PHP Security PHP 7.3.5, 7.2.18, 7.1.29 Security Updates

PHP has released security updates for PHP 7.1.29, 7.2.18 and 7.3.5 versions. Full instructions on using Centmin Mod 123.09beta01's centmin.sh menu option 5 to update your server's PHP (php-fpm) versions are outlined at https://community.centminmod.com/th...y-updates-backported-fixes-php-5-6-7-0.17381/. Paying attention to section titled Updating PHP On Centmin Mod LEMP Stacks for differences between max PHP 7.x supported versions for 123.08stable versus 123.09beta01.

---

PHP Change Logs

• PHP 7.3.5 php/php-src
• PHP 7.2.18 php/php-src
• PHP 7.1.29 php/php-src

Code (Text):

--------------------------------------------------------
    Centmin Mod Menu 123.09beta01 centminmod.com
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB MySQL Upgrade & Management
12). Zend OpCache Install/Re-install
13). Install/Reinstall Redis PHP Extension
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: pigz,pbzip2,lbzip2...
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Install/Re-Install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + Cache Plugin
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ] 5
--------------------------------------------------------

Code (Text):

Do you want to run YUM install checks ?  [y/n]

This will increase your upgrade duration time wise.
Check the change log centminmod.com/changelog.html
to see if any Nginx or PHP related new additions
which require checking YUM prequisites are met.
If no new additions made, you can skip the
YUM install check to speed up upgrade time.

 [y/n]: n

Code (Text):

PHP Upgrade/Downgrade - Would you like to continue? [y/n] y

----------------------------------------------------------------
Install which version of PHP? (version i.e. 5.6.40, 7.0.33, NGDEBUG)
PHP 7.x/7.1.x/7.2.x/7.3.x is GA Stable but still may have broken PHP extensions.
NGDEBUG is PHP 7.4.0 dev builds minus incompatible PHP extensions
----------------------------------------------------------------

Current PHP Version: 7.3.4

Enter PHP Version number you want to upgrade/downgrade to: 7.3.5

Do you still want to continue? [y/n] y

----------------------------------------------------------------
existing php.ini will be backed up at /usr/local/lib/php.ini-oldversion_010519-083742
Want to update to latest php.conf ? (overwrites will auto backup existing php.conf)
existing php.conf will be backed up at /usr/local/nginx/conf/php.conf-oldversion_010519-083742
----------------------------------------------------------------
Update & overwrite your existing php.conf [y/n]: n
----------------------------------------------------------------

Code (Text):

-----------------------------------------------------------------------------------------
Detected PHP 7.3 branch.
You can compile Zend OPcache (Zend Optimizer Plus+) support
as an alternative to using APC Cache or Xcache cache.
But Zend OPcache only provides PHP opcode cache and
DOESN'T do data caching, so if your web apps such as Wordpress,
Drupal or vBulletin require data caching to APC or Xcache,
it won't work with Zend OPcache.

-----------------------------------------------------------------------------------------
Do you want to use Zend OPcache [y/n] ? y

*************************************************
* Zend Optimizer Plus OPcache configured
*************************************************

PHP 7+ detected which uses newer mysqlnd
or PDO MySQL extensions and removed the
legacy mysql extension. You can optionally
re-add the removed legacy mysql extension
to PHP 7+ by answering yes to next question
Only answer yes if you know for sure you
have very old web scripts which need mysql
legacy extension re-added. Otherwise answer
no which is recommended for best stability

Re-add legacy mysql extension to PHP 7+ [y/n] ? n

Code (Text):

php -v
PHP 7.3.5 (cli) (built: May  1 2019 08:40:25) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.5, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.3.5, Copyright (c) 1999-2018, by Zend Technologies

 

yup recompile 5.6.40 via centmin.sh menu option 5, will get you all the critical backported fixes to date from PHP 7.1.29

 

FYI, updated centmin mod 123.09beta01 with backported PHP 7.3.4 to 7.3.6 fix from PHP 7.3.7 for PHP segmentation faults in mysqlnd extension - https://community.centminmod.com/th...x-into-php-7-3-4-7-3-6-in-123-09beta01.17560/.

To update, you can run centmin 123.09beta01 updated code via cmupdate command and then run centmin.sh menu option 5 php upgrade/recompile when you specify PHP 7.3.4, 7.3.5, or 7.3.6 version numbers (FYI PHP 7.3.6 isn't out yet but yet it is, this update with auto patch fix that version too).

 

not yet PHP 7.3.6 isn't final yet so you'd need to wait but PHP 7.3.4, 7.3.5 and even 7.3.6 don't have this bugfix by default - only Centmin Mod 123.09beta01 latest update has backported the fix for 7.3.4 and 7.3.5 recompiles/installs and whenever 7.3.6 is released will also get auto backported patch fix Beta Branch - backport PHP 7.3.7 due bug fix into PHP 7.3.4-7.3.6 in 123.09beta01. So Centmin Mod has backported a fix 2 minor versions ahead of current stable PHP 7.3.5

 

not yet