com php-src: add news about session fix: NEWS UPGRADING

From: Date: Mon, 05 Aug 2013 03:04:42 +0000
Subject: com php-src: add news about session fix: NEWS UPGRADING
Groups: php.cvs 
Request: Send a blank email to [email protected] to get a copy of this message 
Commit:    169b78eb79b0e080b67f9798708eb3771c6d0b2f
Author:    Stanislav Malyshev <[email protected]>         Sun, 4 Aug 2013 20:04:42 -0700
Parents:   6f73a0c00f0577313897e455f6fd729cfaa97f3b
Branches:  master

Link:       http://git.php.net/?p=php-src.git;a=commitdiff;h=169b78eb79b0e080b67f9798708eb3771c6d0b2f

Log:
add news about session fix

Changed paths:
  M  NEWS
  M  UPGRADING


Diff:
diff --git a/NEWS b/NEWS
index 82d4ca1..d275185 100644
--- a/NEWS
+++ b/NEWS
@@ -28,6 +28,11 @@ PHP                                                                        NEWS
   . Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for 
     some specific contents). (Stas)
 
+- Sessions:
+  . Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)
+    which protects against session fixation attacks and session collisions.    
+    (Yasuo Ohgaki)
+
 - SOAP:
   . Fixed bug #65018 (SoapHeader problems with SoapServer). (Dmitry)
 
diff --git a/UPGRADING b/UPGRADING
index 14e19aa..024a560 100755
--- a/UPGRADING
+++ b/UPGRADING
@@ -412,6 +412,11 @@ None
     ext/mysqli to be used with the new auth protocol, although at
     coarser level.
 
+- Sessions:
+  - Added session.use_strict_mode in 5.5.2, which prevents session
+    fixation attacks and session collisions. 
+    See also https://wiki.php.net/rfc/strict_sessions
+
 - Zend OPcache (See http://php.net/manual/en/book.opcache.php)
   - Added the following directives:
     - opcache.enable (default "1")

Thread (1 message)

  • Stanislav Malyshev
« previous php.cvs (#72831) next »