Le 06/08/2017 à 00:49, Stanislav Malyshev a écrit :
> Hi!
>> https://bugs.php.net/bug.php?id=75006 has been marked as a non-security
>> bug, with the justification that unserialize() should not be fed untrusted
>> input. While we do document that unserialize() shouldn't be used on
>> untrusted input, we have always treated these as security bugs in the past.
> Not always, but sometimes we did. I think we should stop doing it, as to
> not validate the idea that unserialize can safely be used with untrusted
> data 


Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to