[wp-trac] [WordPress Trac] #47219: Site Health Check: handing out false security information about PHP versions
WordPress Trac
noreply at wordpress.org
Fri May 10 20:31:03 UTC 2019
#47219: Site Health Check: handing out false security information about PHP
versions
----------------------------+----------------------
Reporter: DavidAnderson | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Administration | Version: 5.2
Severity: normal | Resolution: invalid
Keywords: | Focuses:
----------------------------+----------------------
Changes (by johnbillion):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
It's a generalisation. It usually holds true in one way or another. For
7.3 specifically:
1. The `setcookie()` and `session_set_cookie_params()` functions now allow
the `samesite` flag to be set, which enables applications built on it to
be more secure.
2. The `min_proto_version` and `max_proto_version` options for TLS streams
reduce the chance of unintentional usage of insecure protocols in streams.
3. The improvements to `xml_set_external_entity_ref_handler()` unifies
handling of XML external entities which IMO has a good chance of improving
security when external entities are sanitised.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47219#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list