Early Bird Ticket Sale for PHPConf.Asia 2016

PHPConf.Asia 2016 is happening in Singapore on 22-24 August 2016. Tutorial Day on 22 Aug. 2 day single track conference on 23 and 24 August.

Keynote Speakers: Davey Shafik (@dshafik) and Samantha Quiñones (@ieatkillerbees)

Early …

PHP 5.6.24 is released

The PHP development team announces the immediate availability of PHP
5.6.24. This is a security release. Several security bugs were fixed in
this release.

All PHP 5.6 users are encouraged to upgrade to this version.

PHP 5.5.38 is released

The PHP development team announces the immediate availability of PHP 5.5.38. This is a security release that fixes
some security related bugs.

All PHP 5.5 users are encouraged to upgrade to this version.

For source d…

PHP 7.0.9 Released

The PHP development team announces the immediate availability of PHP
7.0.9. This is a security release. Several security bugs were fixed in
this release, including the HTTP_PROXY issue.

All PHP 7.0 users are encouraged t…

PHP 7.1.0 Beta 1 Released

The PHP development team announces the immediate availability of PHP 7.1.0 Beta 1. This release is the first beta for 7.1.0. All users of PHP are encouraged to test this version carefully, and report any bugs and incompatibilities in…

JVN: CGI ウェブサーバがヘッダ Proxy の値を環境変数 HTTP_PROXY に設定する脆弱性

CGI または類似のコンテキストで動作しているウェブサーバには、クライアントが指定したヘッダ Proxy の値を内部の環境変数 HTTP_PROXY に登録してしまう脆弱性が存在します。この脆弱性によって、内部のサブリクエストに中間者攻撃 (man-in-the-middle attack) を受けたり、サーバを任意のホストに接続させられたりする可能性があります。