Una nueva version de PHP 5.2.3 fue lanzada hoy. Esta version corrige varias fallas de seguridad:

* Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)
* Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)
* Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)
* Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)
* Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
* Added mysql_set_charset() to allow runtime altering of connection encoding.
Ademas incluye las siguientes mejoras:

* Improved compilation of heredocs and interpolated strings.
* Optimized out a couple of per-request syscalls.
* Optimized digest generation in md5() and sha1() functions.

* Fixed bug #41236 (Regression in timeout handling of non-blocking SSL connections during reads and writes)
* Fixed bug #39542 (Behavior of require/include different to < 5.2.0)
* Fixed bug #41293 (Fixed creation of HTTP_RAW_POST_DATA when there is no default post handler)
* Fixed bug #41347 (checkdnsrr() segfaults on empty hostname)
* Fixed bug #41353 (crash in openssl_pkcs12_read() on invalid input)
* Fixed bug #41403 (json_decode cannot decode floats if localeconv decimal_point is not ‘.’)
* Fixed bug #41421 (Uncaught exception from a stream wrapper segfaults)
* Fixed bug #41504 (json_decode() incorrectly decodes JSON arrays with empty string keys).
* Over 40 bug fixes.

Hay una guia de ayuda para los usuarios que necesitan pasar de PHP 5.0 a 5.2: http://www.php.net/migration52