PHP 4.4.2. Release Announcement
The PHP Development Team would like to announce the immediate release of PHP 4.4.2.
This is a bug fix release, which addresses some security problems too. The major points that this release corrects are:
- Prevent header injection by limiting each header to a single line.
- Possible XSS inside error reporting functionality.
- Missing safe_mode/open_basedir checks into cURL extension.
- Apache 2 regression with sub-request handling on non-Linux systems.
- key() and current() regression related to references.
This release also fixes about 30 other defects.
For a full list of changes in PHP 4.4.2, see the ChangeLog.