Status
Not open for further replies.

DReade83

Well-Known Member
Oct 20, 2006
196
0
166
Cheshire, UK
Are there any updates on this? Just it's been nearly a week but despite there being security fixes, nothing has been added to EA3 yet.
 

BrianDHall

Registered
Jun 24, 2009
1
0
51
PCI Compliance issue

Hi, I registered on the forums just to add my request to this as well. The lack of update to PHP 5.2.10 is a PCI Compliance violation according to the Approved Scanning Vendor, so anyone who needs to be PCI compliant will either need to manually build apache with the new PHP (which I would really like to avoid) or try to convince their processors/ASV that 'no, really, its not a big deal...it'll be patched within 30 days, surely...'.

So much appreciation if this can be patched, even in the Edge version would at least provide an option other than DIY Apache.

Thanks so much!

-Brian
Web Developer and System Administrator
 

tristanperry

Member
Nov 20, 2008
11
0
51
Yes, any update on this?

A full week without applying a security fix that also is necessary for PCI compliance seems pretty long?
 

tristanperry

Member
Nov 20, 2008
11
0
51
Any updates?
I contacted cPanel customer service about this yesterday.

They said that they have to test this a lot due to the various combinations etc, *however* there's a good possibility that PHP 5.2.10 will be released onto the test EasyApache branch within the next 24-48 hours (they said maybe sometime today, 25th June, although obviously with development numerous errors could delay that).

So later today I'll run the EDGE build and try out the test EasyApache branch ("To use the test branch, on the first screen of EasyApache in WHM click on the small "Help" link at the top of the page. Then check the option "Use test branch" and click the submit button at the bottom of the screen.")
 

DReade83

Well-Known Member
Oct 20, 2006
196
0
166
Cheshire, UK
Shouldn't cPanel be telling their customers this themselves? I'm a bit surprised that a week after the release and it's still not available to us yet. Why?

There are security fixes in this update - I hope they're setting aside their project work and working solely on getting PHP upgraded - because it feels like to me that's just not happening!
 

tristanperry

Member
Nov 20, 2008
11
0
51
I'm just resigned to waiting this out at the moment.

Annoyingly, I needed to become PCI compliant (well, get the scan certificate) yesterday. But all the scans now auto-fail you for running PHP 5.2.10. Doh!

I'm just hoping that they get it on the test branch today :)
 

Specks

Well-Known Member
Jul 3, 2004
68
0
156
Don't you mean that you're failed for not running 5.2.10? I'm getting failed for not running 5.2.10 and I needed to make the upgrade yesterday. My client is coming down on me to get this fixed.
 

tristanperry

Member
Nov 20, 2008
11
0
51
Don't you mean that you're failed for not running 5.2.10? I'm getting failed for not running 5.2.10 and I needed to make the upgrade yesterday. My client is coming down on me to get this fixed.
Doh sorry, yes I meant to add a "not" in there :) ("For not running"..)
 

Infopro

Well-Known Member
May 20, 2003
17,090
518
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Shouldn't cPanel be telling their customers this themselves? I'm a bit surprised that a week after the release and it's still not available to us yet. Why?

There are security fixes in this update - I hope they're setting aside their project work and working solely on getting PHP upgraded - because it feels like to me that's just not happening!
Only one security fix mentioned that I noticed.

■Security Fixes
■Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)

PHP: PHP 5 ChangeLog


Update: Bug 9321 - PHP 5.2.10 Released

However I'm a little confused regarding Kenneth's quick fix. Disabling Exif support isn't a workaround - what if the application you're running requires it? Surely that would break it??
Like a gallery? What harm will it cause to disable exif to get past PCI compliance?
 

Spiral

BANNED
Jun 24, 2005
2,018
8
193
Oh good grief, we already upgraded all of our servers to 5.2.10 more than a week ago when the new PHP version was originally announced! :eek:

(And this thread would be precisely the reason, that we manually compile PHP!)

Incidentally, 5.2.10 is a minor update and seamlessly drop in replaceable
to 5.2.9 without any troubles whatsoever and we even have SuHosin
patch and module for 5.2.10 loaded in the new PHP already.

For those who haven't compile PHP before, it's pretty straightforward ...

1. wget the source (find link on php.net download site)

2. unpack the archive you downloaded (tar zxvf php-5.2.10.tgz, etc)

3. Run ./configure in your PHP source with whatever options you find
in your current phpinfo() screen and whatever additional options
you may want to append to that (See ./configure --help for a list).

4. Run "make" to compile and then "make test" to test your build.

5. Run "make install" to install

That is pretty much the extent of it in a nutshell.
 

DjiXas

Well-Known Member
Feb 10, 2007
294
0
166
For those who want to check if new version was already pushed:

Code:
/scripts/easyapache --latest-versions
 
Status
Not open for further replies.