WordPress 5.2 is targeted for release at the end of this month, and with it comes an update to the minimum required version of PHP. WordPress will now require a minimum of PHP 5.6.20. Beginning in WordPress 5.1, users running PHP versions below 5.6 have had a notification in their dashboard that includes information to […]
Posts Tagged PHP
As you may or may not be aware, on January 19th, 2019, a security announcement was published confirming the compromise of the PHP Extension and Application Repository (PEAR) installation script. The PEAR project had the following statement to announce: “A security breach has been found on the http://pear.php.net webserver, with a tainted go-pear.phar discovered. The PEAR website itself has been disabled until a known clean site can be rebuilt. A more detailed announcement will be on the …
Our PHP versions popularity research – and unexpected results
The post Our PHP versions popularity research – and unexpected results appeared first on Plesk.
Joomla! 3.3.6 Released
The Joomla! Project is pleased to announce the immediate availability of Joomla 3.3.6. This is a maintenance release addressing issues with yesterday’s 3.3.5 release. This release addresses an issue related to the core update component, one regression in the user password reset process, and adds a fallback upgrade mechanism for the update component. This release is considered a security release since it includes two resolved security issues associated with 3.3.5. A 3.2.7 release is also available for users who are still using Joomla! 3.2 which addresses the security issues and the upgrade component bug.
If you are currently running a Joomla! release on a server with PHP 5.3.10 or later, we encourage you to update immediately to Joomla! 3.3.6 via either the one-click update or the update downloads available at http://www.joomla.org/download.html.
Note that in order to update directly to 3.3.6 via the core update component, you must be running 3.2.2 or later due to the raised minimum supported PHP version and the update system not supporting checking the server’s PHP version in older releases. Older 3.x releases will be prompted to update to 3.2.7 before being presented the 3.3.6 update.
Special Download Instructions
Because of the issue with the update component, users who are running 3.2.6 or 3.3.5 will be unable to update to the next release using Joomla’s update component. These users will be required to update their Joomla! installation via the Extension Manager. Instructions for updating via the Extension Manager can be found on the Joomla! Documentation Wiki. Users who are running Joomla! 3.3.0 through 3.3.4 and 3.2.5 or earlier will be able to update using the update component. The Joomla! Documentation wiki contains full instructions on how to update your site.
Joomla! 3.3.5 Released
The Joomla! Project and the Production Leadership Team are proud to announce the release of Joomla! 3.3.5. This is a security release for the 3.x series of Joomla! and addresses two security issues in addition to several regressions introduced in the 3.3.4 release. A 3.2.6 release is also available for users who are still using Joomla! 3.2 which addresses the security issues.
If you are currently running a Joomla! release on a server with PHP 5.3.10 or later, we encourage you to update immediately to Joomla! 3.3.4 via either the one-click update or the update downloads available at http://www.joomla.org/download.html.
Note that in order to update directly to 3.3.5 via the core update component, you must be running 3.2.2 or later due to the raised minimum supported PHP version and the update system not supporting checking the server’s PHP version in older releases. Older 3.x releases will be prompted to update to 3.2.6 before being presented the 3.3.5 update.
EasyApache 3.26.3 Released
SUMMARY cPanel, Inc. has released EasyApache 3.26.3 with PHP version 5.5.15, Libxslt version 1.1.28 and Libxml2 version 2.9.1. This release addresses PHP vulnerability CVE-2014-4670 by fixing a bug in the SPL component, CVE-2012-6139 by fixing a bug in Libxslt, and fixes bugs in Libxml2 to address the following CVEs: CVE-2012-5134, …
Joomla! 3.3.3 Released
The Joomla! Project and the Production Leadership Team are proud to announce the release of Joomla! 3.3.3. This is a maintenance release for the 3.x series of Joomla! and addresses issues introduced in 3.3.2 with the e-mail cloaking code and user configuration options not applying correctly.
If you are currently running a Joomla! release on a server with PHP 5.3.10 or later, we encourage you to update immediately to Joomla! 3.3.3 via either the one-click update or the update downloads available at http://www.joomla.org/download.html.
Note that in order to update directly to 3.3.3 via the core update component, you must be running 3.2.2 or later due to the raised minimum supported PHP version and the update system not supporting checking the server’s PHP version in older releases. Older 3.x releases will be prompted to update to 3.2.4 before being presented the 3.3.3 update.
Joomla! 3.3.2 Released
The Joomla! Project and the Production Leadership Team are proud to announce the release of Joomla! 3.3.2. This is a maintenance release for the 3.x series of the Joomla! CMS.
If you are currently running a Joomla! release on a server with PHP 5.3.10 or later, we encourage you to update immediately to Joomla! 3.3.2 via either the one-click update or the update downloads available at http://www.joomla.org/download.html.
