PHP 4.4.2. Release Announcement
The PHP Development Team would like to announce the immediate release of PHP 4.4.2.
This is a bug fix release, which addresses some security problems too. The major points that this release corrects are:
Prevent header injection by limiting each header to a single line. Possible XSS inside error reporting functionality. Missing safe_mode/open_basedir checks into cURL extension. Apache 2 regression with sub-request handling on non-Linux systems. key() and current() regression related to references.
This release also fixes about 30 other defects.
For a full list of changes in PHP 4.4.2, see the ChangeLog.
