[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible release note for systems running PHP through CGI.

On Sun, 2012-08-19 at 22:32 +0200, Marco d'Itri wrote:
> I am also concerned that a *simple* solution to restore the old 
> behaviour in a secure way is not provided: maybe php5-cgi should install 
> a sensible default configuration in /etc/apache2/conf.d/ ?
Again, I don't think this saves us from the current need for a NEWS file
and release notes entry, but...

I've opened #685340, proposing:

a) a single php config file for Apache, that enables the MIME-Types (or

b) but that does _not_ enable (Action and ScriptAlias directives) PHP
globally on the server.
I think this is unclean and not the best with regards to security.
Also not any possible vhost needs the mapping to /cgi-bin/.

The goal should be that sysadmins (or package maintainers) set the
Action and ScriptAlias directives in their config snippets...
But this is definitely something for jessie.


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: