LinkBack URL
About LinkBacksHi,
When can we expect it on easyapache?
Php 5.2.7
Hi,
When can we expect it on easyapache?
I voted for itOriginally Posted by Lazek
There are a number of very important security fixes in PHP 5.2.7, so hopefully we'll see it soon.
If I'm right, it will be ready tomorrow or one day after.
I think it just was set to "in progress" status
With the following on the 5.2.7 release page at php.net...
... I am a little confused as to the rush.Code:Due to unfortunate regressions installing 5.2.7 is highly discouraged
Yes, it might introduce several security fixes, but it also introduces a known regression problem that needs a specific entry into the php.ini file.
Now, for those who run suphp / suEXEC and happen to have php.ini files in user directories for any reason then "rushing" into this release and finding all the php.ini files on a system and adding the recommended config to the file is a fair bit f work - especially when it comes to the next upgrade and then going and subsequently stripping out the php.ini "fix" for this known problem.
Do it once, do it right or do it wrong and do it often.....
The bug in 5.2.7 can be worked around with a setting in php.ini apparently.
Beside: There is absolutely nothing wrong with having security fixes pushed out as fast as possible, even if it in this case was a new bug presented with the release.
Sometimes it can be wise to wait with updates if they are not security related. The latest MySQL release is such a case.
It looks like PHP 5.2.7, while patching a number of critical security holes, is itself broken in a potentially big way.
http://www.suspekt.org/2008/12/07/ph...es_gpc-broken/
According to that source:
So it looks like we won't have long to wait for PHP 5.2.8, at least.The fix for this was already commited to the PHP CVS and PHP 5.2.8 will be released next week.
Irony. They've released like 6 or 5 release candidates and delayed it to make sure there are no bugs left...
From http://php.net
Susan,PHP 5.2.7 has been removed from distribution
[07-Dec-2008] Due to a security bug found in the PHP 5.2.7 release, it has been removed from distribution. The bug affects configurations where magic_quotes_gpc is enabled, because it remains off even when set to on. In the meantime, use PHP 5.2.6 until PHP 5.2.8 is later released.
Whplus - Web Hosting Murah
http://www.whplus.com
PHP 5.2.8 Released
PHP 5.2.8 Released!
[08-Dec-2008]
The PHP development team would like to announce the immediate availability of PHP 5.2.8. This release addresses a regression introduced by 5.2.7 inregard to the magic_quotes functionality, that was broken by an incorrect fix to the filter extension. All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively you can apply a work-around for the bug by changing "filter.default_flags=0" in php.ini.
Bug: 8277
http://bugzilla.cpanel.net/show_bug.cgi?id=8277
Last edited by Ivan A; 12-08-2008 at 04:43 PM.
Security Metrics is already screaming about php 5.2.8
Solution: Upgrade to PHP version 5.2.8 or later. Note that 5.2.7 was been removed from distribution because of a regression in that version that results in the 'magic_quotes_gpc' setting remaining off even if it was set to on.
By that you mean screaming how bad it is or how urgent you require to run php upgrade?
EasyApache now has 5.2.8 by the way
Reply With Quote