Re: [PHP-DEV] HashDoS

2016-09-15 Thread Thomas Hruska
On 9/15/2016 5:20 PM, Stanislav Malyshev wrote: Hi! On 9/15/16 11:48 AM, Scott Arciszewski wrote: Would the Internals team be open to discussing mitigating HashDoS in a future version of PHP? i.e. everywhere, even for json_decode() and friends, by fixing the problem rather than capping the maxi

[PHP-DEV] BAD Benchmark Results for PHP Master 2016-09-16

2016-09-15 Thread lp_benchmark_robot
Results for project PHP master, build date 2016-09-15 06:24:43+03:00 commit: 902e9ad previous commit:494c5dc revision date: 2016-09-15 03:07:31+03:00 environment:Haswell-EP cpu:Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz 2x18 cores, stepping 2, LLC 45 MB

Re: [PHP-DEV] HashDoS

2016-09-15 Thread Stanislav Malyshev
Hi! On 9/15/16 11:48 AM, Scott Arciszewski wrote: > Would the Internals team be open to discussing mitigating HashDoS in a > future version of PHP? i.e. everywhere, even for json_decode() and friends, > by fixing the problem rather than capping the maximum number of input > parameters and hoping i

Re: [PHP-DEV] HashDoS

2016-09-15 Thread Yasuo Ohgaki
Hi Nikita, On Fri, Sep 16, 2016 at 3:56 AM, Nikita Popov wrote: > > Previous discussion on the topic: > http://markmail.org/message/ttbgcvdu4f7uymfb Your proposal is mandatory, IMHO. Let's implement it ASAP. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Developme

Re: [PHP-DEV] RFC - Immutable classes

2016-09-15 Thread Fleshgrinder
On 9/14/2016 7:25 PM, Mathieu Rochette wrote: > yeah the example is not that great, I'll usually want to clone to > avoid calling a constructor with to many parameters (or a constructor > doing too many things not needed here) > That's exactly the reason why we want the _clone_ modifier. :) On 9

Re: [PHP-DEV] HashDoS

2016-09-15 Thread Nikita Popov
On Thu, Sep 15, 2016 at 8:48 PM, Scott Arciszewski wrote: > Would the Internals team be open to discussing mitigating HashDoS in a > future version of PHP? i.e. everywhere, even for json_decode() and friends, > by fixing the problem rather than capping the maximum number of input > parameters and

[PHP-DEV] HashDoS

2016-09-15 Thread Scott Arciszewski
Would the Internals team be open to discussing mitigating HashDoS in a future version of PHP? i.e. everywhere, even for json_decode() and friends, by fixing the problem rather than capping the maximum number of input parameters and hoping it's good enough. I'd propose SipHash (and/or a derivative)

[PHP-DEV] PHP 7.0.11 is available

2016-09-15 Thread Anatol Belski
Hi, The PHP development team announces the immediate availability of PHP 7.0.11. This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version. For source downloads of PHP 7.0.11 please visit our downloads page: http://w