Please make sure these security fixes are included: fileinfo: Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)
gd: Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120) Thanks, Kaplan On Mon, Aug 18, 2014 at 5:46 PM, Ferenc Kovacs <tyr...@gmail.com> wrote: > On Sun, Aug 17, 2014 at 11:25 AM, Ferenc Kovacs <tyr...@gmail.com> wrote: > > > Hi, > > > > I'm planning to release 5.6.0 from RC4 if nothing serious comes up, so > > this is just a heads-up: if you think that there is some fix, which > should > > make into the 5.6.0 final (which isn't in RC4) or if you think that there > > is some blocker issue which should be solved before the 5.6.0 final > > release, please drop me an email just to be sure. > > > > Thanks! > > > > -- > > Ferenc Kovács > > @Tyr43l - http://tyrael.hu > > > > Hi, > > just to clarify: > if no blocker issue is reported from php-5.6.0RC4, then we won't have > another RC, but php-5.6.0 (final) will be tagged using PHP-5.6.0RC4 as it > base, and maybe some commits cherry-picked (security fixes for example, or > changes with low impact like NEWS/UPGRADING/test fixes) on top of it. > so commits in the PHP-5.6 branch after the RC4 tagging won't be in the > final by default, only if you can convince me that we need that. > > -- > Ferenc Kovács > @Tyr43l - http://tyrael.hu >
