Comments (8)
aidantwoods
commented on May 21, 2024
2
Unfortunately PHP 5.4 won't be maintained till then (it is not maintained
currently, or even recently). As said previous, having dead (and unsafe)
software on LTS an issue for Ubuntu to work out for themselves. If you're
using LTS with PHP 5.4 you should update PHP to a sane version 😉
(This'll probably work:
https://gist.github.com/aidantwoods/bb26af07588c7fa6c68be237a1caf22c, only
tested on Kali – still Debian though).
If any environment is running PHP 5.4 (or EOL software in general) without
a plan for updates, that's a huge red flag that you have more import issues
to solve than HTTP headers.
…On Thu, 3 Aug 2017 at 10:10, Jens Hausdorf ***@***.***> wrote:
Once they started shipped it, it was the newest php version. And it is
maintained until the mid of 2019.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#62 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADIvODJUUf-rvVilCCiScNS-ibZ86BRJks5sUY52gaJpZM4OrxmK>
.
from secureheaders.
franzliedke
commented on May 21, 2024
1
To be fair, using PHP 5.4 should be considered a security risk as well.
from secureheaders.
jens1o
commented on May 21, 2024
I would not drop support for PHP 5.4, since the latest Ubuntu LTS version is served with that version. Then, you may not be able to use this library when you want things to be secure now.
from secureheaders.
jens1o
commented on May 21, 2024
Well, it's that old, that hackers don't care about this (ancient) version. 😝
from secureheaders.
aidantwoods
commented on May 21, 2024
I would not drop support for PHP 5.4, since the latest Ubuntu LTS version is served with that version. Then, you may not be able to use this library when you want things to be secure now.
If Ubuntu LTS is shipping with dead software then that's their problem to fix 😉
I've provided availability of this library for old versions, but it would be irresponsible to continue to support a security library on a software platform that can't hope to be secure itself (because it will never be updated).
As said this is a future goal (with no date as of yet), so no immediate drop of support. If it matters to you, please push relevant providers to use non EOL software before that future becomes present :)
from secureheaders.
jens1o
commented on May 21, 2024
If Ubuntu LTS is shipping with dead software then that's their problem to fix 😉
Well, LTS version aren't provide up2date software, but only security release by definition.
from secureheaders.
aidantwoods
commented on May 21, 2024
Ironic that they're shipping software that won't receive any security
updates then, isn't it? 😉
…On Thu, 3 Aug 2017 at 09:53, Jens Hausdorf ***@***.***> wrote:
If Ubuntu LTS is shipping with dead software then that's their problem to
fix 😉
Well, LTS version aren't provide up2date software, but only security
release by definition.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#62 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADIvOGluSRCGzt1gtERGCiLDqZpdnevhks5sUYqPgaJpZM4OrxmK>
.
from secureheaders.
jens1o
commented on May 21, 2024
Once they started shipped it, it was the newest php version. And it is maintained until the mid of 2019.
from secureheaders.
Related Issues (20)
- 2.0 Planned Changes HOT 19
- 2.0: removeCookies() has no effect HOT 4
- Proposal: Move most documentation to PhpDoc blocks HOT 14
- Discuss finally releasing 2.0 HOT 2
- Increase Test Coverage
- [2.0] Readme is out of date
- `strict-origin-when-cross-origin` doesn't seem to be supported by Chrome HOT 4
- allow method chaining HOT 13
- Report missing CSP directives
- `'strict-dynamic'` isn't injected into CSP Report-Only
- More intuitive config
- Throw exceptions instead of user warnings/errors HOT 6
- Auto protected session cookie HOT 5
- Conditional Intent to Deprecate and Remove: Public Key Pinning
- Increase test coverage
- Add hashes and nonces as friendly directive HOT 2
- Option to manually disable warnings HOT 4
- Don't warn for 'unsafe-inline' if hash or nonce present in applicable directive
- Rethink cookie upgrades HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secureheaders.