Commit: 169b78eb79b0e080b67f9798708eb3771c6d0b2f Author: Stanislav Malyshev <s...@php.net> Sun, 4 Aug 2013 20:04:42 -0700 Parents: 6f73a0c00f0577313897e455f6fd729cfaa97f3b Branches: master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=169b78eb79b0e080b67f9798708eb3771c6d0b2f Log: add news about session fix Changed paths: M NEWS M UPGRADING Diff: diff --git a/NEWS b/NEWS index 82d4ca1..d275185 100644 --- a/NEWS +++ b/NEWS @@ -28,6 +28,11 @@ PHP NEWS . Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for some specific contents). (Stas) +- Sessions: + . Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions) + which protects against session fixation attacks and session collisions. + (Yasuo Ohgaki) + - SOAP: . Fixed bug #65018 (SoapHeader problems with SoapServer). (Dmitry) diff --git a/UPGRADING b/UPGRADING index 14e19aa..024a560 100755 --- a/UPGRADING +++ b/UPGRADING @@ -412,6 +412,11 @@ None ext/mysqli to be used with the new auth protocol, although at coarser level. +- Sessions: + - Added session.use_strict_mode in 5.5.2, which prevents session + fixation attacks and session collisions. + See also https://wiki.php.net/rfc/strict_sessions + - Zend OPcache (See http://php.net/manual/en/book.opcache.php) - Added the following directives: - opcache.enable (default "1") -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php