add news about session fix

author Stanislav Malyshev <stas@php.net>

Mon, 5 Aug 2013 03:04:42 +0000 (20:04 -0700)

committer Stanislav Malyshev <stas@php.net>

Mon, 5 Aug 2013 03:06:48 +0000 (20:06 -0700)
author Stanislav Malyshev <stas@php.net>
Mon, 5 Aug 2013 03:04:42 +0000 (20:04 -0700)
committer Stanislav Malyshev <stas@php.net>
Mon, 5 Aug 2013 03:06:48 +0000 (20:06 -0700)
diff --git a/NEWS b/NEWS

index 82d4ca1572907dec1d846a201f15b26d5332c93a..c01b43ed7bcda9d3c846df439cf32ead01c098d6 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,12 @@
  PHP                                                                        NEWS
  |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+?? ??? 2013, PHP 5.5.3
+
+- Sessions:
+  . Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)
+    which protects against session fixation attacks and session collisions.    
+    (Yasuo Ohgaki)
+
  ?? ??? 2013, PHP 5.5.2
  
  - Core:
diff --git a/UPGRADING b/UPGRADING

index 14e19aa58359a201082bdfee026cb3bcac7148dc..4985665a0f5927f3f3b75ca1e8b425bddffb1f79 100755 (executable)
--- a/UPGRADING
+++ b/UPGRADING
@@ -412,6 +412,11 @@ None
      ext/mysqli to be used with the new auth protocol, although at
      coarser level.
  
+- Sessions:
+  - Added session.use_strict_mode in 5.5.3, which prevents session
+    fixation attacks and session collisions. 
+    See also https://wiki.php.net/rfc/strict_sessions
+
  - Zend OPcache (See http://php.net/manual/en/book.opcache.php)
    - Added the following directives:
      - opcache.enable (default "1")
author	Stanislav Malyshev <stas@php.net>
	Mon, 5 Aug 2013 03:04:42 +0000 (20:04 -0700)
committer	Stanislav Malyshev <stas@php.net>
	Mon, 5 Aug 2013 03:06:48 +0000 (20:06 -0700)