Discover Centmin Mod today
Register Now

PHP Security PHP 7.3.5, 7.2.18, 7.1.29 Security Updates

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, May 1, 2019.

  1. eva2000

    eva2000 Administrator Staff Member

    40,620
    9,015
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,881
    Local Time:
    4:49 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    PHP has released security updates for PHP 7.1.29, 7.2.18 and 7.3.5 versions. Full instructions on using Centmin Mod 123.09beta01's centmin.sh menu option 5 to update your server's PHP (php-fpm) versions are outlined at https://community.centminmod.com/th...y-updates-backported-fixes-php-5-6-7-0.17381/. Paying attention to section titled Updating PHP On Centmin Mod LEMP Stacks for differences between max PHP 7.x supported versions for 123.08stable versus 123.09beta01.

    PHP Change Logs
    Code (Text):
    --------------------------------------------------------
        Centmin Mod Menu 123.09beta01 centminmod.com
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB MySQL Upgrade & Management
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 5
    --------------------------------------------------------
    

    Code (Text):
    Do you want to run YUM install checks ?  [y/n]
    
    This will increase your upgrade duration time wise.
    Check the change log centminmod.com/changelog.html
    to see if any Nginx or PHP related new additions
    which require checking YUM prequisites are met.
    If no new additions made, you can skip the
    YUM install check to speed up upgrade time.
    
     [y/n]: n
    

    Code (Text):
    PHP Upgrade/Downgrade - Would you like to continue? [y/n] y
    
    ----------------------------------------------------------------
    Install which version of PHP? (version i.e. 5.6.40, 7.0.33, NGDEBUG)
    PHP 7.x/7.1.x/7.2.x/7.3.x is GA Stable but still may have broken PHP extensions.
    NGDEBUG is PHP 7.4.0 dev builds minus incompatible PHP extensions
    ----------------------------------------------------------------
    
    Current PHP Version: 7.3.4
    
    Enter PHP Version number you want to upgrade/downgrade to: 7.3.5
    
    Do you still want to continue? [y/n] y
    
    ----------------------------------------------------------------
    existing php.ini will be backed up at /usr/local/lib/php.ini-oldversion_010519-083742
    Want to update to latest php.conf ? (overwrites will auto backup existing php.conf)
    existing php.conf will be backed up at /usr/local/nginx/conf/php.conf-oldversion_010519-083742
    ----------------------------------------------------------------
    Update & overwrite your existing php.conf [y/n]: n
    ----------------------------------------------------------------
    

    Code (Text):
    -----------------------------------------------------------------------------------------
    Detected PHP 7.3 branch.
    You can compile Zend OPcache (Zend Optimizer Plus+) support
    as an alternative to using APC Cache or Xcache cache.
    But Zend OPcache only provides PHP opcode cache and
    DOESN'T do data caching, so if your web apps such as Wordpress,
    Drupal or vBulletin require data caching to APC or Xcache,
    it won't work with Zend OPcache.
    
    -----------------------------------------------------------------------------------------
    Do you want to use Zend OPcache [y/n] ? y
    
    *************************************************
    * Zend Optimizer Plus OPcache configured
    *************************************************
    
    PHP 7+ detected which uses newer mysqlnd
    or PDO MySQL extensions and removed the
    legacy mysql extension. You can optionally
    re-add the removed legacy mysql extension
    to PHP 7+ by answering yes to next question
    Only answer yes if you know for sure you
    have very old web scripts which need mysql
    legacy extension re-added. Otherwise answer
    no which is recommended for best stability
    
    Re-add legacy mysql extension to PHP 7+ [y/n] ? n
    

    Code (Text):
    php -v
    PHP 7.3.5 (cli) (built: May  1 2019 08:40:25) ( NTS )
    Copyright (c) 1997-2018 The PHP Group
    Zend Engine v3.3.5, Copyright (c) 1998-2018 Zend Technologies
        with Zend OPcache v7.3.5, Copyright (c) 1999-2018, by Zend Technologies
    
     
  2. GASTAN

    GASTAN Member

    53
    9
    8
    Jun 28, 2017
    Ratings:
    +11
    Local Time:
    8:49 PM
    backporting to 5.6 means, I have to recompile 5.6.40 to get latest fixes, but version number stays the same?
    Just choose menu option 5 and type in 5.6.40, correct?
     
