PHP fixes its encryption problem

USERS OF the web scripting language PHP that were warned yesterday not to update the software have now been given the go-ahead by the developers with a replacement upgrade.

Yesterday, thanks to a faulty encryption component that failed to encrypt data, the PHP Group advised, as did security organisation the Sans Institute, that users resist their immediate temptation to update to PHP version 5.3.7, which was released on 18 August, and wait instead for the PHP 5.3.8 update.

Today, and earlier than expected, the group alerted users that it was releasing the PHP 5.3.8 update and had fixed the critical encryption bug as well as one other that could have caused SSL connections to hang.

The earlier release, PHP version 5.3.7, fixed many more issues and included 90 bug fixes and performance enhancements as well as at least six security updates, except of course the obvious one that caused the replacement update.

The group added that the PHP 5.2 series is no longer supported and urged all users to upgrade to PHP 5.3.8. µ