Update to PHP includes key security bug fixes

AN UPDATED VERSION of PHP, the free HTML-embedded scripting language used by developers to write webpages, is available.

PHP version 5.3.6 includes over 60 bug fixes, most of them focused on improving stability, but some security related. The security issues it fixes include a format-string vulnerability in Phar, an integer overflow in shmop_read, a buffer overrun with high values for precision ini setting, and a crash on crafted tag in exif.

Key enhancements include an upgrade of bundled SQlite 3 to version 3.7.4, an upgrade of bundled PCRE to version 8.11, the added ability to connect to HTTPS sites through a proxy with basic authentication, and added options to debug backtrace functions.

The development team warned PHP users that the PHP 5.2 series isn't supported anymore, and that all users are strongly encouraged to upgrade to this latest update. You can take a look at the full list of PHP 5.3.6 changes here, while the source code for PHP 5.3.6 can be downloaded for free from the PHP development team website.

PHP can be deployed on most web servers and is already installed on millions of servers and websites. Created around 15 years ago, it is free software that is especially suited for web development. A major new version of PHP had been proposed, but last year the PHP 6 trunk was moved to a branch. µ