The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP 4.4.3 Released

Discussion in 'General Discussion' started by Bulent Tekcan, Aug 4, 2006.

  1. Bulent Tekcan

    Bulent Tekcan Well-Known Member

    Joined:
    May 11, 2004
    Messages:
    178
    Likes Received:
    0
    Trophy Points:
    16
    PHP 4.4.3 Released

    [03-Aug-2006] The PHP development team is proud to announce the release of PHP 4.4.3. This release combines small number of bug fixes and resolves a number of security issues. Some of the key changes of PHP 4.4.3 include:

    Disallow certain characters in session names.
    Fixed a buffer overflow inside the wordwrap() function.
    Prevent jumps to parent directory via the 2nd parameter of the tempnam() function.
    Improved safe_mode check for the error_log() function.
    Fixed cross-site scripting inside the phpinfo() function.
    Fixed offset/length parameter validation inside the substr_compare() function.
    Upgraded bundled PCRE library to version 6.6
    Over 20 various bug fixes.
    Further details about this release can be found in the release announcement and the full list of changes is available in the PHP 4 ChangeLog.
     
  2. bornonline

    bornonline Well-Known Member

    Joined:
    Nov 19, 2004
    Messages:
    139
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
  3. aww

    aww Well-Known Member

    Joined:
    Feb 10, 2005
    Messages:
    152
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I take it that "easy apache" is how cpanel auto-updates on a server?
    My host always responds that cpanel will update itself as soon as "so and so" is available when I ask about a security upgrade to "so and so"

    Currently waiting for apache 1.3.37 and now php 4.4.3

    Is there somewhere I can view what the latest auto-updates are available for cpanel to make sure my host is not slacking (or the auto-update failed) ? (I realize I won't be able to download, just want to see the most recent numbers)

    If my server auto-updates why is it still running php 4.4.1 ? Is that all cpanel is up to and not 4.4.2?

    Here's what's on there now:
    Apache 1.3.36
    PHP 4.4.1
    mysql API 4.1.19

    Thanks for any ideas/help/etc.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The cPanel update does not auto-update apache or PHP, you have to do that yourself by initiating a rebuild through easyapache. Apache v1.3.37 has been available for some days now. PHP v4.4.3 isn't available at time of writing. You can only see what is available through WHM.
     
  5. lorio

    lorio Well-Known Member

    Joined:
    Feb 25, 2004
    Messages:
    243
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
  6. reggie

    reggie Member

    Joined:
    Apr 10, 2002
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    PHP 4.4.3 Released ?

    I just did a cpanel update, but I still do not get an option to build apache with php.4.4.3 the latest version of php 4 still shows 4.4.2 .
    So when will this update get out into the field?

    Regards, Reg.
     
  7. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    Just note that some hosts don't jump at the very first minute the update is available. That might not be 'slacking'. They could be 'cautious' of bugs, and they might wait a couple days/weeks to see what happens with the guinea pigs.

    Of course, security patches should be installed as quick as possible. But sequential upgrades might require some review to ensure they won't break important scripts. Note how many servers don't have Apache 2.0 or mySQL 5.

    Patient Vigilance is required.
     
  8. lorio

    lorio Well-Known Member

    Joined:
    Feb 25, 2004
    Messages:
    243
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    The branches concept of Cpanel is just made for that. To balance between security and stability . But as long as you compare an update from PHP 4.4.2 to 4.4.3 with an upgrade to MySQL5 and Apache2 we won't find a common sense.
     
  9. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    sorry about that. wasn't comparing 4.4.3 to 5.0.
    And, writing it quickly, mixed up PHP with mySQL and my thumb with my butt, and my foot with my mouth.

    Instead was addressing not upgrading right away just because "the number is higher".

    Your "balance between security and stability" was exactly the words I was looking for.
     
