i find it boring. because it's very obvious whoever added php://filter was clearly just adding exploit paths (java flavored ones no less). there's zero valid use for that thing.
Yes. Just like the Log4j issue root cause. Too powerful and abstract features to wield securely.
Or maybe if we keep intent out of it; features were added in a time when we all worried less about security and internet implications.
I would like to say ‘in the security dark ages’ but we are probably still in that era. ;)
