Hi Arpad, On Tue, Aug 6, 2013 at 1:04 AM, Arpad Ray <array...@gmail.com> wrote:
> I think there really should be a vote. This means you don't really understand the true risk of this vulnerability. It allows permanent session ID fixation. This is CVE assigned vulnerability. Details are explained in the RFC and I don't want to explain fully in ML again. (We might discussed the details in secur...@php.net, but I think I wrote enough info) Please refer to the RFC. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
