- Status
Cpanel usually adds updates like this pretty fast, especially when there's security enhancements involved.
Are there any updates on this? Just it's been nearly a week but despite there being security fixes, nothing has been added to EA3 yet.
PCI Compliance issue
Hi, I registered on the forums just to add my request to this as well. The lack of update to PHP 5.2.10 is a PCI Compliance violation according to the Approved Scanning Vendor, so anyone who needs to be PCI compliant will either need to manually build apache with the new PHP (which I would really like to avoid) or try to convince their processors/ASV that 'no, really, its not a big deal...it'll be patched within 30 days, surely...'.
So much appreciation if this can be patched, even in the Edge version would at least provide an option other than DIY Apache.
Thanks so much!
-Brian
Web Developer and System Administrator
Hi, I registered on the forums just to add my request to this as well. The lack of update to PHP 5.2.10 is a PCI Compliance violation according to the Approved Scanning Vendor, so anyone who needs to be PCI compliant will either need to manually build apache with the new PHP (which I would really like to avoid) or try to convince their processors/ASV that 'no, really, its not a big deal...it'll be patched within 30 days, surely...'.
So much appreciation if this can be patched, even in the Edge version would at least provide an option other than DIY Apache.
Thanks so much!
-Brian
Web Developer and System Administrator
Yes, any update on this?
A full week without applying a security fix that also is necessary for PCI compliance seems pretty long?
A full week without applying a security fix that also is necessary for PCI compliance seems pretty long?
I contacted cPanel customer service about this yesterday.
They said that they have to test this a lot due to the various combinations etc, *however* there's a good possibility that PHP 5.2.10 will be released onto the test EasyApache branch within the next 24-48 hours (they said maybe sometime today, 25th June, although obviously with development numerous errors could delay that).
So later today I'll run the EDGE build and try out the test EasyApache branch ("To use the test branch, on the first screen of EasyApache in WHM click on the small "Help" link at the top of the page. Then check the option "Use test branch" and click the submit button at the bottom of the screen.")
Shouldn't cPanel be telling their customers this themselves? I'm a bit surprised that a week after the release and it's still not available to us yet. Why?
There are security fixes in this update - I hope they're setting aside their project work and working solely on getting PHP upgraded - because it feels like to me that's just not happening!
There are security fixes in this update - I hope they're setting aside their project work and working solely on getting PHP upgraded - because it feels like to me that's just not happening!
Update: Bug 9321 - PHP 5.2.10 Released
However I'm a little confused regarding Kenneth's quick fix. Disabling Exif support isn't a workaround - what if the application you're running requires it? Surely that would break it??
However I'm a little confused regarding Kenneth's quick fix. Disabling Exif support isn't a workaround - what if the application you're running requires it? Surely that would break it??
I'm just resigned to waiting this out at the moment.
Annoyingly, I needed to become PCI compliant (well, get the scan certificate) yesterday. But all the scans now auto-fail you for running PHP 5.2.10. Doh!
I'm just hoping that they get it on the test branch today
Annoyingly, I needed to become PCI compliant (well, get the scan certificate) yesterday. But all the scans now auto-fail you for running PHP 5.2.10. Doh!
I'm just hoping that they get it on the test branch today
Infopro
Well-Known Member
Only one security fix mentioned that I noticed.
■Security Fixes
■Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)
PHP: PHP 5 ChangeLog
Like a gallery? What harm will it cause to disable exif to get past PCI compliance?
Oh good grief, we already upgraded all of our servers to 5.2.10 more than a week ago when the new PHP version was originally announced!
(And this thread would be precisely the reason, that we manually compile PHP!)
Incidentally, 5.2.10 is a minor update and seamlessly drop in replaceable
to 5.2.9 without any troubles whatsoever and we even have SuHosin
patch and module for 5.2.10 loaded in the new PHP already.
For those who haven't compile PHP before, it's pretty straightforward ...
1. wget the source (find link on php.net download site)
2. unpack the archive you downloaded (tar zxvf php-5.2.10.tgz, etc)
3. Run ./configure in your PHP source with whatever options you find
in your current phpinfo() screen and whatever additional options
you may want to append to that (See ./configure --help for a list).
4. Run "make" to compile and then "make test" to test your build.
5. Run "make install" to install
That is pretty much the extent of it in a nutshell.
(And this thread would be precisely the reason, that we manually compile PHP!)
Incidentally, 5.2.10 is a minor update and seamlessly drop in replaceable
to 5.2.9 without any troubles whatsoever and we even have SuHosin
patch and module for 5.2.10 loaded in the new PHP already.
For those who haven't compile PHP before, it's pretty straightforward ...
1. wget the source (find link on php.net download site)
2. unpack the archive you downloaded (tar zxvf php-5.2.10.tgz, etc)
3. Run ./configure in your PHP source with whatever options you find
in your current phpinfo() screen and whatever additional options
you may want to append to that (See ./configure --help for a list).
4. Run "make" to compile and then "make test" to test your build.
5. Run "make install" to install
That is pretty much the extent of it in a nutshell.
- Status
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
|
Zend Guard for PHP 5.4 released | Web Servers and Applications | 15 | |
| D | PHP 5.2.11 Released | Web Servers and Applications | 21 | |
| D | PHP 5.3 Released! | Web Servers and Applications | 5 | |
| A | PHP 4.4.9 Released | Web Servers and Applications | 0 | |
|
PHP 4.4.8 Released, should I just wait? | Web Servers and Applications | 4 |