View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002008 | Xdebug | Step Debugging | public | 2021-08-18 09:04 | 2021-10-04 09:32 |
| Reporter | derick | Assigned To | derick | ||
| Priority | urgent | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 3.1dev | ||||
| Target Version | 3.1dev | Fixed in Version | 3.1.0 | ||
| Summary | 0002008: Using the XDEBUG_SESSION cookie could bypass shared-secret checks | ||||
| Description | Xdebug 3.1 adds support for multi-value shared secrets. During the implementation of this, a check was inadvertently dropped to match the XDEBUG_SESSION cookie, as set through browser extensions to activate Xdebug's debugger, against this shared secret. This never made it into a release. | ||||
| Tags | No tags attached. | ||||
| Operating System | |||||
| PHP Version | 8.0.0-8.0.4 | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-08-18 09:04 | derick | New Issue | |
| 2021-08-18 09:48 | derick | Note Added: 0005984 | |
| 2021-08-18 12:23 | derick | Assigned To | => derick |
| 2021-08-18 12:23 | derick | Status | new => closed |
| 2021-08-18 12:23 | derick | Resolution | open => fixed |
| 2021-08-18 12:23 | derick | Fixed in Version | => 3.1dev |
| 2021-09-05 16:15 | derick | Fixed in Version | 3.1dev => 3.1.0beta1 |
| 2021-10-04 09:32 | derick | Fixed in Version | 3.1.0beta1 => 3.1.0 |
