PHP 4.4.3 Security Fixes released




4. August 2006

After 6 months PHP.net has finally released a new PHP4 version which fixes a bunch of security holes, including the critical unset() vulnerability that we reported to them at the end of January.

Unfortunately this hole is not mentioned at all in the release announcement which shows how low PHP.net cares about the security of their users and how disrespectful they treat people trying to improve the security of PHP. It is a pity that they simply forget to mention the most dangerous vulnerability discovered in PHP during the last months (year).

As we expected beforehand, without our help PHP 4.4.3 came out lacking several security fixes, that could be downloaded from our site for several weeks now. Therefore we step in for the Xth time and provide our users with a separate security fix package for PHP 4.4.3. It can be downloaded from our download section.

As usual these fixes are already in the latest version of the Hardening-Patch (0.4.12)
© Hardened PHP Project