[nycphp-talk] PHP Vulnerability
csnyder
chsnyder at gmail.com
Fri Dec 17 14:47:49 EST 2004
Looks like another Friday afternoon upgrade session for a lot of us.
According to the announcement, any code that uses unserialize() on any
values that include user input is vulnerable.
On a related note, does anyone here use Hardened-PHP?
Or as a Slashdot poster wondered earlier, is there any reason why the
Hardened-PHP patches aren't part of vanilla PHP in the first place?
chris.
More information about the talk
mailing list