Hi Anatol!

On 01.03.2018 at 10:44, Anatol Belski wrote:

> Hi Christoph,
> 
>> -----Original Message-----
>> From: Christoph M. Becker [mailto:cmbecke...@gmx.de]
>> Sent: Tuesday, February 27, 2018 2:36 PM
>> To: PHP Internals List <internals@lists.php.net>
>> Subject: [PHP-DEV] Status of our bundled liboniguruma
>>
>> Hi!
>>
>> I noticed that master bundles oniguruma 6.3.0[1], while oniguruma 6.7.1 has
>> already been released a month ago[2].  Is there any particular reason not to
>> update to the latest oniguruma, or has it just been forgotten?
>>
>> [1] <https://github.com/php/php-src/tree/master/ext/mbstring/oniguruma>
>> [2] <https://github.com/kkos/oniguruma/releases/tag/v6.7.1>
>
> 6.3.0 was the last containing CVE fixes which was also backported to PHP 5.6. 
> It was upgraded less than a year ago, since then quite a few versions came 
> out. For 7.3 we could for sure aim at an upgrade to the latest Oniguruma. 
> Some behavior change could be expected according to the release notes, but 
> IMO we'd be fine to try an upgrade before 7.3 starts the pre cycle. 

Thanks.  I've submitted a respective PR
(<https://github.com/php/php-src/pull/3175>).

-- 
Christoph M. Becker

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to