php-gettext 1.0.12
Security fix for potential code injection bug (#1515334).
Do not assume mbstring functions are always there, pass text through if they aren't (#734494).
Milestone information
- Project:
- php-gettext
- Series:
- trunk
- Version:
- 1.0.12
- Released:
- Registrant:
- Данило Шеган
- Release registered:
- Active:
- No. Drivers cannot target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- No users assigned to blueprints and bugs.
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- No bugs are targeted to this milestone.
Download files for this release
Release notes
This release includes a fix for potential security issue allowing code injection into the ngettext family of calls: evaluating the plural form formula can execute arbitrary code if number is passed unsanitized from the untrusted user. php-gettext will now throw an exception if the value being passed in is not a number, thus supporting good programming practices: always validate user input at the point of "entry".
Long-committed but never released fix for bug 734494 is also included.
Changelog
0 blueprints and 0 bugs targeted
There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.