PHP 5.1.3 Released
[01-May-2006] The PHP development team is proud to announce the release of PHP 5.1.3. This release combines small number of feature enhancements with a significant amount of bug fixes and resolves a number of security issues. Some of the key changes of PHP 5.1.3 include:

Disallow certain characters in session names.
Fixed a buffer overflow inside the wordwrap() function.
Prevent jumps to parent directory via the 2nd parameter of the tempnam() function.
Enforce safe_mode for the source parameter of the copy() function.
Fixed cross-site scripting inside the phpinfo() function.
Fixed offset/length parameter validation inside the substr_compare() function.
Fixed a heap corruption inside the session extension.
Fixed a bug that would allow variable to survive unset().
Fixed a number of crashes in the DOM, SOAP and PDO extensions.
Upgraded bundled PCRE library to version 6.6
The use of the var keyword to declare properties no longer raises a deprecation E_STRICT.
FastCGI interface was completely reimplemented.
Multitude of improvements to the SPL, SimpleXML, GD, CURL and Reflection extensions.
Over 120 various bug fixes.

Few bugs fixed, there are more bugs here.

Just joking. Yes, we will update some sunny day. :)

A critical bug with $_POST array handling as well as the FastCGI sapi have been discovered in PHP 5.1.3. A new PHP release 5.1.4 (http://www.php.net/downloads.php) is now available to address these issues. All PHP users are encouraged to upgrade to this release as soon as possible.
Some details for curious developers (http://sb2.info/better/solutions/technology/php/serious-problems-with-_post-array-handling-in-recently-released-php-513/)

Already followed up with 5.1.4

A critical bug with $_POST array handling as well as the FastCGI sapi have been discovered in PHP 5.1.3. A new PHP release ...is now available to address these issues. All PHP users are encouraged to upgrade to this release as soon as possible.
...
Hehe, what I said in my post above. :D