Hi, To come back to this thread: THe version that CentOS Testing is providing is a version from 2008: php-5.2.6-2.el5s2.i386.rpm 16-Sep-2008 01:20 1.2M http://dev.centos.org/centos/5/testing/i386/ The latest version from Red Hat is: http://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/php-5.2.10-1.el5s2.src.rpm Is it possible the CentOS Testing PHP (and perhaps others) packages aren't up to date and people using the CentOS Testing repo have an outdated and vulnerable PHP version running? Kind regards, Michiel