Last Month in PHPSeptember 2016

Kansas City PHP User Group

PHP Patch ReleasesPHP 7.0.11 - Upgrade!

● Security fixes● php.net/ChangeLog-7.php#7.0.1

1

PHP 5.6.26 - Upgrade!

● Security fixes● php.net/ChangeLog-5.php#5.6.2

6

Security Bulletin...ImageMagick

● Remote Code Execution● Mitigation recommendation:

○ Sandbox ImageMagick■ If you find a good way to do this, it might make a good KCPUG talk!

○ Update your policy.xml file.■ imagetragick.com

Upcoming Features via PHP RFCArgon2i Password Hash

● Target: PHP 7.2● tl;dr: Introduces Argon2i password

hashing algorithm, PASSWORD_ARGON2I , which has 3 cost factors, to password_* functions

● Note: PASSWORD_DEFAULT will still be an alias for PASSWORD_BCRYPT for now.

● See: wiki.php.net/rfc/argon2_password_hash

CMSes: DrupalDrupal 8.1.[9,10]

● Drupal 8: Security & Patch Releases - Upgrade!○ Users without "Administer comments" can set comment visibility on nodes

they can edit: CVE-2016-7570○ Cross-site Scripting in http exceptions: CVE-2016-7571○ Full config export can be downloaded without administrative permissions: CVE-2016-7572○ drupal.org/SA-CORE-2016-004

CMSes: WordPressWordPress 4.6.1 - “Pepper”

● Security Release - Upgrade!○ XSS via image filename○ Path traversal vulnerability in image uploader

● wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release

Frameworks - CakePHPCakePHP 3.3.[4,5], 2.9.0, & 2.8.[7,9]

● 3.3.x - bugfixes○ bakery.cakephp.org/2016/09/24/cakephp_334_released.html○ bakery.cakephp.org/2016/09/29/cakephp_335_released.html

● 2.9.0 - Feature release○ Backwards-compatible feature release with 2.8.x○ bakery.cakephp.org/2016/09/18/cakephp_290_289_released.html

● 2.8.x - bugfixes:○ The last bugfix release of 2.8○ bakery.cakephp.org/2016/09/09/cakephp_287_released.html○ bakery.cakephp.org/2016/09/18/cakephp_290_289_released.html

Frameworks - LaravelLaravel 5.3.[6,7,8,9,10,11,(12,13,14,15)]

● Laravel 5.3○ A lot of queue work○ Final release of the month reverted the prior 3’s DaemonCommand updates○ github.com/laravel/framework/blob/5.3/CHANGELOG-5.3.md

● Vue 2.0 Released○ Laravel 5.3 uses Vue on the front-end○ medium.com/the-vue-point/vue-2-0-is-here-ef1f26acf4b8

Frameworks - SymfonySymfony 3.1.4, 2.8.[10,11], 2.7.[17, 18]

● Maintenance Releases○ symfony.com/blog/symfony-2-7-17-released○ symfony.com/blog/symfony-2-7-18-released○ symfony.com/blog/symfony-2-8-10-released○ symfony.com/blog/symfony-2-8-11-released○ symfony.com/blog/symfony-3-1-4-released

● SymfonyLive Chicago - Moved to php[world] :)○ world.phparch.com/symfonylive-at-phpworld

Frameworks - ZendZF 1.12.20

● Security patch - Upgrade!○ framework.zend.com/blog/2016-09-08-ZF-1.12.20-Released.html

● ZF1 End Of Life was 28 September○ framework.zend.com/blog/2016-06-28-zf1-eol.html

PHP: The Right Way● Code Style Guide

○ Under FIG heading, changed wording and added Laravel as a project

● Current Stable Version○ Added EOL to PHP 5.6

● Mac Setup○ Updated currently installed version of PHP

with Sierra● Namespaces

○ Simplified wording● Date and Time

○ Added info about Carbon

● Note: Every open-source project can use your help with documentation. What are you waiting for?

Hactoberfest 2016Submit Pull Requests to Open Source Projects this month

● Help out the dev community!● Submit 4 PRs and earn a t-shirt● Must sign up first● Cosponsored by Digital Ocean and Github● Hacktoberfest.digitalocean.com

○ Check your status via 3rd-party: hacktoberfestchecker.herokuapp.com

PHP ConferencesBulgaria PHP 2016

● Oct 7-9 - Sofia, Bulgaria● bgphp.org

True North PHP

● Nov 3-5 - Toronto, Canada● truenorthphp.ca

PHP[WORLD] 2016

● Nov 14-18 - Washington, D.C.● 10% KCPUG Discount: REDACTED● world.phparch.com/

ZendCon

● Nov 18-21 - Las Vegas, NV● zendcon.com

PHP Conferences - ContinuedSunshinePHP 2017

● Feb 2-4 - Miami, FL● 2017.sunshinephp.com

PHP UK 2017

● Feb 16-17 - London, UK● phpconference.co.uk● Call For Papers due Oct 17

○ phpconference.co.uk/speakers

Confoo.CA 2017

● Mar 8-10 - Montreal, CAN● confoo.ca/en/yul2017

Lonestar PHP 2017

● Apr 20-22 - Dallas, TX● lonestarphp.com

Nomad PHP (Online) - October 13Nomad PHP EU - 01:00 PM CDT

“New” is Not Your Enemy!

● Stephan Hochdörfer (@shochdoerfer)● nomadphp.com/new-not-enemy

Nomad PHP US - 08:00 PM CDT

How the 3rd Normal Form Destroyed a Family

● Chuck Reeves (@manchuck)● nomadphp.com/3rd-normal-form-destroye

d-family

Next Month in KCPHPUG● Eric Poe: “Iterating Strings -- Iterating Things”