月別アーカイブ: 2016年8月

ScotlandPHP 2016

Introducing Scotland's first and best PHP conference. ScotlandPHP is a one-day conference, being held on Saturday October 29th 2016 in our nation's capital, Edinburgh. The conference venue is the super-awesome Dynamic Earth, in the spectacular surroundings of Holyrood Park and Edinburgh's historic Old Town.

There will be two tracks across the day, packed with the best speakers around and bookended by keynotes from world class speakers: Anthony Ferrara and Jessica Rose.

Visit the ScotlandPHP Conference website for further details and to purchase tickets.

ConFoo Montreal 2017 Calling for Papers

Want to get your web development ideas in front of a live audience? The call for papers for the ConFoo Montreal 2017 web developer conference is open! If you have a burning desire to hold forth about PHP, databases, JavaScript, or any other web development topics, we want to see your proposals. The window is open only from August 21 to September 20, 2016, so hurry. An added benefit: If your proposal is selected and you live outside of the Montreal area, we will cover your travel and hotel. You’ll have 45 minutes to wow the crowd, with 35 minutes for your topic and 10 minutes for Q&A. We can’t wait to see your proposals. Knock us out! ConFoo Montreal will be held on March 8-10, 2017. For those of you who already know about our conference, be aware that this annual tradition will still be running in addition to ConFoo Vancouver. Visit our site to learn more about both events.

PHP 5.6.25 is released

The PHP development team announces the immediate availability of PHP 5.6.25. This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

For source downloads of PHP 5.6.25 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

PHP 7.1.0 Beta 3 Released

The PHP development team announces the immediate availability of PHP 7.1.0 Beta 3. This release is the last beta for 7.1.0. All users of PHP are encouraged to test this version carefully, and report any bugs and incompatibilities in the bug tracking system.

THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION!

For more information on the new features and other changes, you can read the NEWS file, or the UPGRADING file for a complete list of upgrading notes. These files can also be found in the release archive.

For source downloads of PHP 7.1.0 Beta 3 please visit the download page, Windows sources and binaries can be found on windows.php.net/qa/.

The first release candidate will be released on the 1st of September. You can also read the full list of planned releases on our wiki.

Thank you for helping us make PHP better.

PHP 7.0.10 Released

The PHP development team announces the immediate availability of PHP 7.0.10. This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

For source downloads of PHP 7.0.10 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

JVN: ReadyDesk に複数の脆弱性

ReadyDesk には、SQL インジェクション、ディレクトリトラバーサル、ハードコードされた暗号鍵および任意のファイルをアップロード可能な脆弱性が存在し、結果として、機微な情報が漏えいしたり、当該ソフトウェアの権限で任意のコードを実行されたりする可能性があります。続きを読む

JVN: プロキシサーバを使った通信を行うアプリケーションに中間者攻撃 (MITM) が可能な脆弱性

HTTP CONNECT リクエスト と HTTP 407 Proxy Authentication Required レスポンスは平文で通信されるため、中間者攻撃 (man-in-the-middle attack) を受ける可能性があります。さらに、WebKit を使って作成されたアプリケーションは、HTTPS リクエスト送信先ドメインのコンテキストで、任意のスクリプトを実行される可能性があります。続きを読む

ZendCon 2016

With over 250 million PHP applications and websites driven by a global community of more than 5 million active developers, ZendCon 2016 brings you a curated selection of the best experts, training, and networking opportunities to help you become a PHP authority.

In its 12th year, ZendCon offers authoritative sessions, in-depth technical tutorials, exhibit hall activities, and informal opportunities to spotlight the best in enterprise PHP development, the latest for PHP 7, and innovations on many open source technologies related to the web.

Experience web development with the very best to accelerate great PHP.

Register Now at http://www.zendcon.com/register-now

SunshinePHP 2017 CFP Started

We are happy to announce the CFP for SunshinePHP 2017 has launched at https://cfp.sunshinephp.com where we will accept talk submissions until September 30th, 2016.

SunshinePHP hit it's 5th year and will happen from February 2nd to 4th, 2017 in sunny Miami, Florida. As one of the largest community conferences in the U.S. there is no doubt the schedule will be amazing this year. We will have a full tutorial day featuring 3-hour sessions followed by 2 days of 1-hour talks and inspirational keynotes.

Ticket sales will start soon at SunshinePHP.com

Weekly Report: プロキシ自動設定ファイル (proxy.pac) を使用するブラウザに情報漏えいの脆弱性

プロキシ自動設定ファイル (proxy.pac) を使用するブラウザには情報漏えいの脆弱性があります。結果として、遠隔の第三者が、悪意ある proxy.pac ファイルを使用させることで、情報を取得する可能性があります。続きを読む

PHP 7.1.0 Beta 2 Released

The PHP development team announces the immediate availability of PHP 7.1.0 Beta 2. This release is the second beta for 7.1.0. All users of PHP are encouraged to test this version carefully, and report any bugs and incompatibilities in the bug tracking system.

THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION!

For more information on the new features and other changes, you can read the NEWS file, or the UPGRADING file for a complete list of upgrading notes. These files can also be found in the release archive.

For source downloads of PHP 7.1.0 Beta 2 please visit the download page, Windows sources and binaries can be found on windows.php.net/qa/.

The third and last beta will be released on the 18th of August. You can also read the full list of planned releases on our wiki.

Thank you for helping us make PHP better.

JVN: Intel Crosswalk Project に SSL サーバ証明書の検証が行われなくなる脆弱性

Intel Crosswalk Project は、Android および iOS 向けのハイブリッドアプリを開発するためのフレームワークです。Crosswalk Project には、不正な SSL サーバ証明書をユーザが許可した際の処理に問題があり、アプリによるそれ以降の SSL サーバ証明書すべての検証が阻害される可能性があります。続きを読む