PR: Bump libxml version, deprecate libxml_disable_entity_loader()

  111052
July 16, 2020 15:48 d.h.j.takken@freedom.nl (Dik Takken)
Hi internals,

I prepared a PR which aims to properly fix a long standing problem
related to secure XML processing in PHP.

In short, it bumps the minimum required version of libxml and it
deprecates the libxml_disable_entity_loader() function.

You can find the details in the PR:

https://github.com/php/php-src/pull/5867

Please have a look.

Thanks,

Dik Takken
  111278
July 31, 2020 15:52 kontakt@beberlei.de (Benjamin Eberlei)
Hi Dik,

your e-mail has likely been going to spam for many subscribers of the
mailing list, I have just seen it after reading Nikitas comment on the PR.

https://github.com/php/php-src/pull/5867

I am all for this and wanted to bump the thread to the list so that
everyone can see this as well.

Are there objections from anyone from merging this on Monday?

greetings
Benjamin

On Thu, Jul 16, 2020 at 5:48 PM Dik Takken takken@freedom.nl> wrote:

> Hi internals, > > I prepared a PR which aims to properly fix a long standing problem > related to secure XML processing in PHP. > > In short, it bumps the minimum required version of libxml and it > deprecates the libxml_disable_entity_loader() function. > > You can find the details in the PR: > > https://github.com/php/php-src/pull/5867 > > Please have a look. > > Thanks, > > Dik Takken > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > >