From 72a66c19c3761a3abed326266571052b4a8fd755 Mon Sep 17 00:00:00 2001
From: cjbj
Making a bad week worse, we had a bug in our bug system that toggled the - private flag of a bug report to public on a comment to the bug report - causing this issue to go public before we had time to test solutions to - the level we would like.
+To fix this update to PHP 5.3.12 or PHP 5.4.2.
-To fix this update to PHP 5.3.12 or PHP 5.4.2. We recognize that since - this is a rather outdated way to run PHP it may not be feasible to +
We recognize that since CGI is a rather outdated way to run PHP it may not be feasible to upgrade these sites to a modern version of PHP, so an alternative is to configure your web server to not let these types of requests with query strings starting with a "-" and not containing a "=" through. Adding a @@ -57,10 +53,17 @@
If you are writing your own rule, be sure to take the urlencoded ?%2ds version into account.
+Making a bad week worse, we had a bug in our bug system that toggled the + private flag of a bug report to public on a comment to the bug report + causing this issue to go public before we had time to test solutions to + the level we would like. Please report any issues via bugs.php.net.
+For source downloads of PHP 5.3.12 and PHP 5.4.2 please visit our downloads page, Windows binaries can be found on windows.php.net/download/. A ChangeLog exists.
+ +