    #9 SageBrian, Aug 7, 2006
    Last edited: Aug 7, 2006
  10. aww

    aww Well-Known Member

    Joined:
    Feb 10, 2005
    Messages:
    152
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    The security issues are fairly serious, so a minor update like this should not be postponed. Not upgrading could cause FAR more work (and loss) than not doing the patch. I would bet there are bots out there now just trolling for unpatched servers and there are thousands of cpanel servers just waiting.

    (and yes, comparing this kind of update to apache2 and mysql5 is silly)

    My host gave the excuse that they run the "release branch" so updates may take longer to be available? I would hope these updates are flagged "release" and not beta, etc.
     
  11. pjman

    pjman Well-Known Member

    Joined:
    Mar 22, 2003
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New York
  12. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Maybe I'm wrong, but didn't some vulnerabilities in PHP 4.4.2 come out back in April or May? Granted, the new undisclosed vulnerabilities may be more serious, but if 4.4.2 was vulnerable back in April or May and you are still running 4.4.2, then you have been vulnerable since then. And I may be wrong completely in that regard, I thought there were some vulnerabilities back in the spring regarding the PHP4 tree.

    Of course, this isn't really a knock against CPanel, its more of a knock against the PHP developers. If vulnerabilities were found in April or May and they are just now releasing a new version.
     
  13. pjman

    pjman Well-Known Member

    Joined:
    Mar 22, 2003
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New York
    Right on- sparek-3

    I did read about those weaknesses that were found and fixed and PHP 5, present in PHP 4, but never fixed until now.

    Pretty bad job by the PHP Devs.
     
  14. aww

    aww Well-Known Member

    Joined:
    Feb 10, 2005
    Messages:
    152
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    This kinda brings me back full circle to an original question I had.

    Since I am not a host (just a reseller) is there somewhere where I can at least read what the most currently versions are in the "release" for cpanel updates? I don't expect to be able to download them but I would like to stay on top of it since my host doesn't seem to care. Is there a (semi)public status page of some kind?

    Thanks for any advice.
     
  15. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    No, there isn't - there's the changelog and that's it. You need access to WHM and the root functions to delve deeper into cPanel.
     
  16. arhs

    arhs Well-Known Member

    Joined:
    Jul 4, 2003
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    16
    PHP 4.4.3 is now available in easyapache.
     
  17. dropby23

    dropby23 Well-Known Member

    Joined:
    Jan 16, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    there is no zend optimiser version anyone having problerms with zend or 3.0.1 is working fine with php 4.4.3
     
  18. fleksi

    fleksi Well-Known Member

    Joined:
    Sep 17, 2003
    Messages:
    125
    Likes Received:
    0
    Trophy Points:
    16
    php4.4.3 works fine with zendopt 3.0.1
    Code:
    #php -v
    PHP 4.4.3 (cli) (built: Aug  8 2006 08:54:07)
    Copyright (c) 1997-2006 The PHP Group
    Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
        with Zend Extension Manager v1.0.10, Copyright (c) 2003-2006, by Zend Technologies
        with Zend Optimizer v3.0.1, Copyright (c) 1998-2006, by Zend Technologies
    
     
  19. ffeingol

    ffeingol Well-Known Member
    PartnerNOC

    Joined:
    Nov 9, 2001
    Messages:
    215
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    DataCenter Provider
    My guess is dropby23 is asking becuase a bunch of us got burnt with the 3.0.0 Zend. It installed and ran fine initially, then crashed and brought down Apache during the 4:00 am cron jobs. Not a plesant thing.

    Anyone know if their is eAccelerator support for 4.4.3 yet?

    Frank
     
  20. rikgarner

    rikgarner Well-Known Member

    Joined:
    Mar 31, 2006
    Messages:
    75
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    /dev/null
    Another good reason not to jump straight in - dependancies.

    We run a "development" server, which is running the Current tree, and our other servers run the Stable tree. Any updates like this always get pushed onto the devel box way before they are run across to the production systems.

    Rich
     
Loading...

Share This Page