Menu
▾
▴
Re: [Astlinux-devel] Astlinux PHP version
|
From: Lonnie A. <li...@lo...> - 2022-04-12 13:56:35
|
Hi Michael, Is this vulnerability check based on a specific CVE or just the fact there are bigger version numbers of PHP available? Looking at Debian security PHP: https://security-tracker.debian.org/tracker/source-package/php7.4 There may be one CVE fix we could backport, though Debian opted to ignore it. Some of the CVEs effect modules we don't build like "soap", one only applies to 7.4+, one only to Windows. If there is a specific CVE of concern in PHP, please point it out. If this is just some high-level mandates, like PHP >= 7.4 good, PHP < 7.4 bad, then I have a hard time working with that. One issue with upgrading to PHP 7.4 is the internal libzip is no longer supported, and libzip dropped autoconf support with versions > 1.3.2 and switched to only cmake. Again, if there is a CVE of concern, please let me know. Lonnie > On Apr 12, 2022, at 12:59 AM, Michael Knill <mic...@ip...> wrote: > > Hi Devs > > One of our major wholesale providers has performed a vulnerability check on our Astlinux system and identified a few Medium and High vulnerabilities. > Pretty sure we have rectified all the Mediums but the High one is the PHP version now not supported. Unfortunately there will be significant repercussions if I cannot get this sorted. > > So basically I need to go to PHP 7.4 which will take us to November or go to 8.x which I understand will require some significant changes to the current PHP code. > Do I have any other option than to roll my own image? If not then I'm certainly going to need to outsource this task as we don't have the inhouse skills (or time). > > Thanks all. > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: mic...@ip... > W: ipcsolutions.com.au > > <image001.png> > Smarter Business Communications > > _______________________________________________ > Astlinux-devel mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-devel |
