Ну что сказать — хорошо что исправляют много чего. Плохо то что ошыбок очень много в PHP.
Собственно что там новенького и что исправили. Перевод не буду здесь писать, так как тем кому оно надо и так все ясно и понятно:
Security Enhancements and Fixes in PHP 5.2.7:
- Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)
- Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz.
- Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz.
- Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
- Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
- Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
- Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660)
- Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829)
Key enhancements in PHP 5.2.7 include:
- Fixed several memory leaks inside the readline and sqlite extensions
- A number of corrections relating to date parsing inside the date extension
- Fixed bugs relating to data retrieval in the PDO extension
- A series of crashes in various areas of code were resolved
- Several corrections were made to the strip_tags() function in terms of < and <?XML handling
- A number of bugs were fixed in extract() function when EXTR_REFS flag is being used
- Added the ability to log PHP errors to the SAPI (Ex. Apache log) logging facility
- Over 170 bug fixes.
Взято с http://www.php.net/releases/5_2_7.php
