Ben Ramsey has a new blog post that mentions a move for the PHP User Group mailing list - putting it official on the php.net services.

You may recall PHP Groups being created over a year ago for the purpose of networking together the leaders and organizers of PHP user groups around the world. I've been very bad about keeping things moving on this front, but I want to pick things back up and get us talking again.

If you'd like to subscribe to the list, send an email to ug-admins-subscribe [at] lists.php.net. If you don't want to subscribe but still want to keep track of what's happening, point your news reader to news://news.php.net/ug.admins.

In an effort to keep things a bit more secure (after finding out about this) the symfony team has officially released their own security policy to help prevent issues like that in the future.

You may be wondering why it has been taking us such a long time to react. Here's the main reason: we had not a very strong security alert reporting and qualifying process. This has been fixed recently. So as of now, if you find a security bug in symfony, please send an email to security at symfony-project.com, with as much details as you can and ideally a patch if you can provide one.

The wiki has a whole section on how to report security issues to get them to the right place.

As per this announcement on the Zend Developer Zone website, the Zend Framework group has released the latest version of their application framework - Zend Framework 1.5.

Zend Technologies, Inc., the PHP Company, today announced the availability of version 1.5 of Zend Framework, the popular open source PHP framework [...] Additional features in Zend Framework 1.5 include support for several new services and enhancements to already popular features that make building modern web sites easier and faster than ever.

Updates include changes to Zend_Form, Zend_Layout, the LDAP authentication component, an update to the Lucene support, more Ajax functionality and much more. There's also a new service Zend has launched to provide more "official support" for developers/companies using the framework. You can find out more information about the service here.

Richard Thomas has officially released his first version of his jQPie software he's been developing.

Svn code had some issues in IE, this has been cleared up. New dynamic table sorter added and overall code cleaned up. Table sorter was redone from the ground up and is now a complete rewrite from my original demo code I used as the base.

He's looking for other developers out there that are interested in making the port of the PHP part to other languages (the "slices of pie" to make it portable). If you're interested, go grab the latest version from his SVN repository.

According to this note from Christian Stocker on the BitFlux blog, the upload progress meter (using the new file upload hooks introduced in recent PHP versions) has finally been included, officially, into PECL.

After some tweaking, code improvements and remote code execution vulnerability fixes, I finally put the uploadprogress extension into PECL.

Windows users might be out of luck for a while though, since Christian's not pursuing binaries for the package. However, the source is there, and anyone is more than welcome to try...

Dan Scott has an announcement today about the official release of his File_MARC PEAR package, version 0.1.0 alpha.

What does this mean? Well, assuming you have PHP 5.1+ and PEAR installed, you can now download and install File_MARC and its prerequisite with a simple command. I've also imported the File_MARC source into the PEAR CVS repository, so you can poke and prod and provide patches.

He notes some of the changes he wants to make before things hit version 1.0, including MARCXML support.

Joshua Eichorn has posted the official contest rules for the WebThumb Contest announced a short while back.

The contest runs until November 30th, and the top 5 submitters will all win upgraded WebThumb accounts. The top submitter will also win a copy of my book, Understanding AJAX.

Since previously, all that was required was a comment on this blog entry, people who've posted there need to listen up - an official submission needs to be made. Check out this page for the complete rules and all of the information you need to include in the submission email.

In light of the recent release of the "Underground PHP and Oracle Manual" from the folks over at Oracle, Dan Scott has posted his own note about a pet project of his along the same lines - official task-oriented documentation for the pairing of DB2 and PHP.

By "task-oriented" I mean that, instead of documenting a set of objects and methods, the docs take the perspective of a developer and describe how to accomplish specific tasks (like "Connecting to a DB2 database from PDO" or "Calling a stored procedure" or "Retrieving multiple result sets"). I hope it works as both a good introduction to PHP development for DB2 users, and a good introduction to DB2 for PHP developers. And, of course, the same approach will work for Apache Derby databases as well.

He notes that he also finds it interesting that the Oracle folks went with the "underground" method of documenting its relationship to PHP, while the IBM documentation is integrated right in.

The PHP group has officially released the latest update in the PHP 5.1.x series today - PHP 5.1.4, a bugfix release to take care of the $_POST array handling problem from 5.1.3.

A critical bug with $_POST array handling as well as the FastCGI sapi have been discovered in PHP 5.1.3. A new PHP release 5.1.4 is now available to address these issues. All PHP users are encouraged to upgrade to this release as soon as possible.

Further details about this release can be found in the release announcement and the full list of changes is available in the PHP 5 ChangeLog.

Due to the wide-spread nature of this bug, updating to this latest version would be a very good idea. There are a few other bugs that were fixed in the release as well including issues with the FastCGI sapi, a fix to a possible crash in hightlight_string, cloning of DOM Documents and Noded, and several fixes to the PDO ODBC driver.

You can download this latest update here.

In conjection with the release of PEAR 1.4.9 as previously mentioned, Greg Beaver wants to clarify some things when it comes to setting up a PEAR channel in "the official way" and with the correct pakcages.

There has been quite a bit of confusion recently due to the best resource for setting up a channel being located on Toby's blog, and now being quite a few versions out of date. First of all, let it be known that the PEAR_Server package located at pear.chiaraquartet.net has been superseded by the Chiara_PEAR_Server package at pear.chiaraquartet.net.

The rest of the post is concerned with his checklist and step-by-step guide to getting and setting up the needed software. It's the whole process, right down to creating a nice frontend for the users and how to test your channel to ensure it's properly set up.

It's definitely the definitive guide to setting up a PEAR channel correctly.