[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#398437: Please add notice about PHP register_globals not security supported

Package: release-notes


I propose to add this text:

Starting with this release, the Debian security team does not provide
security support for a number of PHP configurations which are known to
be insecure. Most importantly, issues that make use of the
register_globals setting being turned on are not addressed. This setting
is known to be insecure and has defaulted to off for many years. If you
run legacy applications that require it, enable register_globals for the
respective paths only, e.g. through the Apache configuration file. More
information is available in the README.Debian.security file in the PHP
documentation directory (/usr/share/doc/php{4,5}).


Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: