After upgrading php to version 5.6 with all related packages such as apache, I cannot log into my mail account anymore (I am running my own e-mail test server on a virtualbox)
I think I am honing in on the problem: I upgraded everything from mageia4 to mageia5 but not: roundcubemail php apache
and I do not have problem to login. After updating php (with all php related packages) and apache, I get the following error in journalctl httpd.service
Jan 14 17:59:41 vbox.btspuhler.com suhosin[4907]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable '_url' (attacker '127.0.0.1', file '/usr/share/roundcubemail/index.php') Jan 14 17:59:41 vbox.btspuhler.com suhosin[4907]: ALERT - dropped 1 request variables - (0 in GET, 1 in POST, 0 in COOKIE) (attacker '127.0.0.1', file '/usr/share/roundcubemail/index.php')
Has anybody else experienced this?
I'm running RC with PHP 5.6 on Windows using IIS and it performs great. So, there is no general compatibility issue.
Konrad
Am 15.01.2015 um 17:45 schrieb Thomas Spuhler:
After upgrading php to version 5.6 with all related packages such as apache, I cannot log into my mail account anymore (I am running my own e-mail test server on a virtualbox)
I think I am honing in on the problem: I upgraded everything from mageia4 to mageia5 but not: roundcubemail php apache
and I do not have problem to login. After updating php (with all php related packages) and apache, I get the following error in journalctl httpd.service
Jan 14 17:59:41 vbox.btspuhler.com suhosin[4907]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable '_url' (attacker '127.0.0.1', file '/usr/share/roundcubemail/index.php') Jan 14 17:59:41 vbox.btspuhler.com suhosin[4907]: ALERT - dropped 1 request variables - (0 in GET, 1 in POST, 0 in COOKIE) (attacker '127.0.0.1', file '/usr/share/roundcubemail/index.php')
Has anybody else experienced this?
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
On Thursday, January 15, 2015 08:25:33 PM Konrad wrote:
I'm running RC with PHP 5.6 on Windows using IIS and it performs great. So, there is no general compatibility issue.
Konrad
Am 15.01.2015 um 17:45 schrieb Thomas Spuhler:
After upgrading php to version 5.6 with all related packages such as apache, I cannot log into my mail account anymore (I am running my own e-mail test server on a virtualbox)
I think I am honing in on the problem: I upgraded everything from mageia4 to mageia5 but not: roundcubemail php apache
and I do not have problem to login. After updating php (with all php related packages) and apache, I get the following error in journalctl httpd.service
Jan 14 17:59:41 vbox.btspuhler.com suhosin[4907]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable '_url' (attacker '127.0.0.1', file '/usr/share/roundcubemail/index.php') Jan 14 17:59:41 vbox.btspuhler.com suhosin[4907]: ALERT - dropped 1 request variables - (0 in GET, 1 in POST, 0 in COOKIE) (attacker '127.0.0.1', file '/usr/share/roundcubemail/index.php')
Has anybody else experienced this?
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Is the php-5.6 on windows running with suhosin?
Hi Thomas
On 15.01.2015, at 21:08, Thomas Spuhler thomas.spuhler@btspuhler.com wrote:
On Thursday, January 15, 2015 08:25:33 PM Konrad wrote:
I'm running RC with PHP 5.6 on Windows using IIS and it performs great. So, there is no general compatibility issue.
Konrad
Am 15.01.2015 um 17:45 schrieb Thomas Spuhler:
After upgrading php to version 5.6 with all related packages such as apache, I cannot log into my mail account anymore (I am running my own e-mail test server on a virtualbox)
I think I am honing in on the problem: I upgraded everything from mageia4 to mageia5 but not: roundcubemail php apache
and I do not have problem to login. After updating php (with all php related packages) and apache, I get the following error in journalctl httpd.service
Jan 14 17:59:41 vbox.btspuhler.com suhosin[4907]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable '_url' (attacker '127.0.0.1', file '/usr/share/roundcubemail/index.php') Jan 14 17:59:41 vbox.btspuhler.com suhosin[4907]: ALERT - dropped 1 request variables - (0 in GET, 1 in POST, 0 in COOKIE) (attacker '127.0.0.1', file '/usr/share/roundcubemail/index.php')
Has anybody else experienced this?
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Is the php-5.6 on windows running with suhosin?
-- Best regards Thomas Spuhler
We're running Roundcube 1.0.4 on Debian Wheezy Apache 2.2.22, PHP 5.6.4, Suhosin v0.9.37.1 - without any issues! When we started with Roundcube (quite some years ago...) we had to disable suhosin.session.encrypt: suhosin.session.encrypt = Off This is probably still required in RC 1.0.x, but I'm unsure about it. We have never encountered any "ASCII-NUL chars not allowed" Suhosin ALERTs with Roundcube. Good luck!
No, we do not use suhosin...
Konrad
Am 15.01.2015 um 21:08 schrieb Thomas Spuhler:
On Thursday, January 15, 2015 08:25:33 PM Konrad wrote:
I'm running RC with PHP 5.6 on Windows using IIS and it performs great. So, there is no general compatibility issue.
Konrad
Am 15.01.2015 um 17:45 schrieb Thomas Spuhler:
After upgrading php to version 5.6 with all related packages such as apache, I cannot log into my mail account anymore (I am running my own e-mail test server on a virtualbox)
I think I am honing in on the problem: I upgraded everything from mageia4 to mageia5 but not: roundcubemail php apache
and I do not have problem to login. After updating php (with all php related packages) and apache, I get the following error in journalctl httpd.service
Jan 14 17:59:41 vbox.btspuhler.com suhosin[4907]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable '_url' (attacker '127.0.0.1', file '/usr/share/roundcubemail/index.php') Jan 14 17:59:41 vbox.btspuhler.com suhosin[4907]: ALERT - dropped 1 request variables - (0 in GET, 1 in POST, 0 in COOKIE) (attacker '127.0.0.1', file '/usr/share/roundcubemail/index.php')
Has anybody else experienced this?
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Is the php-5.6 on windows running with suhosin?
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
-
Konrad -
Philip Iezzi -
Thomas Spuhler