Description: ------------ I sent initial report Jan 11, 2017, was informed to open a bug so users are aware, as nobody is avail to "fix" or maintain this package. Security issue: pecl download <http://file> 1) PECL will follow redirects and download arbitrary files with completely different names of the initially requested target file (when files are sent in response from an attacker controlled position). 2) PECL does not rename the file to the originally requested (safe) filename. 3) Whatever file is downloaded will overwrite whats on users system, so attacker can overwrite files like ".htaccess" if request is from webroot etc.. 4) PECL doesn't delete these invalid files on downloads. Regards, hyp3rlinx