I just received an email flash from our internal security organization about a severe security exposure in just about every version of PHP (3.0 all the way up through 4.1). The details are described at http://security.e-matters.de/advisories/012002.html. According to http://www.php.net, there is a replacement version available, 4.1.2 from http://www.php.net/downloads.php They use the phrase "strongly encouraged" to describe the recommendation to upgrade. So, heads up to anyone out there who's running PHP on a system that is exposed to a potentially hostile environment.
Mark Post
