Niki wrote: > Hi all, > > I'm using PHP 5.2.9 on a Windows dedicated server. Could you kindly > confirm me that I have to update to PHP 5.2.9-1 > (http://www.php.net/archive/2009.php#id2009-03-10-1) only if I have > "curl" extension enabled (extension=php_curl.dll in php.ini) ? Well nobody forces you to upgrade. But it would be wise. Now the bug in curl is still fresh in your mind. But if you forget and decide to enable it later. Big chance you vulnerable to some sort of attack. > > If I run a phpinfo() on my webserver, no "curl" section is shown (no > extension=php_curl.dll in php.ini). So, is my configuration (Windows > 2003 Server - PHP 5.2.9) safe? The bug only affects libcurl. So i guess when curl is disabled it's safe... > > Thank you. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php