3. Security Bulletin...
ImageMagick
● Remote Code Execution
● Mitigation recommendation:
○ Sandbox ImageMagick
■ If you find a good way to do this, it might make a good KCPUG talk!
○ Update your policy.xml file.
■ imagetragick.com
4. Upcoming Features via PHP RFC
Argon2i Password Hash
● Target: PHP 7.2
● tl;dr: Introduces Argon2i password
hashing algorithm, PASSWORD_ARGON2I ,
which has 3 cost factors, to password_*
functions
● Note: PASSWORD_DEFAULT will still be an
alias for PASSWORD_BCRYPT for now.
● See:
wiki.php.net/rfc/argon2_password_hash
5. CMSes: Drupal
Drupal 8.1.[9,10]
● Drupal 8: Security & Patch Releases - Upgrade!
○ Users without "Administer comments" can set comment visibility on nodes
they can edit: CVE-2016-7570
○ Cross-site Scripting in http exceptions: CVE-2016-7571
○ Full config export can be downloaded without administrative permissions: CVE-2016-7572
○ drupal.org/SA-CORE-2016-004
6. CMSes: WordPress
WordPress 4.6.1 - “Pepper”
● Security Release - Upgrade!
○ XSS via image filename
○ Path traversal vulnerability in image uploader
● wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-rele
ase
8. Frameworks - Laravel
Laravel 5.3.[6,7,8,9,10,11,(12,13,14,15)]
● Laravel 5.3
○ A lot of queue work
○ Final release of the month reverted the prior 3’s DaemonCommand updates
○ github.com/laravel/framework/blob/5.3/CHANGELOG-5.3.md
● Vue 2.0 Released
○ Laravel 5.3 uses Vue on the front-end
○ medium.com/the-vue-point/vue-2-0-is-here-ef1f26acf4b8
10. Frameworks - Zend
ZF 1.12.20
● Security patch - Upgrade!
○ framework.zend.com/blog/2016-09-08-ZF-1.12.20-Released.html
● ZF1 End Of Life was 28 September
○ framework.zend.com/blog/2016-06-28-zf1-eol.html
11. PHP: The Right Way
● Code Style Guide
○ Under FIG heading, changed wording and
added Laravel as a project
● Current Stable Version
○ Added EOL to PHP 5.6
● Mac Setup
○ Updated currently installed version of PHP
with Sierra
● Namespaces
○ Simplified wording
● Date and Time
○ Added info about Carbon
● Note: Every open-source project can use
your help with documentation. What are
you waiting for?
12. Hactoberfest 2016
Submit Pull Requests to Open Source Projects this month
● Help out the dev community!
● Submit 4 PRs and earn a t-shirt
● Must sign up first
● Cosponsored by Digital Ocean and Github
● Hacktoberfest.digitalocean.com
○ Check your status via 3rd-party: hacktoberfestchecker.herokuapp.com
13. PHP Conferences
Bulgaria PHP 2016
● Oct 7-9 - Sofia, Bulgaria
● bgphp.org
True North PHP
● Nov 3-5 - Toronto, Canada
● truenorthphp.ca
PHP[WORLD] 2016
● Nov 14-18 - Washington, D.C.
● 10% KCPUG Discount: REDACTED
● world.phparch.com/
ZendCon
● Nov 18-21 - Las Vegas, NV
● zendcon.com
14. PHP Conferences - Continued
SunshinePHP 2017
● Feb 2-4 - Miami, FL
● 2017.sunshinephp.com
PHP UK 2017
● Feb 16-17 - London, UK
● phpconference.co.uk
● Call For Papers due Oct 17
○ phpconference.co.uk/speakers
Confoo.CA 2017
● Mar 8-10 - Montreal, CAN
● confoo.ca/en/yul2017
Lonestar PHP 2017
● Apr 20-22 - Dallas, TX
● lonestarphp.com
15. Nomad PHP (Online) - October 13
Nomad PHP EU - 01:00 PM CDT
“New” is Not Your Enemy!
● Stephan Hochdörfer (@shochdoerfer)
● nomadphp.com/new-not-enemy
Nomad PHP US - 08:00 PM CDT
How the 3rd Normal Form Destroyed a
Family
● Chuck Reeves (@manchuck)
● nomadphp.com/3rd-normal-form-destroye
d-family
16. Next Month in KCPHPUG
● Eric Poe: “Iterating Strings -- Iterating Things”