Hello Stefan, > according to secunia [1], this has been fixed in 4.4.3, not in 4.4.2 > > [1] http://secunia.com/advisories/19599
I've verified that the bug is indeed marked as fixed in the 4.4.3 changelog of PHP. However, phpinfo() is a debug tool. I don't know why you would want to use it on a production system and inside a context where cookies contain security relevant information at the same time. If you ask me, this is 'important' at most. Secunia labels it as "not critical". Thijs
signature.asc
Description: This is a digitally signed message part