The PHP development team has released the latest version in the PHP 5.2.x series today - version 5.2.6:

This release focuses on improving the stability ofthe PHP 5.2.x branch with over 120 bug fixes, several of which are security related.All users of PHP are encouraged to upgrade to this release. Further details about the PHP 5.2.6 release can be found in the release announcement for 5.2.6, the full list of changes is available in the ChangeLog for PHP 5.

Security updates include prevention of a buffer overflow in FastCGI mode, an integer overflow in printf, correction for a safe_mode bypass method in cURL and the bundling of PCRE 7.6 to update the regular expression functionality of the language.

You can grab this latest release from the downloads page on PHP.net (or your favorite mirror) - both the source and the Windows binaries.

Antony Dovgal points out that Derick Rethans has added the snapshots for PHP 5.3 to the snaps.php.net website.

Short list of what you can find there: Namespaces, __callstatic() magic method, accessing static members through $foo::myFunc(), fully rewritten ini-parser with .htaccess-like user defined ini files for CGI/FastCGI, improved OpenSSL extension, PCRE 7.4, and other fixes and improvements that will never get into 5_2 branch.

He recommends teching throughly before the major release to find all of the bug before the general public does. Builds for both source and Windows systems have been posted.

Ed Finkler has pointed out a handy resource for those trying to cope with using the UTF-8 support included in several of PHP's functions - this page on the Web Application Component Toolkit wiki.

This page is intended as a reference for functionality PHP provides which can either help with handling UTF-8 or should be regarded as a risk when used in conjunction with UTF-8 encoded strings. Further information can be found on the Internationalization (I18N) and Character Sets / Character Encoding Issues pages.

It talks about the "dangerous" functionality PHP has (issues that the language has in current functions) when using things like the PCRE extension, the string extension, the array methods, handling variables, the XML extensions (DOM and SAX), image manipulation, and URL parsing functionality.