Though I forgot to write because of hooked on WOFF, I updated to PHP5.5.10 on Mar. 10.
According to ChangeLog, this includes the fixes for CVE-2014-1943, CVE-2014-2270 and CVE-2013-7327.
The php.ini-production loses the next 31 lines. My server had nothing affected by them, though.
———————————————
; session.bug_compat_42
; Default Value: On
; Development Value: On
; Production Value: Off
———————————————
; session.bug_compat_warn
; Default Value: On
; Development Value: On
; Production Value: Off
———————————————
; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope.
; PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled. This feature
; introduces some serious security problems if not handled correctly. It’s
; recommended that you do not use this feature on production servers. But you
; should enable this on development servers and enable the warning as well. If you
; do not enable the feature on development servers, you won’t be warned when it’s
; used and debugging errors caused by this can be difficult to track down.
; Default Value: On
; Development Value: On
; Production Value: Off
; http://php.net/session.bug-compat-42
session.bug_compat_42 = Off
———————————————
; This setting controls whether or not you are warned by PHP when initializing a
; session value into the global space. session.bug_compat_42 must be enabled before
; these warnings can be issued by PHP. See the directive above for more information.
; Default Value: On
; Development Value: On
; Production Value: Off
; http://php.net/session.bug-compat-warn
session.bug_compat_warn = Off
———————————————
As the official PHP binary includes php5apache2_4.dll, I extract the zip archive and replace all PHP5.5.9 files with all PHP5.5.10 files except my php.ini. Then, I restart my Apache. That’s it.
If you need how to configure PHP5.5, please see the post. It is for a mbstrings user, but the information gives some help for you.
I use this opportunity to update to phpMyAdmin 4.1.9. If you need its configuration, see “phpMyAdmin 4.1.0 is released”.
The laptop mentioned previous article successfully became 24H2. The touchpad was risen because the battery…
I had a cheap laptop from Amazon and had used it to watch streaming programs…
The recipe for sweet potato yōkan that I often made this fall. Ingredients Sweet potato…
After a long time, when I checked broken links and fixed them, I got an…
I made a box, so I prepare the contents. Theme and Plugins. The theme is…
Hehe, it's been almost a year since my last post. I received a notification email…
This website uses cookies.