NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP Vulnerability

csnyder chsnyder at gmail.com
Fri Dec 17 14:47:49 EST 2004


Looks like another Friday afternoon upgrade session for a lot of us.
According to the announcement, any code that uses unserialize() on any
values that include user input is vulnerable.


On a related note, does anyone here use Hardened-PHP?

Or as a Slashdot poster wondered earlier, is there any reason why the
Hardened-PHP patches aren't part of vanilla PHP in the first place?

   chris.



More information about the talk mailing list