Package: release-notes Hi, I propose to add this text: ======== Starting with this release, the Debian security team does not provide security support for a number of PHP configurations which are known to be insecure. Most importantly, issues that make use of the register_globals setting being turned on are not addressed. This setting is known to be insecure and has defaulted to off for many years. If you run legacy applications that require it, enable register_globals for the respective paths only, e.g. through the Apache configuration file. More information is available in the README.Debian.security file in the PHP documentation directory (/usr/share/doc/php{4,5}). ======== Thijs
Attachment:
signature.asc
Description: This is a digitally signed message part