diff options
author | Dik Takken <d.h.j.takken@freedom.nl> | 2020-07-16 14:19:40 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-08-03 21:51:10 +0200 |
commit | 691a09f291a909cba8821ef16a447a5e615dee69 (patch) | |
tree | 0419088687170f2e22b1bd56b39cea705ed4e7eb /UPGRADING | |
parent | 44c7128fb726696a7c23ff694d1077cf0cf435d4 (diff) | |
download | php-git-691a09f291a909cba8821ef16a447a5e615dee69.tar.gz |
Bump libxml version requirement 2.7.6 => 2.9.0
Since libxml version 2.9.0 external entity loading is disabled by default.
Bumping the version requirement means that XML processing in PHP is no
longer vulnerable to XXE processing attacks by default.
Diffstat (limited to 'UPGRADING')
-rw-r--r-- | UPGRADING | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -984,6 +984,11 @@ PHP 8.0 UPGRADE NOTES - PDO: . PDOStatement now implements IteratorAggregate (instead of Traversable). +- LibXML: + . The minimum required libxml version is now 2.9.0. This means that external + entity loading is now guaranteed to be disabled by default, and no extra + steps need to be taken to protect against XXE attacks. + - MySQLi / PDO MySQL: . When mysqlnd is not used (which is the default and recommended option), the minimum supported libmysqlclient version is now 5.1. |