Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:125534 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id E0CFC1A00CA for ; Fri, 13 Sep 2024 14:13:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1726236958; bh=Or//2WTbFlrPdDnn05KE9I1+KNss9bq0TgYfZ2B3CII=; h=Date:From:Reply-To:To:Subject:From; b=ZKl1LkFcZa8AG+1lRVhIH59emTPn4fW8jAPGtmiXjuts4Kh5hWXSgAdLGhwQcRk94 Gh/2KeSd0xV1KT3EHbiU5RwIt/SDOitJic7xGPte0DY9POoWObjD+PYhGUOjQo1cuq wGZvVRuDvzkTYITPEajNAH8eGEH92M0kVtZM/cCfMCNX0NdmMBvHma4vS4kL9B+J+x wgWaRWI1bLk9hCDRYN9DNt8M1RsUkjQmY36Vrntz8PwNy8FxqRVRCXpv/rQrjYd2/s uwQdy45sprF6FD+zV8UFTvFAiqm5KbxHOnDa6DPXFgxa/KjhpE9FPBWmN7Q6B0Hv4V +oa7fosPYRKrw== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 6CE4318038C for ; Fri, 13 Sep 2024 14:15:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_MISSING,HTML_MESSAGE, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from mail.prvy.eu (mail.prvy.eu [116.202.197.153]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Fri, 13 Sep 2024 14:15:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=akayo.eu; s=20200601; t=1726236829; bh=Or//2WTbFlrPdDnn05KE9I1+KNss9bq0TgYfZ2B3CII=; h=Date:From:Reply-To:To:Subject:From; b=WyqfKLqV8BvP95QEghQ5eU6+yrimVG274KfLnVCJS5BKCdnwSYVHsDmoda5nyRStj TfhluiLT2rjIBm6xc+z6LvEf7T98JYZq+neyd+AGVznO1Gr9afUTwsnD9CUp4H541x BDWEUa5NjrE4DIMK63VX/DHfAn08AqIYBwn6TGRyOQOzbyYAflGvwrrRy0OAn7/1Pb p5OIJ8nK5oQXidulCh0DDjjvF5PFawKO6C+CugMrDz/7U/iMRpb7McN0IPOAF7VNVw Cq1gn49ZJZYvJKDgBIZKrZscCizwfUtjmoZSvi+cdBW3vXaVYR4n46lLUr9WYGOk6G Y12wt4HjHni1A== Received: from unknown (unknown [45.86.158.59]) by mail.prvy.eu (Postfix) with ESMTPSA id DFBAB7F81C for ; Fri, 13 Sep 2024 14:13:49 +0000 (UTC) Date: Fri, 13 Sep 2024 16:13:49 +0200 Reply-To: To: Subject: [PHP-DEV] [GitHub #7913] Vulnerability due to insecure default values for =?UTF-8?Q?session=2Ecookie=5Fsecure=20and=20session=2Ecookie=5Fhttponly?= Message-ID: <64a80dtdj.EU2uYf@akayo.eu> X-Conversation-ID: 0cvptjjwq0 Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net x-ms-reactions: disallow MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="f54b706565392e2888ec5c7e1a752445cfa721a9f69d64be83f3febd085e572f" From: etkaar@akayo.eu ("etkaar") --f54b706565392e2888ec5c7e1a752445cfa721a9f69d64be83f3febd085e572f Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi!=0A=0AI've created this issue in January 2022 but it seems it wasn't not= iced yet (since you probably do watch the mailing lists more than GitHub):= =0Ahttps://github.com/php/php-src/issues/7913=0A=0AKind Regards,=0Aetkaar --f54b706565392e2888ec5c7e1a752445cfa721a9f69d64be83f3febd085e572f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

Hi!=0A=0AI've creat=
ed this issue in January 2022 but it seems it wasn't noticed yet (since you=
 probably do watch the mailing lists more than GitHub):=0Ahttps://github.co=
m/php/php-src/issues/7913=0A=0AKind Regards,=0Aetkaar

=0A=09=09=09=0A= =09=09=09 --f54b706565392e2888ec5c7e1a752445cfa721a9f69d64be83f3febd085e572f--