PHP 5.3.1 Support

**tomdchi** · 11-23-2009 07:03 PM

Originally Posted by Spiral

PHP 5.3 makes major backwards incompatibility jumps and will break a lot of scripts until those scripts are re-written to be compatible with PHP 5.3 plus a number of other glitches and issues.

I very strongly do not recommend using PHP 5.3 at this time on production servers and I suspect Cpanel is holding back for the same reasons.

Presently, the newest and best PHP to go with is 5.2.11 and that is also already available to you via EasyApache.

If you have some psychotic self-abusive tendencies and really want to go with PHP 5.3 right now before script authors have had time to adapt or patches be released to fix the other problems, you can do so by manually compiling PHP which ironically is actually easier than using EasyApache as you are only compiling what you really need to update.

Your post assumes that all servers are hosting scripts that will break if 5.3.1 is used and that if CPanel allows the OPTION to compile 5.3.1 that everyone is going to just upgrade without making sure that it will not adversely affect their system. If a sysadmin does that and screws up then its their fault not cpanels. Our servers are not for public hosting and only host our code and this new verison of php would help us out a lot.

**webjawns.com** · 11-26-2009 11:44 AM

Originally Posted by tomdchi

Your post assumes that all servers are hosting scripts that will break if 5.3.1 is used and that if CPanel allows the OPTION to compile 5.3.1 that everyone is going to just upgrade without making sure that it will not adversely affect their system. If a sysadmin does that and screws up then its their fault not cpanels. Our servers are not for public hosting and only host our code and this new verison of php would help us out a lot.

Agreed. That's all it ever is... an option! I know I'm ready to upgrade, and to take advantage of the sweet features 5.3.1 has to offer.

**bz029** · 11-26-2009 07:02 PM

Really interested in PHP 5.3.1 via WHM upgrade.

**dohpaz42** · 11-28-2009 08:33 PM

I just wanted to add in my enthusiasm for having PHP 5.3.x support in cPanel/WHM. I understand, and respect, that there are scripts out there that will be broken. But, unless cPanel is one of these softwares (which it would really be nice to be told one way or the other if it is or isn't), then I personally do not see why 5.3.x cannot be added to the option list. Just because it is there doesn't mean people will automatically upgrade to it. And if cPanel really wants to cover their collective selves, then put a very strong message to users making them fully aware that upgrading is not recommended or supported since there are potential bc issues. But holding back a version because of third party software is not a good thing, especially when most people on this thread have already acknowledged that they are willing to accept the responsibility for their decision (myself included). Thank you, and either way, I can't wait for 5.3.x support!

**javamorg** · 11-29-2009 02:42 PM

You should get rid of "we have to test" stuff...

there is a really danger DoS exploit out there..
PHP "multipart/form-data" Denial of Service Exploit (Python)

Want 5.3.1 now...

**Datcrack** · 11-29-2009 03:13 PM

Just came to say the same. We need 5.3.1 right away. Or perhaps if there's a patch for 5.2.x it would be sufficient. But cPanel needs to act now.

**webjawns.com** · 11-29-2009 10:28 PM

Timeline??

**DomineauX** · 12-01-2009 11:36 AM

Any update yet on PHP 5.3.1 availability?

**yayyo** · 12-01-2009 05:53 PM

+1 for option to upgrade to PHP 5.3.1 - thanks.

Borken scripts have gotta be a better choice than "in the wild" DOS/exploit.

**javamorg** · 12-02-2009 04:53 PM

up !!!

**cPanelDon** · 12-02-2009 11:13 PM

Originally Posted by javamorg

You should get rid of "we have to test" stuff...

there is a really danger DoS exploit out there..
PHP "multipart/form-data" Denial of Service Exploit (Python)

Want 5.3.1 now...

Quality Assurance testing is an essential requirement. The issue described is expected to be addressed by the addition of a php.ini directive ("max_file_uploads") in the upcoming PHP version 5.2.12 upon its final release; related to the upcoming version, we have completed initial testing of PHP 5.2.12RC3 per internal case ID #35835.

Originally Posted by Datcrack

Just came to say the same. We need 5.3.1 right away. Or perhaps if there's a patch for 5.2.x it would be sufficient. But cPanel needs to act now.

Regarding patching the existing PHP version 5.2.11 this is being actively tracked in the following internal case ID: #35955

Originally Posted by yayyo

+1 for option to upgrade to PHP 5.3.1 - thanks.

Borken scripts have gotta be a better choice than "in the wild" DOS/exploit.

Please note that at any time you may apply preventative measures, such as one or both of the following steps:

1.) Disable file uploads via php.ini setting:

Code:

file_uploads = Off

2.) If needing to allow file uploads, then you could use Suhosin that is available in EasyApache and enable enforcement via php.ini setting:

Code:

suhosin.simulation = Off

Optionally, you may customize the Suhosin php.ini setting "suhosin.upload.max_uploads" that defaults to 25, which is similar to the PHP 5.3.1 default of 20 for "max_file_uploads":

Code:

suhosin.upload.max_uploads = 25

Related reference: CVE - CVE-2009-4017 (under review)

**DjiXas** · 12-03-2009 03:49 AM

Will PHP 5.3.1 be implemented within few weeks or it will take 1 year + just like MySQL 5.1?

**webjawns.com** · 12-03-2009 07:19 PM

I don't understand why we ONLY got a response about 5.2.12 and the max_file_uploads directive, and nothing related to 5.3.x... come on cPanel! It's obvious that there is a huge demand for this. Can we have a timeline?

**cPanelDon** · 12-03-2009 07:53 PM

Originally Posted by webjawns.com

I don't understand why we ONLY got a response about 5.2.12 and the max_file_uploads directive, and nothing related to 5.3.x... come on cPanel! It's obvious that there is a huge demand for this. Can we have a timeline?

The reply was in direct response to the specific security-related concern expressed by the quoted posts and why "5.3.1" is not the only solution as could have been inferred.

Please be aware there is no ETA available; however, we understand this is a heavily-desired enhancement to include support for PHP version series 5.3 and with that it is given appropriate priority. It is not an acceptable level of quality to release something before it is ready; we strive to ensure components such as this are fully supported when used with cPanel/WHM and due to the significant, major changes in PHP 5.3 this required extensive review and testing and where applicable development time, more so than a typical minor version update of PHP.

Your continued patience is very much appreciated, and with this please know we are working expeditiously to ensure the utmost quality of release and to ensure full support upon inclusion of PHP series 5.3 into the main branch of EasyApache.

**DjiXas** · 12-06-2009 10:38 AM

Can we expect it before Christmas begins?

LinkBack

Thread Tools

PHP 5.3.1 Support

Exploit...

Individual php.ini files for PHP FCGI and PHP CGI

Two php extentions (index.php.php)

No Zend support for php 5.2, and still with application/x-httpd-php errors aftr upgrd

New VPS site loading but clicking php link just redirect to index.php

php safe_mode on and /usr/lib/php/DB.php error