We haven’t done posts for point releases since our normal release schedule is so quick, but when there is a security fix we thought you should know as soon as possible.

We have a few fastcgi fixes, a few memory leak fixes and the security vulnerability fix for CVE-2014-2208. Previously an attacker could get around escapeshellarg() using a specially crafted input. It is hard to exploit, and facebook.com wasn’t vulnerable, but you should patch your servers up just incase.

The full commit log is available for this release. Remember the branch cut is in 11 days for the next release so get your pull requests in soon!