Note that in order to update directly to 3.3.2 via the core update component, you must be running 3.2.2 or later due to the raised minimum supported PHP version and the update system not supporting checking the server’s PHP version in older releases. Older 3.x releases will be prompted to update to 3.2.4 before being presented the 3.3.2 update.
(Jul 9) Several security issues were fixed in PHP.
EasyApache 3.24.22 Released
SUMMARY cPanel, Inc. has released EasyApache 3.24.22 with PHP 5.4.30 and 5.5.14. This release addresses multiple PHP vulnerabilities in the PHP core code and the Fileinfo, Network, and SPL modules. We encourage all PHP users to upgrade to PHP 5.4.30 and PHP 5.5.14. AFFECTED VERSIONS All versions of PHP 5.4 …
(Jun 25) An improvement was made for PHP FPM environments.
(Jun 23) Several security issues were fixed in PHP.
Criminals are running massive dedicated phishing campaigns against online dating sites, marking an interesting – but not unusual – shift in focus from the traditional phishing targets such as banks and other financial institutions. The most recent attack used a single compromised website to host hundreds of fraudulent PHP scripts, most of which were designed […]
Joomla! 3.3.1 Released
The Joomla! Project and the Production Leadership Team are proud to announce the release of Joomla! 3.3.1. This is a maintenance release for the 3.x series of the Joomla! CMS.
If you are currently running a Joomla! release on a server with PHP 5.3.10 or later, we encourage you to update immediately to Joomla! 3.3.1 via either the one-click update or the update downloads available at http://www.joomla.org/download.html.
Note that in order to update directly to 3.3.1 via the core update component, you must be running 3.2.2 or later due to the raised minimum supported PHP version and the update system not supporting checking the server’s PHP version in older releases. Older 3.x releases will be prompted to update to 3.2.4 before being presented the 3.3.1 update.
EasyApache 3.24.19 Released
SUMMARY cPanel, Inc. has released EasyApache 3.24.19 with PHP versions 5.5.13 and 5.4.29. This release addresses the PHP vulnerabilities CVE-2014-0237 and CVE-2014-0238 with fixes to bugs in the fileinfo extension. We encourage all PHP users to upgrade to PHP version 5.5.13 or PHP version 5.4.29. AFFECTED VERSIONS All versions of …
EasyApache 3.24.18 Released
SUMMARY cPanel, Inc. has released EasyApache 3.24.18 with PHP versions 5.5.12 and 5.4.28. This release addresses the PHP vulnerability CVE-2014-0185 with the fix to a bug in the FPM package. We encourage all PHP users to upgrade to PHP version 5.5.12 or PHP version 5.4.28. AFFECTED VERSIONS All versions of …
Joomla! 3.3.0 Released
The Joomla! Project and the Production Leadership Team are proud to announce the release of Joomla! 3.2.4 and 3.3, the latest releases of the 3.x release series.
If you are currently running Joomla! 3.2 on a server with PHP 5.3.10 or later, we encourage you to update immediately to Joomla! 3.3 via either the one-click update or the update downloads available at http://www.joomla.org/download.html. For sites on servers with a version of PHP less than 5.3.10, 3.2.4 is the release for you. However, please talk to your host about updating to PHP 5.3.10+, which is easy to do. For other versions of the 3.x series, applying the update is recommended as soon as possible.
Note that in order to update directly to 3.3 via the core update component, you must be running 3.2.2 or later due to the raised minimum supported PHP version and the update system not supporting checking the server’s PHP version in older releases. Older 3.x releases will be prompted to update to 3.2.4 before being presented the 3.3 update.
EasyApache 3.24.15 Released
SUMMARY cPanel, Inc. has released EasyApache 3.24.15 with FCGI version 2.3.9 and PHP versions 5.5.10 and 5.4.27. This release addresses the FCGI vulnerability CVE-2013-4365 with fixes to a possible heap buffer overwrite issue, and the PHP vulnerability CVE-2013-7345 with fixes to bugs in the fileinfo module. We encourage all FCGI …
(Apr 7) PHP could be made to crash if it processed a specially crafted file.
The website of the Agency for the Safety of Aerial Navigation in Africa and Madagascar (ASECNA) has been hijacked by hackers. Browsing to the site’s homepage currently presents visitors with a PayPal phishing site, where visitors are asked to submit PayPal account details, including their password, address and credit card details. After entering these details, victims are redirected to the real PayPal website.
EasyApache 3.24.12 Released
SUMMARY cPanel, Inc. has released EasyApache 3.24.12 with PHP versions 5.5.10 and 5.4.26. This release addresses PHP vulnerabilities CVE-2014-1943, CVE-2014-2270, and CVE-2013-7327 by fixing bugs in the Fileinfo and GD modules. We encourage all PHP users to upgrade to PHP versions 5.5.10 and 5.4.26. AFFECTED VERSIONS All versions of PHP …
(Mar 3) Several security issues were fixed in PHP.
