From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id D7F52138247 for ; Thu, 2 Jan 2014 17:02:48 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BCB37E0B51; Thu, 2 Jan 2014 17:02:42 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BCC8AE0AFA for ; Thu, 2 Jan 2014 17:02:41 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id BDD7633F620 for ; Thu, 2 Jan 2014 17:02:40 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: -1.285 X-Spam-Level: X-Spam-Status: No, score=-1.285 tagged_above=-999 required=5.5 tests=[AWL=-1.146, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.137, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no Received: from smtp.gentoo.org ([IPv6:::ffff:127.0.0.1]) by localhost (smtp.gentoo.org [IPv6:::ffff:127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dg1GWdYYhmGb for ; Thu, 2 Jan 2014 17:02:34 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id A05AE33F62C for ; Thu, 2 Jan 2014 17:02:33 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1Vylf9-0005Vz-AG for gentoo-user@gentoo.org; Thu, 02 Jan 2014 18:02:27 +0100 Received: from rrcs-71-40-157-251.se.biz.rr.com ([71.40.157.251]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 02 Jan 2014 18:02:27 +0100 Received: from wireless by rrcs-71-40-157-251.se.biz.rr.com with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 02 Jan 2014 18:02:27 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: James Subject: [gentoo-user] Re: PHP 5.3, 5.4 and 5.5 Date: Thu, 2 Jan 2014 17:02:03 +0000 (UTC) Message-ID: References: <52C55FAF.2060903@libertytrek.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: sea.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 71.40.157.251 (Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Firefox/17.0 SeaMonkey/2.14) X-Archives-Salt: d7172f60-81d3-44c3-b9cc-272663485888 X-Archives-Hash: 1f196a3ff694e10eec9b1ab860eca841 Tanstaafl libertytrek.org> writes: > I have a VM running in the cloud that has an old web/php app (10+ years > old, believe it or not), that still runs fine on apache 2.2.25, but I > pinned php to 5.3 some time ago. googling for "vulnerabilities in php 5.3" yeilded many interesting links. Here is one: http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-97802/PHP-PHP-5.3.3.html > Does anyone see any big potential gotchas (major changes) with php 5.4, > or even 5.5, if I were to upgrade it? Security wise, there are many tools for testing the security of your web server, hopefully, you are concurrent on your server testing: http://projects.webappsec.org/w/page/13246988/Web Application Security Scanner List open source list at the bottom.... Google for php--bugs to see if any related to your servers. If what you have done is secure, then it *should* be ok, just monitor and watch your logs closely for a while. hth, James