Commit: e59143e8966c0b6aa07ca72b6ad27f64baad0a01 Author: Stanislav Malyshev <s...@php.net> Sun, 4 Aug 2013 20:04:42 -0700 Parents: 6f73a0c00f0577313897e455f6fd729cfaa97f3b Branches: PHP-5.5 master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=e59143e8966c0b6aa07ca72b6ad27f64baad0a01 Log: add news about session fix Changed paths: M NEWS M UPGRADING Diff: diff --git a/NEWS b/NEWS index 82d4ca1..c01b43e 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,12 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| +?? ??? 2013, PHP 5.5.3 + +- Sessions: + . Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions) + which protects against session fixation attacks and session collisions. + (Yasuo Ohgaki) + ?? ??? 2013, PHP 5.5.2 - Core: diff --git a/UPGRADING b/UPGRADING index 14e19aa..4985665 100755 --- a/UPGRADING +++ b/UPGRADING @@ -412,6 +412,11 @@ None ext/mysqli to be used with the new auth protocol, although at coarser level. +- Sessions: + - Added session.use_strict_mode in 5.5.3, which prevents session + fixation attacks and session collisions. + See also https://wiki.php.net/rfc/strict_sessions + - Zend OPcache (See http://php.net/manual/en/book.opcache.php) - Added the following directives: - opcache.enable (default "1") -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php