2/10/2014 Houston, TX – cPanel, Inc. has released EasyApache 3.24. This version removes Apache 1.3/2.0, PHP 5.2, and mod_frontpage. As mentioned in Introducing EasyApache’s Optimal Profiles, these End of Life (EOL) items are no longer available in EasyApache. These items have been removed for the following reasons: They are no …
(Feb 5) Pedro Ribeiro from Agile Information Security found a possible remote code execution on Horde3, a web application framework. Unsanitized variables are passed to the unserialize() PHP function. A remote attacker could specially-crafted one of those variables allowing her to load and [More…]
1/30/2014 Houston, TX – cPanel, Inc. tentatively plans to release EasyApache 3.24 in the very near future. This version will include the removal of Apache 1.3/2.0, PHP 5.2, and mod_frontpage. As mentioned in Introducing EasyApache’s Optimal Profiles, these End of Life items will no longer be available in EasyApache. These …
The following issues were resolved:
[-] PHPMyAdmin did not show a remote database if the database name contained capital letters and underscore symbols. (PPPM-895)
[-] Migration failed if the migrated objects were already present on the destination server. (PPPM-919)
[-] When users created a subscription based on a service plane that had the option “Redirect to external mail server with IP address” switched on, Panel issued the error “Unable to create DSMail: Email address is invalid”.(PPPM-1069)
[-] (Linux) If more than 255 IP addresses were added to Panel, the script mailsrv_conf_init failed with the error “Incorrect format of RTM_GETADDR request response”. (PPPM-1274)
[-] (Windows) The training function for SpamAssassin attempted to use mail of suspended domains. (PPPM-1122)
[-] (Windows) The training function for SpamAssassin failed if a wrong IMAP connection string was specified. (PPPM-1122)
[-] (Linux) Instead of a PHP handler’s php.ini file, the system default php.ini file was used to generate a domain-level php.ini file. As a result, sometimes custom PHP for a domain did not work. (PPPM-893)
[-] (Linux) To avoid heap-based buffer overflow in the mod_fcgid module (CVE-2013-4365), the mod_fcgid module shipped with Panel was updated to version 2.3.9. (PPPM-1314)
(Dec 12) Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following issues: [More…]
(Dec 12) Several security issues were fixed in PHP.
SUMMARY cPanel, Inc. has released EasyApache 3.22.25 with PHP versions 5.3.28, 5.4.23, and 5.5.7. This release addresses PHP vulnerabilities CVE-2013-4073 and CVE-2013-6420 by fixing bugs in the OpenSSL module. We encourage all PHP users to upgrade to PHP versions 5.3.28, 5.4.23, and 5.5.7. AFFECTED VERSIONS All versions of PHP 5.3 …
The Joomla! Project and Community is excited to announce the release of the Joomla Framework! The Joomla Framework is a major step forward in the evolution of the Joomla! Project. Taking advantage of years of experience in creating the Joomla! CMS and later the Joomla! Platform, the development team has extracted and refactored many of the essential functions necessary to create, manage and deploy a modern PHP web application and compiled them into a library of modular packages that can be easily mixed and matched with other PHP frameworks and packages using Composer for dependency management.
This step enables two major areas of growth for the Joomla! project:
First, it makes several packages, inspired by the demanding needs of the Joomla! CMS, available to the larger PHP developer community, paving the way to build new web applications and services. These packages are distributed via Packagist.org for use with Composer and can be combined with packages from other best-of-breed PHP frameworks such as Symfony, Zend, and Laravel. Web Applications built on a server with the Joomla! Framework will have the advantage of creating, managing and authenticating user accounts; retrieving, managing and displaying content retrieved from one or more databases; and taking advantage of many social media integration features. For example, the social media packages for Facebook, Google, LinkedIn, and Twitter are well executed. They have a common API that interacts with each of the services, and offers good coverage of each service’s program interface.
Second, it allows a future version of the Joomla! CMS to be built upon this Framework and thereby benefit from the broader base of PHP developers that adopt and can contribute back to the Framework, as well as the dependency management features of Composer. The Framework will bring new rapid development tools to CMS extension developers that will allow them to create and maintain more sustainable and robust extensions.
Together these areas of growth combine to increase the development velocity of the Joomla! project and facilitates project collaboration and growth for the Open Source community as a whole.
What does this mean for the typical user of the Joomla! CMS for their website? Not much at this moment as the Framework is a toolkit for software designers and developers. Downloading the Framework will do nothing to enhance your current Joomla! website. It is, however, a great promise of things to come for future versions of the Joomla! CMS.
A new era of rapid web application development is ahead and the many lightweight, modular and decoupled packages within the Joomla Framework positions the Joomla! Project to be an even more prominent leader in the larger community of Open Source PHP solution developers.
For more information about the Joomla! Framework, please visit http://framework.joomla.org.