On Thu, Nov 18, 2021 at 9:16 PM Sara Golemon wrote:
> The PHP development team announces the immediate availability of PHP
> 8.0.13. This is a security release fixing CVE-2021-21706.
>
>
Whoops. Apologies for the copypasta error. That CVE number is a typo and
should read CVE- 2021-21707 for
The PHP development team announces the immediate availability of PHP
8.0.13. This is a security release fixing CVE-2021-21706.
For source downloads of PHP 8.0.13 please visit our downloads page:
https://www.php.net/downloads
Windows source and binaries can be found at
In seven days, https://www.php.net/releases/8.0/en.php is going to be
obsolete.
Well, that's a harsh term, but it certainly won't reflect the current state
on the ground, and we need to decide (should have decided, weeks ago) what
we're going to do with it.
1/ Make a new announcement page for
On 18.11.2021 at 15:19, Nikita Popov wrote:
> On Thu, Nov 18, 2021 at 2:53 PM Matthew Weier O'Phinney <
> mweierophin...@gmail.com> wrote:
>
>> With Laminas, we use an email alias to allow researchers to report to us.
>> We then post the full report as a security issue on GitHub - it's a feature
On Thu, Nov 18, 2021 at 2:53 PM Matthew Weier O'Phinney <
mweierophin...@gmail.com> wrote:
>
>
> On Thu, Nov 18, 2021, 7:32 AM Nikita Popov wrote:
>
>> On Thu, Nov 18, 2021 at 2:07 PM Patrick ALLAERT
>> wrote:
>>
>> > Le mer. 17 nov. 2021 à 13:30, Christoph M. Becker a
>> > écrit :
>> > >
On 18.11.2021 at 14:53, Matthew Weier O'Phinney wrote:
> With Laminas, we use an email alias to allow researchers to report to us.
> We then post the full report as a security issue on GitHub - it's a feature
> they rolled out late 2019/early 2020 that restricts visibility to
> maintainers
On Thu, Nov 18, 2021, 7:32 AM Nikita Popov wrote:
> On Thu, Nov 18, 2021 at 2:07 PM Patrick ALLAERT
> wrote:
>
> > Le mer. 17 nov. 2021 à 13:30, Christoph M. Becker a
> > écrit :
> > > Right. An alternative might be to let users report security issues to
> > > the security mailing list,
On Thu, Nov 18, 2021 at 2:07 PM Patrick ALLAERT
wrote:
> Le mer. 17 nov. 2021 à 13:30, Christoph M. Becker a
> écrit :
> > Right. An alternative might be to let users report security issues to
> > the security mailing list, where, if the issue turns out not to be a
> > security issue, the
Le mer. 17 nov. 2021 à 13:30, Christoph M. Becker a écrit :
> Right. An alternative might be to let users report security issues to
> the security mailing list, where, if the issue turns out not to be a
> security issue, the reporter could still be asked to submit a GH issue
> about the bug. In
The PHP development team announces the immediate availability of PHP
7.3.33. This is a security release fixing CVE-2021-21707.
All PHP 7.3 users are encouraged to upgrade to this version.
For source downloads of PHP 7.3.33 please visit our downloads page.
Windows binaries can be found on the
On 18.11.2021 at 09:48, Hans Henrik Bergan wrote:
> while we're on the topic of shell_exec(), does anyone happen to know why
> shell_exec() pipes in *text mode*/binary-corruption-mode on windows?
I guess that is for historic reasons, where CRLF vs. LF really mattered
on Windows, and it's more
On Thu, Nov 18, 2021 at 08:19:36AM +, Kamil Tekiela wrote:
> Hi Luca,
>
> How will this change be reflected in its alias, the backtick operator? If
> the plan is to change the signature of shell_exec() then the backtick
> operator will not behave identically anymore. Am I correct?
>
>
On Thu, Nov 18, 2021 at 8:47 AM Luca Petrucci via internals <
internals@lists.php.net> wrote:
> Hi internals,
>
> This is a proposal to add an optional parameter &$result_code = null to
> the shell_exec() function.
>
> For clarity, the current signature is
> shell_exec(string $command):
> then the backtick operator will not behave identically anymore. Am I
correct?
yeah kindof-correct, the backtick operator would then behave identically to
giving shell_exec() only 1 argument, or null as the 2nd argument
(btw i'm the guy that made the linked bugs.php.net feature request)
while
Hi Luca,
How will this change be reflected in its alias, the backtick operator? If
the plan is to change the signature of shell_exec() then the backtick
operator will not behave identically anymore. Am I correct?
Regards,
Kamil
15 matches
Mail list logo
