PHP 7.4 to be Available

The giant number of features and improvements are included in the newest update
02 December 2019   306

After a year of development, the release of the PHP 7.4 programming language is presented. The new branch includes a series of new features, as well as several changes that violate compatibility.

Key improvements in PHP 7.4:

  • Typed Properties
  • Arrow Functions
  • Limited Return Type Covariance and Argument Type Contravariance
  • Unpacking Inside Arrays
  • Numeric Literal Separator
  • Weak References
  • Allow Exceptions from __toString()
  • Opcache Preloading
  • Several Deprecations
  • Extensions Removed from the Core

The functions get_magic_quotes_gpc (), get_magic_quotes_runtime (), hebrevc (), convert_cyr_string (), money_format (), ezmlm_hash (),restore_include_path (), ldap_control_paged_result_response__preport (), are declared obsolete.

A warning is provided about using an outdated feature when trying to process invalid characters in the base_convert (), bindec (), octdec (), and hexdec () functions, as well as when specifying a non-string pattern in mb_ereg_replace ().

Get more information at the official website.

WordPress Has Many Vulnerabilities, - RiskSense

According to the latest study on vulnerabilities in web frameworks and platforms, WordPress & Apache Struts have 57% of all vulnerabilities
19 March 2020   172

RiskSense published the results of an analysis of 1622 vulnerabilities in frameworks and platforms for the web, identified from 2010 to November 2019. Some conclusions:

  • WordPress and Apache Struts account for 57% of all vulnerabilities for which exploits are prepared for attacks. Next up are Drupal, Ruby on Rails and Laravel. The list of platforms with exploitable vulnerabilities also lists Node.js and Django, but they found one vulnerability with an exploit of 56 and 66 existing vulnerabilities. Of the most common vulnerabilities in WordPress, cross-site scripting is called, and in Apache Struts, problems with checking input data.
  • Projects in PHP and Java are leading in the number of vulnerabilities with existing exploits.
  • In 2019, the total number of vulnerabilities decreased, but the share of exploit vulnerabilities increased from 3.9% to 8.6%, mainly due to the increase in the number of exploits for Ruby on Rails, WordPress, and Java.
  • Cross-site scripting (XSS) is the most common vulnerability in a sample over 10 years. Vulnerabilities caused by incorrect verification of input data (24% of all vulnerabilities with exploits) are leading in the sample over 5 years, and XSS fell to 5th place.
  • Vulnerabilities that allow the substitution of SQL, code, and commands are relatively rare, but they are leading in terms of exploit availability - exploits were prepared for more than 50% of such vulnerabilities (60% for command substitution and 39% for code substitution).

Get more at the official press release.