News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Stefan Esser's Blog:
Watching the PHP CVS
May 10, 2007 @ 15:57:00

In this new post to the PHP Security blog today, Stefan Esser gives a good recommendation to developers out there looking to provide the most recent protection for their applications - look to the CVS.

One of the worst things in PHP security is the fact that vulnerabilities in PHP are usually patched in the CVS and then wait for months until they are disclosed to the public. Time enough for everyone to grab the fixes from CVS and develop exploits for the vulnerabilities. Therefore PHP vulnerabilities are usually already known to the bad guys for weeks or months when a new PHP version comes out and the public is notified about the vulnerability.

He also notes that there are sometimes when it happens that issues aren't represented in the materials that go out with each release. One he mentions specifically involves this bug.

0 comments voice your opinion now!
cvs update vulnerability exploit security release announcement cvs update vulnerability exploit security release announcement


blog comments powered by Disqus

Similar Posts

Secunia.com: WordPress Issues - Two Plugins (wp-Table & wordTube) and a Debian Update

Community News: Web & PHP Conference 2013 - Speakers Announced

William Candillon's Blog: The new release of phpAspect is coming soon

DynamicWebPages.de: PHP 5.1.3RC1 Released

IBM DeveloperWorks: Seven habits for writing secure PHP applications


Community Events

Don't see your event here?
Let us know!


extension version opinion api laravel5 example library podcast language series video laravel introduction interview community framework php7 security voicesoftheelephpant release

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework