[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: php 4.3.7 request
Stardate [040606 23:00]. Jonathan Weiss of Borg wrote:
> X-Original-To: robert@localhost
> X-Authenticated: #10211679
> Subject: Re: php 4.3.7 request
> From: Jonathan Weiss <tomonage3@gmx.de>
> To: Robert Nagy <robert@openbsd.org>, van Helsing <vh@helith.net>
> Cc: <ports@openbsd.org>
>
> > Stardate [040606 21:50]. van Helsing of Borg wrote:
> >> From: van Helsing <vh@helith.net>
> >> To: Anil Madhavapeddy <anil@recoil.org>
> >> Cc: ports@openbsd.org
> >> Subject: Re: php 4.3.7 request
> >> Organization: Helith Network
> >> X-Virus-Scanned: clamd / ClamAV version 0.72, clamav-milter version 0.72
> >> on informant.helith.net
> >> X-Virus-Status: Clean
> >>
> >> On Sun, 6 Jun 2004 19:23:42 +0100
> >> Anil Madhavapeddy <anil@recoil.org> wrote:
> >>
> >> Thank you for the information. :)
> >> But is it a good choice to run -current ports on a -stable OS?
> >> I thought 4.3.7 could be declared as 'patch' of the 4.3.5RC3 becourse
> >> it's just a patch release with no new feautures and so it could be part
> >> of the -stable ports/packages.
> > Why? Is there any security or reliability problem with 3.4.5RC3? Only
> > security & reliability fixes go to stable.
>
> php.net says:
> ------------------------
> PHP 4.3.7. This is a maintenance release that in addition to several
> non-critical bug fixes, addresses an input validation vulnerability in
> escapeshellcmd() and escapeshellarg() functions on the Windows platform.
> Users of PHP on Windows are encouraged to upgrade to this release as soon
> as possible.
>
> All in all this release fixes over 30 bugs that have been discovered and
> resolved since the 4.3.6 release. For a full list of changes in PHP 4.3.7,
> see the ChangeLog.
> ------------------------
>
> AFAIK 4.3.6 and 4.3.7 are only bugfix-releases.
>
> Jonathan
I will have a look at the changelog. But i doubt that it worth to
update the port in stable.
--
Robert Nagy