.de/advisories/012002.html.

PHP 4.1.2 has been released which fixes this (patches available also) at php.net.