[wp-trac] [WordPress Trac] #47219: Site Health Check: handing out false security information about PHP versions

WordPress Trac noreply at wordpress.org
Fri May 10 20:31:03 UTC 2019


#47219: Site Health Check: handing out false security information about PHP
versions
----------------------------+----------------------
 Reporter:  DavidAnderson   |       Owner:  (none)
     Type:  defect (bug)    |      Status:  closed
 Priority:  normal          |   Milestone:
Component:  Administration  |     Version:  5.2
 Severity:  normal          |  Resolution:  invalid
 Keywords:                  |     Focuses:
----------------------------+----------------------
Changes (by johnbillion):

 * status:  new => closed
 * resolution:   => invalid
 * milestone:  Awaiting Review =>


Comment:

 It's a generalisation. It usually holds true in one way or another. For
 7.3 specifically:

 1. The `setcookie()` and `session_set_cookie_params()` functions now allow
 the `samesite` flag to be set, which enables applications built on it to
 be more secure.
 2. The `min_proto_version` and `max_proto_version` options for TLS streams
 reduce the chance of unintentional usage of insecure protocols in streams.
 3. The improvements to `xml_set_external_entity_ref_handler()` unifies
 handling of XML external entities which IMO has a good chance of improving
 security when external entities are sanitised.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47219#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list