PHP 5.3.2 Released!

The PHP development team is proud to announce the immediate release of PHP 5.3.2. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.

Security Enhancements and Fixes in PHP 5.3.2:

Improved LCG entropy. (Rasmus, Samy Kamkar) Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen) Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)

Key Bug Fixes in PHP 5.3.2 include:

Added support for SHA-256 and SHA-512 to php's crypt. Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check. Fixed bug #51059 (crypt crashes when invalid salt are given). Fixed bug #50940 Custom content-length set incorrectly in Apache sapis. Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long). Fixed bug #50723 (Bug in garbage collector causes crash). Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16). Fixed bug #50632 (filter_input() does not return default value if the variable does not exist). Fixed bug #50540 (Crash while running ldap_next_reference test cases). Fixed bug #49851 (http wrapper breaks on 1024 char long headers). Over 60 other bug fixes.

For users upgrading from PHP 5.2 there is a migration guide available here, detailing the changes between those releases and PHP 5.3.

Further information and downloads:

For a full list of changes in PHP 5.3.2, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/.