The PHP development team is proud to announce the release of PHP 5.1.3. This release combines small number of feature enhancements with a significant amount of bug fixes and resolves a number of security issues. All PHP users are encouraged to upgrade to this release as soon as possible. Some of the key changes of PHP 5.1.3 include:

Disallow certain characters in session names.
Fixed a buffer overflow inside the wordwrap() function.
Prevent jumps to parent directory via the 2nd parameter of the tempnam() function.
Enforce safe_mode for the source parameter of the copy() function.
Fixed cross-site scripting inside the phpinfo() function.
Fixed offset/length parameter validation inside the substr_compare() function.
Fixed a heap corruption inside the session extension.
Fixed a bug that would allow variable to survive unset().
Fixed a number of crashes in the DOM, SOAP and PDO extensions.
Upgraded bunbled PCRE library to version 6.6
The use of the var keyword to declare properties no longer raises a deprecation E_STRICT.
FastCGI interface was completely reimplemented.
Multitude of improvements to the SPL, SimpleXML, GD, CURL and Reflection extensions.
Over 120 various bug fixes.