On 01.03.2018 at 10:44, Anatol Belski wrote:
> Hi Christoph,
>> -----Original Message-----
>> From: Christoph M. Becker [mailto:cmbecke...@gmx.de]
>> Sent: Tuesday, February 27, 2018 2:36 PM
>> To: PHP Internals List <firstname.lastname@example.org>
>> Subject: [PHP-DEV] Status of our bundled liboniguruma
>> I noticed that master bundles oniguruma 6.3.0, while oniguruma 6.7.1 has
>> already been released a month ago. Is there any particular reason not to
>> update to the latest oniguruma, or has it just been forgotten?
>>  <https://github.com/php/php-src/tree/master/ext/mbstring/oniguruma>
>>  <https://github.com/kkos/oniguruma/releases/tag/v6.7.1>
> 6.3.0 was the last containing CVE fixes which was also backported to PHP 5.6.
> It was upgraded less than a year ago, since then quite a few versions came
> out. For 7.3 we could for sure aim at an upgrade to the latest Oniguruma.
> Some behavior change could be expected according to the release notes, but
> IMO we'd be fine to try an upgrade before 7.3 starts the pre cycle.
Thanks. I've submitted a respective PR
Christoph M. Becker
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php