Rasmus Lerdorf wrote: > Sebastian Bergmann wrote: > >>Zeev Suraski schrieb: >> >> >>>If there are no stoppers I'd like to release it towards the end of the >>>week. >> >> >> Maybe the bundled PCRE should be updated: >> http://www.securitytracker.com/alerts/2005/Aug/1014744.html > > > Yes, and the whole reason for this release is to stop distributing a > vulnerable version of XML_RPC. The version in the tarball is 1.3.1 and > we want 1.4.0.
We didn't update PHP_5_0 with the changes to PEAR 1.3.6, I will probably have time to do this later today, otherwise tomorrow. Greg P.S. if anyone else has the time now, they should simply sync package-PEAR.xml, go-pear-list.php, and XML_RPC-1.4.0.tar from the PHP_5_1 branch and it should be good to go. Don't forget to remove XML_RPC-1.3.1.tar Greg -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
