PHP users warned not to upgrade to 5.3.7
The PHP developers have warned users not to upgrade to the latest stable branch release of the PHP scripting language due to a serious bug. In PHP 5.3.7, a security and maintenance update from last week, the crypt() function that is used to hash a string – typically a password – fails if an MD5 salt is given as an argument. In that case, instead of returning the hashed string, the function merely returns the salt itself.
The developers note that "DES and BLOWFISH salts work as expected". Until an update that fixes the bug is made available, the developers advise users not to upgrade to 5.3.7; version 5.3.8 is expected to arrive in the next "few days".
Update 24-08-11: PHP 5.3.8 has now been released.