1st August, 2007
From security update 2007-007 released today by Apple:
PHP CVE-ID: CVE-2007-1001, CVE-2007-1287, CVE-2007-1460, CVE-2007-1461, CVE-2007-1484, CVE-2007-1521, CVE-2007-1583, CVE-2007-1711, CVE-2007-1717 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10 Impact: Multiple vulnerabilities in PHP 4.4.4 Description: PHP is updated to version 4.4.7 to address several vulnerabilities. Further information is available via the PHP web site at http://www.php.net/
I know Apple probably won't upgrade in a minor OS version bump, but here's hoping they'll include PHP 5.2 in Leopard. Until then, I'll continue to compile PHP5 myself (or grab the PHP binary from Marc Liyanage). Keeping third party software up to date is a big step towards a secure environment.