PHP 5.2.1 was released last week:
http://www.php.net/releases/5_2_1.php
The release notes are rather poor if you wish to determine what the actual impact of the security fixes are. The thing that scares me the most is this comment from Stefan Esser's blog
http://blog.php-security.org/archives/71-Month-of-PHP-Bugs-and-PHP-5.2.1.html
Today PHP 5.2.1 was released which fixes some (but not all) of the bugs I will cover in the "Month of PHP bugs". Actually the release announcement already gives a list of bugs that were fixed. As usual the release announcement gives too little information about the bugs, does describe several bugs wrongly, forgets some security bugs that were fixed, downplays the seriousness of the bugs and does not give a single line of credit.
Stefan also plans on conducting a "Month of PHP bugs" type project. I'm rather worried that this will place a great many users at risk and not solve the fundamental issue of PHP upstream not taking security seriously. No matter what happens, Red Hat will take this in stride and do whatever it takes to keep our users as secure as possible.
Security Updates
