The PHP development team is proud to announce the immediate release of PHP 5.3.2. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes. Security Enhancements and Fixes in PHP 5.3.2: Improved LCG entropy. (Rasmus, Samy Kamkar) Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen) Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia) Key Bug Fixes in PHP 5.3.2 include: Added support for SHA-256 and SHA-512 to php's crypt. Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check. Fixed bug #51059 (crypt crashes when invalid salt are given). Fixed bug #50940 Custom content-length set incorrectly in Apache sapis. Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long). Fixed bug #50723 (Bug in garbage collector causes crash). Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16). Fixed bug #50632 (filter_input() does not return default value if the variable does not exist). Fixed bug #50540 (Crash while running ldap_next_reference test cases). Fixed bug #49851 (http wrapper breaks on 1024 char long headers). Over 60 other bug fixes. For users upgrading from PHP 5.2 there is a migration guide available here, detailing the changes between those releases and PHP 5.3. Further information and downloads: For a full list of changes in PHP 5.3.2, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/.

The PHP development team would like to announce the immediate availability of PHP 5.2.13. This release focuses on improving the stability of the PHP 5.2.x branch with over 40 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.13: Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen) Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. (Ilia) Improved LCG entropy. (Rasmus, Samy Kamkar) Further details about the PHP 5.2.13 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

The Dutch PHP Conference is now in its 4th year and yet again promises a varied and inspiring few days of excellent technical content including Sebastian Bergmann, Kevlin Henney, Chris Shiflett, Ilia Alshanetsky and many other fascinating speakers and topics. The event is held in Amsterdam from 10th to 12th June 2010, for more information see the website at http://phpconference.nl - we hope you can join us in Amsterdam in June!

PHP Quebec and the ConFoo team is pleased to announce the schedule of the ConFoo Web Techno Conference. With over 130 presentations in 8 rooms, ConFoo brings you the best of Web development. The event will take place on March 8th to 12th in Montreal, at the prestigious Hilton Bonaventure Hotel. Over 100 specialists will be present at the conference to share their knowledge during talks and training. Among them will be: Rasmus Lerdorf, Terry Chay, Chris Shiflett and Morgan Tocker You would not want to miss the following presentations: HTML5: Where Are We Now? (Mark Pilgrim), Andrei's Regex Clinic (Andrei Zmievski), Security-Centered Design (Chris Shiflett) and Welcome to the Wild Wild Web (Carl Mercier) Register online before January 22nd and save 200$! Looking forward to see you at the conference.

The PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.12: Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia) Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas) Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com) Further details about the PHP 5.2.12 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

Pivot was recently approved for graduation from the Apache Incubator. Here’s Greg Brown, one of the founding members of the project, speaking with us about what Pivot is.

You can listen to it HERE, or via iTunes.

Related links:

1. Pivot website (old address, new address)

PHP London are pleased to announce the date, venue and registration availability of their 5th annual UK PHP conference, building on the success of previous events and accommodating the continual growth of the PHP community and PHP development industry. The event takes place on Friday 26th February 2010 at the Business Design Centre in the Islington area of London. Information on the venue is available on our website. Registration is now available, with an early bird discount of £20 putting the price at £100 (ex. UK VAT), available for the rest of December 2009, increasing to £110 during January 2010, whilst the standard £120 price is available now (for those that wish to significantly contribute towards the running of the conference) until either the event takes place or we run out of places - so register as soon as you can to get the best price and secure your place. Feel free to create an account on the PHP UK Conference website at and sign-up for notifications of updates to the website. Important announcements will also be made to the PHP London announcement mailing list - sign up at http://lists.phplondon.org/cgi-bin/mailman/listinfo/phplondon-announce - via which you may be receiving this message now, and you can also follow the conference on Twitter (@phpukconference - #phpuk2010) and be a fan on Facebook. We expect to announce the initial line up of talks and speakers before Christmas, whilst potential sponsors/exhibitors can find information at http://www.phpconference.co.uk/sponsors and contact the conference committee using the form at http://www.phpconference.co.uk/contact. We hope to see you at the event in 2010!

The PHP development team would like to announce the immediate availability of PHP 5.3.1. This release focuses on improving the stability of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users of PHP are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.3.1: Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. Added missing sanity checks around exif processing. Fixed a safe_mode bypass in tempnam(). Fixed a open_basedir bypass in posix_mkfifo(). Fixed failing safe_mode_include_dir. Further details about the PHP 5.3.1 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

There are a number of search-based projects at Apache, and they all center around Lucene. Grant will be giving a training class on Lucene at ApacheCon in just four weeks. Then, there’s the largest collection of search technology talks we’ve ever had at an ApacheCon. Grant talks about his training class, about Lucene, and about the related projects.

You can listen to it HERE, or at via iTunes.

Filip Hanik, who in his day job is a trainer for SpringSource (formerly Covalent), will be doing a training on Tomcat at ApacheCon this year.

I spoke with him last week about his training class, and about other content at Apachecon that complements it.

You can listen to it HERE or on iTunes.

You’re almost out of time to register for ApacheCon.

Christian Wenz will be teaching a full day tutorial on Web application security, covering both how to develop a secure web application and how to secure an existing application.

I spoke with Christian last week about his training class

You can listen to it HERE or in iTunes.

Brett Porter will be leading a training class on Maven at ApacheCon, in just over five weeks. I spoke with him last week about the training class, and about the Maven technology in general.

You can listen to it HERE, or via iTunes.

Related links:

• Maven
• ApacheCon

I’ve had a busy week of recording, and here’s what I’ve got coming in the next few days, as soon as I can get them edited.

1. Brett Porter - Maven
2. Christian Wenz - Web Application Security
3. Filip Hanik - Tomcat
4. Grant Ingersoll - Lucene

With Apachecon just a few weeks away, I’m hoping to talk with several of the folks who will be doing training classes at Apachecon.

Today I spoke with Aaron Kimball, who will be doing two days of training on Hadoop. He talks about Hadoop, and the related technologies, and what he’ll be covering in the class.

You can listen to the interview HERE, or on iTunes.

Related links:

• Hadoop
• Cloudera
• VM download mentioned in the interview