add news about session fix

author: Stanislav Malyshev <stas@php.net> 2013-08-04 20:04:42 -0700
committer: Stanislav Malyshev <stas@php.net> 2013-08-04 20:06:48 -0700
commit: e59143e8966c0b6aa07ca72b6ad27f64baad0a01 (patch)
tree: f33698471cad15a499a375e9c05b92247223f42f
parent: 6f73a0c00f0577313897e455f6fd729cfaa97f3b (diff)
download: php-git-e59143e8966c0b6aa07ca72b6ad27f64baad0a01.tar.gz
2 files changed, 12 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 82d4ca1572..c01b43ed7b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,12 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+?? ??? 2013, PHP 5.5.3
+
+- Sessions:
+  . Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)
+    which protects against session fixation attacks and session collisions.    
+    (Yasuo Ohgaki)
+
 ?? ??? 2013, PHP 5.5.2
 
 - Core:
diff --git a/UPGRADING b/UPGRADING
index 14e19aa583..4985665a0f 100755
--- a/UPGRADING
+++ b/UPGRADING
@@ -412,6 +412,11 @@ None
     ext/mysqli to be used with the new auth protocol, although at
     coarser level.
 
+- Sessions:
+  - Added session.use_strict_mode in 5.5.3, which prevents session
+    fixation attacks and session collisions. 
+    See also https://wiki.php.net/rfc/strict_sessions
+
 - Zend OPcache (See http://php.net/manual/en/book.opcache.php)
   - Added the following directives:
     - opcache.enable (default "1")
author	Stanislav Malyshev <stas@php.net>	2013-08-04 20:04:42 -0700
committer	Stanislav Malyshev <stas@php.net>	2013-08-04 20:06:48 -0700
commit	e59143e8966c0b6aa07ca72b6ad27f64baad0a01 (patch)
tree	f33698471cad15a499a375e9c05b92247223f42f
parent	6f73a0c00f0577313897e455f6fd729cfaa97f3b (diff)
download	php-git-e59143e8966c0b6aa07ca72b6ad27f64baad0a01.tar.gz