last month in php - september 2016
TRANSCRIPT
Last Month in PHPSeptember 2016
Kansas City PHP User Group
PHP Patch ReleasesPHP 7.0.11 - Upgrade!
● Security fixes● php.net/ChangeLog-7.php#7.0.1
1
PHP 5.6.26 - Upgrade!
● Security fixes● php.net/ChangeLog-5.php#5.6.2
6
Security Bulletin...ImageMagick
● Remote Code Execution● Mitigation recommendation:
○ Sandbox ImageMagick■ If you find a good way to do this, it might make a good KCPUG talk!
○ Update your policy.xml file.■ imagetragick.com
Upcoming Features via PHP RFCArgon2i Password Hash
● Target: PHP 7.2● tl;dr: Introduces Argon2i password
hashing algorithm, PASSWORD_ARGON2I , which has 3 cost factors, to password_* functions
● Note: PASSWORD_DEFAULT will still be an alias for PASSWORD_BCRYPT for now.
● See: wiki.php.net/rfc/argon2_password_hash
CMSes: DrupalDrupal 8.1.[9,10]
● Drupal 8: Security & Patch Releases - Upgrade!○ Users without "Administer comments" can set comment visibility on nodes
they can edit: CVE-2016-7570○ Cross-site Scripting in http exceptions: CVE-2016-7571○ Full config export can be downloaded without administrative permissions: CVE-2016-7572○ drupal.org/SA-CORE-2016-004
CMSes: WordPressWordPress 4.6.1 - “Pepper”
● Security Release - Upgrade!○ XSS via image filename○ Path traversal vulnerability in image uploader
● wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release
Frameworks - CakePHPCakePHP 3.3.[4,5], 2.9.0, & 2.8.[7,9]
● 3.3.x - bugfixes○ bakery.cakephp.org/2016/09/24/cakephp_334_released.html○ bakery.cakephp.org/2016/09/29/cakephp_335_released.html
● 2.9.0 - Feature release○ Backwards-compatible feature release with 2.8.x○ bakery.cakephp.org/2016/09/18/cakephp_290_289_released.html
● 2.8.x - bugfixes:○ The last bugfix release of 2.8○ bakery.cakephp.org/2016/09/09/cakephp_287_released.html○ bakery.cakephp.org/2016/09/18/cakephp_290_289_released.html
Frameworks - LaravelLaravel 5.3.[6,7,8,9,10,11,(12,13,14,15)]
● Laravel 5.3○ A lot of queue work○ Final release of the month reverted the prior 3’s DaemonCommand updates○ github.com/laravel/framework/blob/5.3/CHANGELOG-5.3.md
● Vue 2.0 Released○ Laravel 5.3 uses Vue on the front-end○ medium.com/the-vue-point/vue-2-0-is-here-ef1f26acf4b8
Frameworks - SymfonySymfony 3.1.4, 2.8.[10,11], 2.7.[17, 18]
● Maintenance Releases○ symfony.com/blog/symfony-2-7-17-released○ symfony.com/blog/symfony-2-7-18-released○ symfony.com/blog/symfony-2-8-10-released○ symfony.com/blog/symfony-2-8-11-released○ symfony.com/blog/symfony-3-1-4-released
● SymfonyLive Chicago - Moved to php[world] :)○ world.phparch.com/symfonylive-at-phpworld
Frameworks - ZendZF 1.12.20
● Security patch - Upgrade!○ framework.zend.com/blog/2016-09-08-ZF-1.12.20-Released.html
● ZF1 End Of Life was 28 September○ framework.zend.com/blog/2016-06-28-zf1-eol.html
PHP: The Right Way● Code Style Guide
○ Under FIG heading, changed wording and added Laravel as a project
● Current Stable Version○ Added EOL to PHP 5.6
● Mac Setup○ Updated currently installed version of PHP
with Sierra● Namespaces
○ Simplified wording● Date and Time
○ Added info about Carbon
● Note: Every open-source project can use your help with documentation. What are you waiting for?
Hactoberfest 2016Submit Pull Requests to Open Source Projects this month
● Help out the dev community!● Submit 4 PRs and earn a t-shirt● Must sign up first● Cosponsored by Digital Ocean and Github● Hacktoberfest.digitalocean.com
○ Check your status via 3rd-party: hacktoberfestchecker.herokuapp.com
PHP ConferencesBulgaria PHP 2016
● Oct 7-9 - Sofia, Bulgaria● bgphp.org
True North PHP
● Nov 3-5 - Toronto, Canada● truenorthphp.ca
PHP[WORLD] 2016
● Nov 14-18 - Washington, D.C.● 10% KCPUG Discount: REDACTED● world.phparch.com/
ZendCon
● Nov 18-21 - Las Vegas, NV● zendcon.com
PHP Conferences - ContinuedSunshinePHP 2017
● Feb 2-4 - Miami, FL● 2017.sunshinephp.com
PHP UK 2017
● Feb 16-17 - London, UK● phpconference.co.uk● Call For Papers due Oct 17
○ phpconference.co.uk/speakers
Confoo.CA 2017
● Mar 8-10 - Montreal, CAN● confoo.ca/en/yul2017
Lonestar PHP 2017
● Apr 20-22 - Dallas, TX● lonestarphp.com
Nomad PHP (Online) - October 13Nomad PHP EU - 01:00 PM CDT
“New” is Not Your Enemy!
● Stephan Hochdörfer (@shochdoerfer)● nomadphp.com/new-not-enemy
Nomad PHP US - 08:00 PM CDT
How the 3rd Normal Form Destroyed a Family
● Chuck Reeves (@manchuck)● nomadphp.com/3rd-normal-form-destroye
d-family
Next Month in KCPHPUG● Eric Poe: “Iterating Strings -- Iterating Things”