Hi! The problem with ext/xmlrpc is that it relies on libxmlrpc-epi[1], which looks abandoned. Even worse, we're bundling a modified 0.51[2], while the latest version is 0.54.1[3]. This is exacerbated by the fact that the system library is usually build against libexpat, but the bundled library is likely to be build against libxml2 using our compat layer.
We most recently fixed two security issues[4], but it is likely not clear whether these may affect latest system libraries as well, and there are more issues. So unless a maintainer steps forward, it might be best to deprecate and/or unbundle ext/xmlrpc. Thoughts? [1] <https://sourceforge.net/projects/xmlrpc-epi/> [2] <https://github.com/php/php-src/blob/php-7.3.1/ext/xmlrpc/libxmlrpc/xmlrpc.h#L47> [3] <https://sourceforge.net/projects/xmlrpc-epi/files/xmlrpc-epi-base/> [4] <https://github.com/php/php-src/blob/php-7.3.1/NEWS#L89-L90> -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
