Hi Anatol! On 01.03.2018 at 10:44, Anatol Belski wrote:
> Hi Christoph, > >> -----Original Message----- >> From: Christoph M. Becker [mailto:cmbecke...@gmx.de] >> Sent: Tuesday, February 27, 2018 2:36 PM >> To: PHP Internals List <internals@lists.php.net> >> Subject: [PHP-DEV] Status of our bundled liboniguruma >> >> Hi! >> >> I noticed that master bundles oniguruma 6.3.0[1], while oniguruma 6.7.1 has >> already been released a month ago[2]. Is there any particular reason not to >> update to the latest oniguruma, or has it just been forgotten? >> >> [1] <https://github.com/php/php-src/tree/master/ext/mbstring/oniguruma> >> [2] <https://github.com/kkos/oniguruma/releases/tag/v6.7.1> > > 6.3.0 was the last containing CVE fixes which was also backported to PHP 5.6. > It was upgraded less than a year ago, since then quite a few versions came > out. For 7.3 we could for sure aim at an upgrade to the latest Oniguruma. > Some behavior change could be expected according to the release notes, but > IMO we'd be fine to try an upgrade before 7.3 starts the pre cycle. Thanks. I've submitted a respective PR (<https://github.com/php/php-src/pull/3175>). -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php