This latest release, straight from the horse's mouth, or in this case, php.net, "is a maintenance release that addresses a serious memory corruption problem within PHP concerning references. If references were used in a wrong way, PHP would often create memory corruptions which would not always surface and be visible. The increased middle digit was required because the fix that corrected the problem with references changed PHP's internal API. PHP 4.4.0 does not have any new features, and is solely a bugfix release." So there you have it. For downloads, go to http://www.php.net/downloads.php#v4
In light of the recent spotlight on PHP/PEAR security, Alan Knowles offers some handy-dandy tips for keeping your own site and server secure from whomever might be trying to have a look inside. He also gives us an entertaining diddy about a cracker that gained access to his server and what logs can show you. For the full story, take a peek at his blog entry, http://www.akbkhome.com/blog.php/View/94/Security%2C+How+not+to+react.....html
Chris Shiflett also discusses the recent focus on security and ethical considerations therein; he offers a very interesting blog post on initializing variables and the security risks associated with not performing this practice. You can read his full blog post at http://shiflett.org/archive/128.
If you're having a bad day, remember that somewhere out there someone is having a worse one. The developers of phpBB have been effectively dealing with security issues in recent weeks, but it seems that some web hosts aren't taking any more chances. According to Netcraft (http://news.netcraft.com/archives/2005/07/08/hosts_ban_phpbb_as_security_issues_persist.html)
some web hosts are discontinuing their installation of this popular blogging package, making their servers more secure, but making life difficult for a whole lot of people. The developers of phpBB have addressed this issue (http://www.phpbb.com/phpBB/viewtopic.php?t=304052
) but you may want to make sure your host hasn't jumped on the bandwagon.
php | architect has announced its schedule for the upcoming php | works - web | works Conference, September 18-21, 2005. With names such as Rasmus Lerdorf, Chris Shiflett, Derick Rethans, John Coggleshall, Ilia Alshanetsky, Lukas Smith, Marcus Böerger, George Schlossnagle, Wez Furlong, Daniel Udey, Robert Reinhardt, Paul Reinheimer, Ron Harwood, and Dan Scott (and that's just the PHP side of things) - the toughest thing you'll have to do is decide which sessions you are going to attend. For the full schedule, visit php|architect's site at http://www.phparch.com/phpworks/schedule.php
Drupal needed help and you heeded the call. Raising over $9200 in donations, you will keep the mighty Drupal alive by allowing them to buy a new server and make numerous other upgrades to their infrastructure. Read all about Drupal's plight and how they escaped, and then get that warm fuzzy feeling by going to their website: http://www.drupal.org/
I would be remiss in my duties if I didn't include what's new at PEAR and
PECL. Recent PEAR releases include:
- Cache_Lite 1.5.1 - cache system
- PHPUnit2 2.3.0beta3 - Regression testing framework for unit tests.
- DB_DataObject 1.7.15 - An SQL Builder, Object Interface to Database Tables
- XML_RPC 1.3.2 - PHP implementation of the XML-RPC protocol
- LiveUser 0.16.1 - User authentication and permission management framework
And for PECL, we had:
- APC - Alternative PHP Cache
- newt - Extension for RedHat Newt window library
- runkit - allows you to replace, rename, and remove user defined functions and classes,
define customized superglobal variables for general purpose use, and
execute code in restricted environment (sandboxing).
- ssh2 - Bindings for the libssh2 library
As always, you can download or learn more about these packages at http://pear.php.net/ and http://pecl.php.net/.