[LINK] PHP security issue with OPCache leaking sensitive data Fixed


#1

Found this, thought it might be a interesting read.

PHP’s long standing security issue with OPCache leaking sensitive data Fixed - PHP Magazine

One interesting part regarding PHP 7.1 that Trellis uses.

Afftect Versions:
PHP7 < 7.0.14 and PHP5 < 5.6.29. Later versions are still vulnerable by default unless opcache.validate_permission=1 is enabled.

Still reading a relevant discussion on bugs.php.net setting opcache.validade_permission=1 is stil up to debate…


#2

If there’s a conclusion on that, you could do a PR on Trellis :slight_smile: