PEAR is a framework and distribution system for reusable PHP components.
If you have been told by other PEAR developers to sign up for a PEAR website account, you can use this interface.
A vulnerability in the HTML_AJAX package has been found which allows arbitrary remote code execution. All versions of the package from 0.4.0 up to and including release 0.5.6 are affected by this.
An new release of the package is available which fixes this issue. One is strongly encouraged to upgrade to it by using:
$ pear upgrade HTML_AJAX-0.5.7.
Our plan is to work on a new version 1.10 that is E_STRICT and E_DEPRECATED clean and ships a couple of new features.
I’ve just released a preview of the upcoming PEAR installer version 1.9.5: PEAR 1.9.5dev1.
Version 1.9.5 will be the first release of the PEAR installer since 3 years, and thus needs quite some testing before declaring it stable. Instead of using “RC1″, we opted for “dev1″ to keep the stability below alpha, so that upgrading normal packages in alpha/beta state do not automatically give you a potentially unstable PEAR version.
You can upgrade your existing PEAR version with the following command:
$ pear upgrade PEAR-1.9.5dev1
Pre-release versions of go-pear.phar and install-pear-nozlib.phar can be temporarily be found at