On Fri, Jan 15, 2016 at 1:32 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > Hi Julien, > > On Fri, Jan 15, 2016 at 9:10 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: >> >> On Fri, Jan 15, 2016 at 4:32 AM, Stanislav Malyshev <smalys...@gmail.com> >> wrote: >>> >>>> However, previous my fix (Raise warning and return false) was wrong fix. >>>> Therefore, I would like to correct (Provide new session ID and continue) >>>> it in 5.5 also. Does this make sense? >>> >>> Yes, but nit sure if it's for 5.5. It's for Julian to decide, >>> ultimately, but it doesn't look like 5.5 has a security issue right now >>> with it? Or am I wrong? >> >> No. It does not have security bug, but has wrong fix for the security bug. > > I'll commit the fix from PHP 5.6. If you think this should be included for > PHP 5.5, please cherry pick. I prefer to have this in PHP 5.5, but it's > not mandatory. > > Regards, > > -- > Yasuo Ohgaki > yohg...@ohgaki.net
Hi, I will cherry pick it for 5.5 , as it is a fix for a security fix. Is it bfb9307b2d679a91e138fd876880470ece60942b ? Julien.Pauli -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
