PHP 4.4.2. Release Announcement

The PHP Development Team would like to announce the immediate release of PHP 4.4.2.

This is a bug fix release, which addresses some security problems too. The major points that this release corrects are:

• Prevent header injection by limiting each header to a single line.
• Possible XSS inside error reporting functionality.
• Missing safe_mode/open_basedir checks into cURL extension.
• Apache 2 regression with sub-request handling on non-Linux systems.
• key() and current() regression related to references.

This release also fixes about 30 other defects.

For a full list of changes in PHP 4.4.2, see the ChangeLog.