Cheery picked into 7.1
Cheers
Joe
On Mon, 11 Mar 2019 at 17:35, Christoph M. Becker wrote:
> On 19.02.2019 at 02:16, Stanislav Malyshev wrote:
>
> >> In my opinion, adding this ini setting to PHP-7.4 is a no brainer, but I
> >> suggest that we backport it to PHP-7.2 as well.
> >
> > I don't
On 19.02.2019 at 02:16, Stanislav Malyshev wrote:
>> In my opinion, adding this ini setting to PHP-7.4 is a no brainer, but I
>> suggest that we backport it to PHP-7.2 as well.
>
> I don't see a reason why not - if the option is useful for improving
> security/stability, let's backport it. If
Hi!
> In my opinion, adding this ini setting to PHP-7.4 is a no brainer, but I
> suggest that we backport it to PHP-7.2 as well.
I don't see a reason why not - if the option is useful for improving
security/stability, let's backport it. If it's security related, maybe
even to 7.1 since it's
Thanks Christoph!
Just to be clear, this patch doesn't prevent security issues if you
don't update your SQLite3 library, it just implements a new option
available in newer SQLite versions which will prevent arbitrary changes
to the internals of a SQLite database only if you SQLite3 library is
Hi!
You may have heard about the so called “Magellan vulnerabilities”[1]
which potentially affect scripts which allow untrusted users to execute
almost arbitrary SQL queries. BohwaZ provided a pull request[2] which
introduces an ini setting which enables defenses built-in to SQLite ≥
3.26.0