A new PHP 5.1.3 have been released, a combination of small number of feature enhancements with a significant amount of bug fixes and resolves a number of security issues. All PHP users are encouraged to upgrade to this release as soon as possible. Some of the key changes of PHP 5.1.3 include:

* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the tempnam() function.
* Enforce safe_mode for the source parameter of the copy() function.
* Fixed cross-site scripting inside the phpinfo() function.
* Fixed offset/length parameter validation inside the substr_compare() function.
* Fixed a heap corruption inside the session extension.
* Fixed a bug that would allow variable to survive unset().
* Fixed a number of crashes in the DOM, SOAP and PDO extensions.
* Upgraded bunbled PCRE library to version 6.6
* The use of the var keyword to declare properties no longer raises a deprecation E_STRICT.
* FastCGI interface was completely reimplemented.
* Multitude of improvements to the SPL, SimpleXML, GD, CURL and Reflection extensions.
* Over 120 various bug fixes.

More details on the ChangeLog