The PHP development team is proud to announce the release of PHP 4.4.3. This release combines small number of bug fixes and resolves a number of security issues. Some of the key changes of PHP 4.4.3 include: Disallow certain characters in session names. Fixed a buffer overflow inside the wordwrap() function. Prevent jumps to parent directory via the 2nd parameter of the tempnam() function. Improved safe_mode check for the error_log() function. Fixed cross-site scripting inside the phpinfo() function. Fixed offset/length parameter validation inside the substr_compare() function. Upgraded bundled PCRE library to version 6.6 Over 20 various bug fixes. Further details about this release can be found in the release announcement and the full list of changes is available in the PHP 4 ChangeLog.

Source: http://www.php.net/downloads.php#v4