Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:111278
Return-Path: <kontakt@beberlei.de>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 19472 invoked from network); 31 Jul 2020 16:55:53 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 31 Jul 2020 16:55:53 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 850B6180537
	for <internals@lists.php.net>; Fri, 31 Jul 2020 08:52:27 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,
	SPF_HELO_NONE,SPF_NONE autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <kontakt@beberlei.de>
Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Fri, 31 Jul 2020 08:52:26 -0700 (PDT)
Received: by mail-wr1-f44.google.com with SMTP id 88so28410397wrh.3
        for <internals@lists.php.net>; Fri, 31 Jul 2020 08:52:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=beberlei-de.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=wiDSdtWoai6FtuIKV/sqXIkunevk60B0EyQfPGFCOMQ=;
        b=XuSKSQRqO5bLsp/jesFpphEmE9P+rC9bv4SYhgXvMW03u1nCo7o59oMeI7AKCqhspq
         tB/Q5okddzHSiwiUAN423ZBSfGlgg4eAqCy7gztz0f3+XNZb8hNEvbDCt8ijkagMs1nK
         nlVU92AGd+on+Ew1EslU/qXEWi2IJoDcZC9sJAkucNGjgAhJsyRaGv4OfqY25xmFQ63g
         mInP7wb8lJVqxFfHMhi9tG2I5LdiSK0sNK0N9R3xvvNzxosSUlZyBKgxOGD4jEDiBirk
         lwmN37O7+uoM0pEqOXvKBrdx67DePyQWTlFE+uwEkMsm7CAeziOz+H9qPCJSCa4Um2Kk
         SwPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=wiDSdtWoai6FtuIKV/sqXIkunevk60B0EyQfPGFCOMQ=;
        b=I5gYLczeYImDEJNDvCRgklbfTK0ZbrUScP8Q3MBuVDJx0Uo06HTVP4J+z4diyNbV/0
         lGecS8LKQ0F0JfA0MebFR30qBTLwsjUs1LxSuQQPqQ/P/vFkUIOua6PgorNSyYtbJyOx
         1qYwRYXhDbxJiHLsed8su3pCskLqsmxy8oUN2nXOTZHbbKgOi0Yg8jyScd/Kvr9ddFE1
         cJsp6HfyYD+qZyo62AvOHpqmwOfwMCMLRxPap4iJ6uxbq7Qvr5dqf8vA/eyxblqTWrMh
         frXHkoL9zffoUZnhdqPtKO52lqaYEsMgYK/jsWxml/2VF2QxUB5g8Y6+DMtQzlGTDn9D
         2pfg==
X-Gm-Message-State: AOAM533akKRqt5edmv4D4kJ/RWDsMvzlhei5V/dOcvnqv/wz8zX/08e5
	0e3hFnRuyKWcuDlWNOvZWBHrAad040dQKK0FU9xIbQ==
X-Google-Smtp-Source: ABdhPJwnqq9UJ/xF8ZFf74uBlQdf9r3tmR7xNsiSD+0EOeMp7DhIgHRJEmXYbzyNWtYFP+5Pfr9KcQAw0Qz/TF01YrI=
X-Received: by 2002:adf:dcc8:: with SMTP id x8mr4327333wrm.16.1596210743437;
 Fri, 31 Jul 2020 08:52:23 -0700 (PDT)
MIME-Version: 1.0
References: <4378c303-f79d-219c-620b-45c6a45e2101@freedom.nl>
In-Reply-To: <4378c303-f79d-219c-620b-45c6a45e2101@freedom.nl>
Date: Fri, 31 Jul 2020 17:52:12 +0200
Message-ID: <CAEPJdu=unnszKm6QDgjgsgm_1f4T3RcyCLq2d21gfoHz-xRaHw@mail.gmail.com>
To: Dik Takken <d.h.j.takken@freedom.nl>
Cc: PHP Development <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="0000000000005983a705abbec657"
Subject: Re: [PHP-DEV] PR: Bump libxml version, deprecate libxml_disable_entity_loader()
From: kontakt@beberlei.de (Benjamin Eberlei)

--0000000000005983a705abbec657
Content-Type: text/plain; charset="UTF-8"

Hi Dik,

your e-mail has likely been going to spam for many subscribers of the
mailing list, I have just seen it after reading Nikitas comment on the PR.

https://github.com/php/php-src/pull/5867

I am all for this and wanted to bump the thread to the list so that
everyone can see this as well.

Are there objections from anyone from merging this on Monday?

greetings
Benjamin

On Thu, Jul 16, 2020 at 5:48 PM Dik Takken <d.h.j.takken@freedom.nl> wrote:

> Hi internals,
>
> I prepared a PR which aims to properly fix a long standing problem
> related to secure XML processing in PHP.
>
> In short, it bumps the minimum required version of libxml and it
> deprecates the libxml_disable_entity_loader() function.
>
> You can find the details in the PR:
>
> https://github.com/php/php-src/pull/5867
>
> Please have a look.
>
> Thanks,
>
> Dik Takken
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: https://www.php.net/unsub.php
>
>

--0000000000005983a705abbec657--