| 1 |
Tanstaafl <tanstaafl <at> libertytrek.org> writes: |
| 2 |
|
| 3 |
|
| 4 |
> I have a VM running in the cloud that has an old web/php app (10+ years |
| 5 |
> old, believe it or not), that still runs fine on apache 2.2.25, but I |
| 6 |
> pinned php to 5.3 some time ago. |
| 7 |
|
| 8 |
googling for "vulnerabilities in php 5.3" |
| 9 |
yeilded many interesting links. Here is one: |
| 10 |
|
| 11 |
http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-97802/PHP-PHP-5.3.3.html |
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
> Does anyone see any big potential gotchas (major changes) with php 5.4, |
| 16 |
> or even 5.5, if I were to upgrade it? |
| 17 |
|
| 18 |
Security wise, there are many tools for testing the security of |
| 19 |
your web server, hopefully, you are concurrent on your server |
| 20 |
testing: |
| 21 |
|
| 22 |
http://projects.webappsec.org/w/page/13246988/Web Application Security |
| 23 |
Scanner List |
| 24 |
|
| 25 |
open source list at the bottom.... |
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
Google for php-<version>-bugs to see if any related to your |
| 30 |
servers. |
| 31 |
|
| 32 |
If what you have done is secure, then it *should* be ok, just |
| 33 |
monitor and watch your logs closely for a while. |
| 34 |
|
| 35 |
hth, |
| 36 |
James |
Archives