PHP is proud to announce TestFest 2010. TestFest is PHP's annual campaign to increase the overall code coverage of PHP through PHPT tests. During TestFest, PHP User Groups and individuals around the world organize local events where new tests are written and new contributors are introduced to PHP's testing suite.

Last year was very successful with 887 tests submitted and a code coverage increase of 2.5%. This year we hope to do better.

TestFest's own SVN repository and reporting tools are back online for this year's event. New to TestFest this year are automated test environment build tools as well as screencasts showing those build tools in action.

Please visit the TestFest 2010 wiki page for all the details on events being organized in your area, or find out how you can organize your own event.

The PHP development team is proud to announce the immediate release of PHP 5.3.2. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.

Security Enhancements and Fixes in PHP 5.3.2:

• Improved LCG entropy. (Rasmus, Samy Kamkar)
• Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
• Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)

Key Bug Fixes in PHP 5.3.2 include:

• Added support for SHA-256 and SHA-512 to php's crypt.
• Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check.
• Fixed bug #51059 (crypt crashes when invalid salt are given).
• Fixed bug #50940 Custom content-length set incorrectly in Apache sapis.
• Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long).
• Fixed bug #50723 (Bug in garbage collector causes crash).
• Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16).
• Fixed bug #50632 (filter_input() does not return default value if the variable does not exist).
• Fixed bug #50540 (Crash while running ldap_next_reference test cases).
• Fixed bug #49851 (http wrapper breaks on 1024 char long headers).
• Over 60 other bug fixes.

For users upgrading from PHP 5.2 there is a migration guide available here, detailing the changes between those releases and PHP 5.3.

Further information and downloads:

For a full list of changes in PHP 5.3.2, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/.

The PHP development team would like to announce the immediate availability of PHP 5.2.13. This release focuses on improving the stability of the PHP 5.2.x branch with over 40 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.13:

• Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
• Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. (Ilia)
• Improved LCG entropy. (Rasmus, Samy Kamkar)

Further details about the PHP 5.2.13 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

The PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.12:

• Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
• Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
• Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)
• Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas)
• Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

Further details about the PHP 5.2.12 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

The PHP development team would like to announce the immediate availability of PHP 5.3.1. This release focuses on improving the stability of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users of PHP are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.3.1:

• Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
• Added missing sanity checks around exif processing.
• Fixed a safe_mode bypass in tempnam().
• Fixed a open_basedir bypass in posix_mkfifo().
• Fixed failing safe_mode_include_dir.

Further details about the PHP 5.3.1 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.