The PHP group has officially announced the availability of the final release of the PHP4 series for the language - PHP 4.4.9.

The PHP development team would like to announce the immediate availability of PHP 4.4.9. It continues to improve the security and the stability of the 4.4 branch and all users are strongly encouraged to upgrade to it as soon as possible. This release wraps up all the outstanding patches for the PHP 4.4 series, and is therefore the last PHP 4.4 release.

Issues corrected by this release include an upgrade to the PCRE version, a crash bug in imageloadfont and the open_basedir handling in the curl extension. You can download this latest release from downloads page on the PHP.net website.

In a new post today Dhiraj Patra shares some tips on making your PHP applications as scalable as they need to be.

The first part of this article, "Real-World PHP Security", appeared in the April 2004 issue of Linux Journal and covered the subject of secure PHP development. This article takes you, the professional PHP developer, one step further, by providing detailed explanations and reliable source code that illustrate the steps to follow in order to develop successful PHP applications.

He mentions some key issues - like keeping a clean environment and correctly using database connectivity - that can keep your application running smoothly.

Rochak Chauhan has come up with a list of ten things, some security problems that could be lurking in your applications waiting to pop up at the worst time. Here's his list:

• Unvalidated Parameters
• Broken Access Control
• Broken Account and Session Management
• Cross-Site Scripting (XSS) Flaws
• Buffer Overflows
• Command Injection Flaws
• Error Handling Problems
• Insecure Use of Cryptography
• Remote Administration Flaws
• Web and Application Server Misconfiguration

Each item on the list has a bit of detail (and sometimes some code) to help point out the problem. Some of them even have references to external sources and packages to help you solve the problems.

On the NETTUTS.com website, there's a great article with some "essential security considerations" that you can use to see just how hackable your site could be.

This article walks through the brainstorming stage of planning for what is in this instance, a hypothetical user-centric web application. Although you won't be left with a complete project '" nor a market ready framework, my hope is that each of you, when faced with future workloads, may muse on the better practices described. So, without further ado...Are you sitting comfortably?

The tutorial is broken up into a few sections based around an example with a few points of failure (about book information). They work through the thought process behind the code, using the $_REQUEST variables correctly, preventing SQL injections, filtering the HTML output and a sample code download for you to see how it's all tied together.

As Ivo Jansch pointed out yesterday it's a month until the fateful day that PHP4 will officially die:

It's July the 8th. Today I realized that we're exactly one month away from 8-8-8, the final blow to PHP4.

August 8th marks the point when nothing (at all) will be done to any version of PHP4 again. Full support ended back in December of 2007 with no new versions being released. 8-8-08 marks the end of that as well and PHP4 developers that discover bugs may not be able to get them fixed.

Ivo sums it it perfectly:

I'm not trying to scare you. No wait, I am. Don't let 8-8-8 become the PHP community's 6-6-6 and abandon PHP4 while you still can.

In this new tutorial from PHPFreaks.com they talk about a subject that should be near and dear to every PHP developer's heart - application security.

The problem is that most people forget one of the most important aspects that one must consider when writing PHP applications. Many beginners forget the security aspect of PHP. Generally, your users are nice people, they will do as they are told and you will have no problem with these people whatsoever. However, some people are not quite as nice.

They've included some tips to help protect you and your application from these "not quite as nice" users hanging out on your site. They talk about:

• Error reporting
• SQL injections
• Cross-site scripting
• Outside file access
• Remote file inclusion
• Session security
• Cross-site request forgery
• Directory traversal

Each topic explains what it is, how it can be used against you and what you can do to help stop it on your site (including example code).

Zend has another great webinar coming up this Wednesday covering security in PHP applications hosted by Kevin Schroeder.

Security is not just important when you are doing financial transactions - an insecure Web site can be used by others for malicious purposes to launch attacks against other Web sites. There are a few must-knows for anyone who ventures out into the world of PHP Web development. In this webinar, Zend's Kevin Schroeder will focus on the absolute necessities when doing secure Web development.

You can register now and you'll be sent an email on where to go and when you can log in to get in on the conference. The webinar will be happening on July 2nd at 9am PDT/4pm GMT and will last for about an hour.

The CodeIgniter framework has made a new release today, 1.6.3, containing updates to fix a few bugs and address some security concerns.

We are happy to release CodeIgniter version 1.6.3 today. Version 1.6.3 is primarily a maintenance release, with a variety of bug fixes and some refinement to existing features (with a few new ones tossed in for good measure). Details of course can be found in the Change Log.

The release also fixes a potential cross-site scripting issue that, while it hasn't been reported as used yet, could still have some bad consequences if found and abused. You can grab this latest version from the CodeIgniter downloads page.

The Zend Developer Zone has posted a book review of an Packt book, "Building Websites with Joomla! 1.5" (by Hagen Graf - the book, not the review):

The book is a tutorial guide to Joomla! 1.5 and was already written and published during the development of Joomla! 1.5. This is the final version and it aims for "web developers, designers, webmasters, content editors and marketing professionals" and is suitable for anyone starting out with Joomla! 1.5, for people who upgrade to Joomla 1.5 and for those who just want a good printed guide/manual at hand.

The review steps through the chapters, highlighting points of interest and the wrapup uses terms like "great instructional value", "very passionate about Joomla!" and the fact that the only thing the reviewer sees missing of a chapter about security.

Felix Geisendorfer has posted an announcement that the latest Release Candidate for the CakePHP has been released (another step closer to 1.2) - version 1.2RC1.

Sorry about the long delay. But CakePHP 1.2 RC1 is out and as sweet as it can be.

Updates in this release include over eight hundred commits, one hundred plus bug fixes and lots of new security features and additional functionality. Check out the Changelog for the updates or just grab your own Cake from the downloads section.