  3. eva2000

    eva2000 Administrator Staff Member

    40,620
    9,015
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,881
    Local Time:
    4:49 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yup recompile 5.6.40 via centmin.sh menu option 5, will get you all the critical backported fixes to date from PHP 7.1.29 :)
     
    • Like Like x 1
    style="display:inline-block;min-width:400px;max-width:970px;width:95%;height:90px" data-ad-client="ca-pub-6669518204467592" data-ad-slot="4024536743" data-ad-format="auto">
  4. GASTAN

    GASTAN Member

    53
    9
    8
    Jun 28, 2017
    Ratings:
    +11
    Local Time:
    8:49 PM
    done, thx
     
    • Like Like x 1
  5. eva2000

    eva2000 Administrator Staff Member

    40,620
    9,015
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,881
    Local Time:
    4:49 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    FYI, updated centmin mod 123.09beta01 with backported PHP 7.3.4 to 7.3.6 fix from PHP 7.3.7 for PHP segmentation faults in mysqlnd extension - https://community.centminmod.com/th...x-into-php-7-3-4-7-3-6-in-123-09beta01.17560/.

    To update, you can run centmin 123.09beta01 updated code via cmupdate command and then run centmin.sh menu option 5 php upgrade/recompile when you specify PHP 7.3.4, 7.3.5, or 7.3.6 version numbers (FYI PHP 7.3.6 isn't out yet but yet it is, this update with auto patch fix that version too).
     
  6. BamaStangGuy

    BamaStangGuy Active Member

    568
    170
    43
    May 25, 2014
    Ratings:
    +231
    Local Time:
    1:49 PM
    So 7.3.6 is out and final?
     
  7. eva2000

    eva2000 Administrator Staff Member

    40,620
    9,015
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,881
    Local Time:
    4:49 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    not yet PHP 7.3.6 isn't final yet so you'd need to wait but PHP 7.3.4, 7.3.5 and even 7.3.6 don't have this bugfix by default - only Centmin Mod 123.09beta01 latest update has backported the fix for 7.3.4 and 7.3.5 recompiles/installs and whenever 7.3.6 is released will also get auto backported patch fix Beta Branch - backport PHP 7.3.7 due bug fix into PHP 7.3.4-7.3.6 in 123.09beta01. So Centmin Mod has backported a fix 2 minor versions ahead of current stable PHP 7.3.5 :D
     
    • Like Like x 2
  8. EckyBrazzz

    EckyBrazzz Active Member

    459
    90
    28
    Mar 28, 2018
    Brazil
    Ratings:
    +170
    Local Time:
    3:49 PM
    1.17.x
    10.3.x
    haha, to bad. No go
    Code (Text):
    *************************************************
    * Upgrading PHP
    *************************************************
     ____   _   _  ____       ____                          _                    _
    |  _ \ | | | ||  _ \  _  |  _ \   ___ __      __ _ __  | |  ___    __ _   __| |
    | |_) || |_| || |_) |(_) | | | | / _ \\ \ /\ / /| '_ \ | | / _ \  / _` | / _` |
    |  __/ |  _  ||  __/  _  | |_| || (_) |\ V  V / | | | || || (_) || (_| || (_| |
    |_|    |_| |_||_|    (_) |____/  \___/  \_/\_/  |_| |_||_| \___/  \__,_| \__,_|
                                                                                   
    HTTP/1.1 404 Not Found
    Initializing download: https://www.php.net/distributions/php-7.3.6.tar.xz
    HTTP/1.1 404 Not Found
    Error: php-7.3.6.tar.xz download failed.
    
     
  9. eva2000

    eva2000 Administrator Staff Member

    40,620
    9,015
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,881
    Local Time:
    4:49 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    not yet
     
    • Informative Informative x 1
  10. EckyBrazzz

    EckyBrazzz Active Member

    459
    90
    28
    Mar 28, 2018
    Brazil
    Ratings:
    +170
    Local Time:
    3:49 PM
    1.17.x
    10.3.x
    Sorry @eva2000 guess I have to read better, but there is so much here to read on CMM, it just never ends:)
     
    • Like Like x 1