On 14 Sep 2022, at 20:55, Tim Düsterhus wrote:
> As indicated by the phrasing in my previous email, this knowledge does not
> enable an attacker to do anything that they wouldn't be able to do otherwise.
One possibility... when you say the attacker is able to "not send all the
fields", would t
> On Sep 16, 2022, at 20:27, Mark Tomlin wrote:
>
> To the release managers of PHP, please make sure that you do not overwrite
> the php.ini file. Making the php.ini.defaults file in the */usr/local/lib*
> is fine, but overwriting it when running *make install* is going to break
> some setups. T
