PHP 5.3.2 Released

Today, the latest version of PHP 5.3 has been released to the masses. The official announcement can found in the news archive with finer details in the changelog. Key points were outlined in the announcement, partially quoted below.

Security Enhancements and Fixes in PHP 5.3.2:

• Improved LCG entropy. (Rasmus, Samy Kamkar)
• Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
• Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)

Key Bug Fixes in PHP 5.3.2 include:

• Added support for SHA-256 and SHA-512 to php’s crypt.
• Added protection for $_SESSION from interrupt corruption and improved “session.save_path” check.
• Fixed bug #51059 (crypt crashes when invalid salt are given).
• Fixed bug #50940 Custom content-length set incorrectly in Apache sapis.
• Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long).
• Fixed bug #50723 (Bug in garbage collector causes crash).
• Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16).
• Fixed bug #50632 (filter_input() does not return default value if the variable does not exist).
• Fixed bug #50540 (Crash while running ldap_next_reference test cases).
• Fixed bug #49851 (http wrapper breaks on 1024 char long headers).
• Over 60 other bug fixes.

Other nice improvements with this version include an (almost) up-to-date PCRE library (PHP 5.3.2 includes PCRE 8.00 with the latest version being 8.01) for regular expressions and a number of nice improvements to the filter extension both of which I use very regularly.

Do you, dear reader, keep up-to-date with PHP 5.3 (or 5.2) or are you stuck with steadily aging versions due to restrictive hosting providers?