starred/monolog
1
0
Fork 0
mirror of https://github.com/Seldaek/monolog.git synced 2026-04-26 08:05:53 +03:00
Code Issues 31 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #2017] Malware scanner flagging shell_exec calls #864

New issue
Closed
opened 2026-03-04 03:01:42 +03:00 by kerem · 2 comments
kerem commented 2026-03-04 03:01:42 +03:00
Owner
Copy link

Originally created by @mark-c-woodard on GitHub (Jan 9, 2026).
Original GitHub issue: https://github.com/Seldaek/monolog/issues/2017

Monolog version 2.11.0

Hello,
I saw that you added some shell_exec commands as part of the 2.11.0 release, this commit specifically github.com/Seldaek/monolog@e01926b069

I didn't see the commit related to any particular issue so I wanted to ask if those calls were necessary and potentially ask if you could replace them.
I got a bug report from one of my users saying that the calls are being flagged by a malware scanner.

https://wordpress.org/support/topic/version-3-5-30-has-calls-to-shell_exec/

Thank you,
Mark

Originally created by @mark-c-woodard on GitHub (Jan 9, 2026). Original GitHub issue: https://github.com/Seldaek/monolog/issues/2017 Monolog version 2.11.0 Hello, I saw that you added some shell_exec commands as part of the 2.11.0 release, this commit specifically https://github.com/Seldaek/monolog/commit/e01926b069b331b13708b1c1b3669d871ea93e6b I didn't see the commit related to any particular issue so I wanted to ask if those calls were necessary and potentially ask if you could replace them. I got a bug report from one of my users saying that the calls are being flagged by a malware scanner. https://wordpress.org/support/topic/version-3-5-30-has-calls-to-shell_exec/ Thank you, Mark
kerem 2026-03-04 03:01:42 +03:00
  • closed this issue
  • added the
    Bug
         label
kerem commented 2026-03-04 03:01:44 +03:00
Author
Owner
Copy link

@stof commented on GitHub (Jan 9, 2026):

The backtick notation in PHP was already doing shell exec (with a notation that is now deprecated in PHP).

If the malware scanner tools rejects one of them but not the other one, it is a bad tool anyway.

<!-- gh-comment-id:3730404797 --> @stof commented on GitHub (Jan 9, 2026): The backtick notation in PHP was **already** doing shell exec (with a notation that is now deprecated in PHP). If the malware scanner tools rejects one of them but not the other one, it is a bad tool anyway.
kerem commented 2026-03-04 03:01:44 +03:00
Author
Owner
Copy link

@mark-c-woodard commented on GitHub (Jan 9, 2026):

aha, thanks for the explanation. I should have realized that myself.

<!-- gh-comment-id:3730441513 --> @mark-c-woodard commented on GitHub (Jan 9, 2026): aha, thanks for the explanation. I should have realized that myself.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
esfix
2.x
1.x
3.10.0
2.11.0
3.9.0
3.8.1
3.8.0
2.10.0
3.7.0
3.6.0
2.9.3
3.5.0
2.9.2
3.4.0
3.3.1
2.9.1
3.3.0
2.9.0
3.2.0
2.8.0
3.1.0
2.7.0
1.27.1
3.0.0
2.6.0
3.0.0-RC1
2.5.0
2.4.0
1.27.0
2.3.5
2.3.4
2.3.3
2.3.2
2.3.1
2.3.0
1.26.1
2.2.0
1.26.0
2.1.1
1.25.5
2.1.0
1.25.4
2.0.2
1.25.3
2.0.1
1.25.2
1.25.1
1.25.0
2.0.0
2.0.0-beta2
2.0.0-beta1
1.24.0
1.23.0
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.2
1.18.1
1.18.0
1.17.2
1.17.1
1.17.0
1.16.0
1.15.0
1.14.0
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.0
1.5.0
1.4.1
1.4.0
1.3.1
1.3.0
1.2.1
1.2.0
1.1.0
1.0.2
1.0.1
1.0.0
1.0.0-RC1
Labels
Clear labels   
Bug

   
Documentation

   
Feature

   
Needs Work

   
Support

   
pull-request

Mirrored from GitHub Pull Request

No labels
Bug
Documentation
Feature
Needs Work
Support
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/monolog#864
No description provided.