A few days ago, the PHP Group released PHP 5.3.2. It fixes severe security issues and some other bugs :
The PHP development team is proud to announce the immediate release of PHP 5.3.2. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.
Security Enhancements and Fixes in PHP 5.3.2:
- Improved LCG entropy. (Rasmus, Samy Kamkar)
- Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
It is now available on Dotdeb (still on a separate repository) with the following changes :
- id3 and mailparse PECL extensions have been removed from the repository. If some of them were useful to you, please let me know. Don’t forget that there”s an easy way to package PECL extensions by yourself
- the memcache extension has been downgraded to v3.0.3 because of a bug in the session redundancy
- php5-fpm is now an alternative dependency og the php5 meta-package
As usual, please read the release announcement and the full Changelog before upgrading. If you’re migrating from PHP 5.2, you can also take a look at migration guide.
[Update] The packages have been updated to fix a MySQL connection issue. The geoip PECL extension is back.