1 |
Tanstaafl <tanstaafl <at> libertytrek.org> writes: |
2 |
|
3 |
|
4 |
> I have a VM running in the cloud that has an old web/php app (10+ years |
5 |
> old, believe it or not), that still runs fine on apache 2.2.25, but I |
6 |
> pinned php to 5.3 some time ago. |
7 |
|
8 |
googling for "vulnerabilities in php 5.3" |
9 |
yeilded many interesting links. Here is one: |
10 |
|
11 |
http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-97802/PHP-PHP-5.3.3.html |
12 |
|
13 |
|
14 |
|
15 |
> Does anyone see any big potential gotchas (major changes) with php 5.4, |
16 |
> or even 5.5, if I were to upgrade it? |
17 |
|
18 |
Security wise, there are many tools for testing the security of |
19 |
your web server, hopefully, you are concurrent on your server |
20 |
testing: |
21 |
|
22 |
http://projects.webappsec.org/w/page/13246988/Web Application Security |
23 |
Scanner List |
24 |
|
25 |
open source list at the bottom.... |
26 |
|
27 |
|
28 |
|
29 |
Google for php-<version>-bugs to see if any related to your |
30 |
servers. |
31 |
|
32 |
If what you have done is secure, then it *should* be ok, just |
33 |
monitor and watch your logs closely for a while. |
34 |
|
35 |
hth, |
36 |
James |