The first RC of 5.2.4 was just released and is now available for download here: http://downloads.php.net/ilia/php-5.2.4RC1.tar.bz2 (md5sum: 43e28d2aa55b6c8bcd67da16e24b225a) This release have been long in the making so the changelog is a bit intimidating, so we definitely need a lot of testing for this release. I would like to ask everyone to give this RC a shot and see how it behaves with their code and hopefully not find any regressions. If you do find any, please let us know.

I've been so busy last few weeks I didn't get a chance to blog about the acceptance of my talk for ZendCon. So, here it is now, better late then never. This year has been quite busy in terms of security when it comes to PHP, the language and many changes were done to make the language better when it comes to security. The talk will try to summarize the many happenings in the PHP security world in to a quick one hour talk, so it should be quite an interesting challenge :)

A little less then a month had passed and we have a new PHP 5 release, 5.2.3 that can downloaded here. As with the prior patch level releases in 5.2.branch, the work continued on improving stability (over 40 bug fixes) and security with a 6 additional security fixes and improvements added. Also, this version contains a few optimizations that hopefully will make this the fastest 5.2 release yet, with improvements in string processing, md5()/sha1() generation and few less syscalls per request. The official release announcement can be found here and the nitty gritty details can be seen in the ChangeLog. I am also happy to say that two regressions introduced by prior releases were addressed, relating to timeouts on non-blocking SSL connection as well as lack of HTTP_RAW_POST_DATA under certain conditions.

Thanks to the surprisingly well working wifi at the moment the slides from the PHP Security pitfalls are now available can be downloaded here. I hope everyone who had been present at the talk had found something interesting that will help them improve the security of their code.

The two tutorials at php|tek went rather well, I am still surprised my voice held up for 6 hours of talking. The slides in PDF form can be found below: Securing PHP Applications PHP & Performance