Stefan Esser has posted about the release of the latest version of the Suhosin security patch for PHP - version 0.9.21.
It has been a very long time since the last Suhosin extension has been released, but today this has changed with the release of Suhosin 0.9.21. Among the changes are two new features that will protect applications that put to much trust into the SERVER variables from several XSS (and SQL injection) attacks. These features are suhosin.server.strip and suhosin.server.encode.
He details these two features and gives examples of what they protect from. You can find out more about the Suhosin patch on its website.