Comments (8)
from secureheaders.
To be fair, using PHP 5.4 should be considered a security risk as well.
from secureheaders.
I would not drop support for PHP 5.4, since the latest Ubuntu LTS version is served with that version. Then, you may not be able to use this library when you want things to be secure now.
from secureheaders.
Well, it's that old, that hackers don't care about this (ancient) version. 😝
from secureheaders.
I would not drop support for PHP 5.4, since the latest Ubuntu LTS version is served with that version. Then, you may not be able to use this library when you want things to be secure now.
If Ubuntu LTS is shipping with dead software then that's their problem to fix 😉
I've provided availability of this library for old versions, but it would be irresponsible to continue to support a security library on a software platform that can't hope to be secure itself (because it will never be updated).
As said this is a future goal (with no date as of yet), so no immediate drop of support. If it matters to you, please push relevant providers to use non EOL software before that future becomes present :)
from secureheaders.
If Ubuntu LTS is shipping with dead software then that's their problem to fix 😉
Well, LTS version aren't provide up2date software, but only security release by definition.
from secureheaders.
from secureheaders.
Once they started shipped it, it was the newest php version. And it is maintained until the mid of 2019.
from secureheaders.
Related Issues (20)
- 2.0 Planned Changes HOT 19
- 2.0: removeCookies() has no effect HOT 4
- Proposal: Move most documentation to PhpDoc blocks HOT 14
- Discuss finally releasing 2.0 HOT 2
- Increase Test Coverage
- [2.0] Readme is out of date
- `strict-origin-when-cross-origin` doesn't seem to be supported by Chrome HOT 4
- allow method chaining HOT 13
- Report missing CSP directives
- `'strict-dynamic'` isn't injected into CSP Report-Only
- More intuitive config
- Throw exceptions instead of user warnings/errors HOT 6
- Auto protected session cookie HOT 5
- Conditional Intent to Deprecate and Remove: Public Key Pinning
- Increase test coverage
- Add hashes and nonces as friendly directive HOT 2
- Option to manually disable warnings HOT 4
- Don't warn for 'unsafe-inline' if hash or nonce present in applicable directive
- Rethink cookie upgrades HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secureheaders.