New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Two Vulnerabilities in One Line #5

Closed
paragonie-scott opened this Issue Jun 9, 2015 · 3 comments

Comments

Projects
None yet
3 participants
@paragonie-scott

This comment has been minimized.

Show comment
Hide comment
@paragonie-scott

paragonie-scott Dec 6, 2015

Is there any interest in fixing this?

paragonie-scott commented Dec 6, 2015

Is there any interest in fixing this?

@rnapier

This comment has been minimized.

Show comment
Hide comment
@rnapier

rnapier Dec 6, 2015

Member

My PHP background is weak, and I haven't heard from @curtisdf in a while. I've asked a colleague of mine with much more PHP experience to take a look. I'd also be happy to look at a pull request.

Thanks for the issue.

Member

rnapier commented Dec 6, 2015

My PHP background is weak, and I haven't heard from @curtisdf in a while. I've asked a colleague of mine with much more PHP experience to take a look. I'd also be happy to look at a pull request.

Thanks for the issue.

@curtisdf

This comment has been minimized.

Show comment
Hide comment
@curtisdf

curtisdf Dec 6, 2015

Contributor

Hi @rnapier. Sorry for being AWOL. I wasn't receiving any emails about RNCryptor so it was out of sight out of mind.

I have migrated the project to use hash_equals() along with the polyfill library. I also took the opportunity to fix up our TravisCI configs. Since PHP 5.4 is at EOL, I have moved the minimum supported PHP version to 5.5. I also added support for testing in PHP7.

We are now at version 3.1.0. Thanks @paragonie-scott for the feedback.

Contributor

curtisdf commented Dec 6, 2015

Hi @rnapier. Sorry for being AWOL. I wasn't receiving any emails about RNCryptor so it was out of sight out of mind.

I have migrated the project to use hash_equals() along with the polyfill library. I also took the opportunity to fix up our TravisCI configs. Since PHP 5.4 is at EOL, I have moved the minimum supported PHP version to 5.5. I also added support for testing in PHP7.

We are now at version 3.1.0. Thanks @paragonie-scott for the feedback.

@curtisdf curtisdf closed this Dec 6, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment