Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:111052 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 33666 invoked from network); 16 Jul 2020 16:55:36 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 16 Jul 2020 16:55:36 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 64B36180570 for ; Thu, 16 Jul 2020 08:48:33 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from outbound.soverin.net (outbound.soverin.net [116.202.65.215]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 16 Jul 2020 08:48:31 -0700 (PDT) Received: from smtp.freedom.nl (unknown [10.10.3.36]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by outbound.soverin.net (Postfix) with ESMTPS id 0ACBE60165 for ; Thu, 16 Jul 2020 15:48:29 +0000 (UTC) Received: from smtp.freedom.nl (smtp.freedom.nl [116.202.65.211]) by soverin.net DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=freedom.nl; s=default; t=1594914508; bh=K/Yt4S8GAiBO+yXItT4cWusM1UTPR95Ld0zL36XTsro=; h=To:From:Subject:Date:From; b=b1ueu1huGLLN3vKuwvDWMsn27xghXkpDtIAMQjx78EVUortZfT8ckysFs7mi9nTjG osy3jXX3ZWw7YVc5UIjFjEA6gYux1LnOqYXETUrRSddQBOAm+qGdDh2Bw4uOt1irHi n45AbH6ME0bjDG0BubThSXwlfBTShZmPiCpOH8ik= DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=freedom.nl; s=default; t=1594914509; bh=K/Yt4S8GAiBO+yXItT4cWusM1UTPR95Ld0zL36XTsro=; h=To:From:Subject:Date:From; b=xtnKuJ/vlkL8FYuva2rNQzOadL1Utl2pJlXoRmwmjM26zcCIFkckKpybf/6xoTfLa blEirERTJgAonOgWRTFKFxSwDPXMu8FhgV0hrRZi9ZBkQDuxd3BfbasC76spVj3WMP ldSaUDm4jDBqrMsu05Z1hFO4989IgJll1cW7FMU4= To: PHP Development Autocrypt: addr=d.h.j.takken@freedom.nl; keydata= xjMEXimHTRYJKwYBBAHaRw8BAQdAzvRUI24yOGvteVk9N6VKIt425fNgg0P1rvD2WQLGP+fN JERpayBUYWtrZW4gPGQuaC5qLnRha2tlbkBmcmVlZG9tLm5sPsKtBBMWCAA+FiEEvtrj9qG2 TA2YmjvLhef0X6cSlpAFAl4ph00CGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA IQkQhef0X6cSlpAWIQS+2uP2obZMDZiaO8uF5/RfpxKWkPywAQChh9Z1jSvitkT3sIipwMlk dnUlYY5Ue3lHBBhF6pQUOwD/XtEz/fsjvqE/GpjJhXpxNodwKjLhaUiFe9qRwwH/5QXOOARe KYdNEgorBgEEAZdVAQUBAQdAMNSCUI0PnOjjrFKZDAFRQzKLVDCINuFNgsXh0snmlUwDAQgH wpUEGBYIACYWIQS+2uP2obZMDZiaO8uF5/RfpxKWkAUCXimHTQIbDAUJCWYBgAAhCRCF5/Rf pxKWkBYhBL7a4/ahtkwNmJo7y4Xn9F+nEpaQEYUA/2mZ3uEN0JTRUZbxHGBMB4IhQw0cdIML FpFrTycqUCXCAQD5rWXomBWVD/DRHk7O3KjNsek9F1DEZgGeZ5pPmNF/Dg== Message-ID: <4378c303-f79d-219c-620b-45c6a45e2101@freedom.nl> Date: Thu, 16 Jul 2020 17:48:28 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US X-Virus-Scanned: clamav-milter 0.102.3 at c03mi01 X-Virus-Status: Clean Content-Transfer-Encoding: 7bit Subject: PR: Bump libxml version, deprecate libxml_disable_entity_loader() From: d.h.j.takken@freedom.nl (Dik Takken) Hi internals, I prepared a PR which aims to properly fix a long standing problem related to secure XML processing in PHP. In short, it bumps the minimum required version of libxml and it deprecates the libxml_disable_entity_loader() function. You can find the details in the PR: https://github.com/php/php-src/pull/5867 Please have a look. Thanks, Dik Takken