PHP 5.1.3 Released [01-May-2006] The PHP development team is proud to announce the release of PHP 5.1.3. This release combines small number of feature enhancements with a significant amount of bug fixes and resolves a number of security issues. Some of the key changes of PHP 5.1.3 include: Disallow certain characters in session names. Fixed a buffer overflow inside the wordwrap() function. Prevent jumps to parent directory via the 2nd parameter of the tempnam() function. Enforce safe_mode for the source parameter of the copy() function. Fixed cross-site scripting inside the phpinfo() function. Fixed offset/length parameter validation inside the substr_compare() function. Fixed a heap corruption inside the session extension. Fixed a bug that would allow variable to survive unset(). Fixed a number of crashes in the DOM, SOAP and PDO extensions. Upgraded bundled PCRE library to version 6.6 The use of the var keyword to declare properties no longer raises a deprecation E_STRICT. FastCGI interface was completely reimplemented. Multitude of improvements to the SPL, SimpleXML, GD, CURL and Reflection extensions. Over 120 various bug fixes.
A critical bug with $_POST array handling as well as the FastCGI sapi have been discovered in PHP 5.1.3. A new PHP release 5.1.4 is now available to address these issues. All PHP users are encouraged to upgrade to this release as soon as possible. Some details for curious developers