Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! http://git.dustri.org/snuffleupagus/atom?h=master 2026-01-05T20:43:10Z 2026-01-05T20:43:10Z jvoisin 2025-12-30T23:45:46Z urn:sha1:9278dc77bab2a219e770a1b31dd6797bc9070e37 When `upload_validation` is enabled, and when VLD isn't installed, an attacker sending a multipart POST is able to get arbitrary PHP content executed. Reported-By: thomas-chauchefoin-tob 2018-02-22T15:35:39Z jvoisin 2018-02-22T15:35:39Z urn:sha1:884bbbdf5f0916a840bb9fc8f40c14163d58fad8 PHP is breaking too many things on nightly, we'll only support releases from now on. This should also make our vld-based file-upload checker more resilient: no more random warnings on stderr. 2018-02-12T12:55:33Z jvoisin 2018-02-12T12:55:33Z urn:sha1:696ebc4ae68f4c7c2b803c917de365b98621b3a8 The Python script is using vld (https://derickrethans.nl/projects.html#vld) to check for malicious opcodes.