Kolab 3.2 and php
Timotheus Pokorra
timotheus at kolab.org
Mon Mar 2 08:47:56 CET 2015
Hello Christian,
> yes you're right but RedHat/CentOS doesn't ship any updated versions of
> php. The latest version is 5.3.3 which is pretty outdated. Some new
> applications like owncloud etc. doesn't even support 5.3 any more. So I
> have to switch to a third party repo to upgrade my php.
I am glad that you are wrong on this :)
There are two things: security updates, and feature updates.
With CentOS, you get all the security updates even for PHP 5.3, until
the lifetime of CentOS/RHEL 6 ends (in the year 2020).
I checked this:
rpm -qa | grep php
php-cli-5.3.3-40.el6_6.x86_64
php-common-5.3.3-40.el6_6.x86_64
php-5.3.3-40.el6_6.x86_64
And downloaded the source rpm:
http://vault.centos.org/6.6/updates/Source/SPackages/php-5.3.3-40.el6_6.src.rpm
inside the spec file you can see:
%changelog
* Thu Oct 23 2014 Jan Kaluza <jkaluza at redhat.com> - 5.3.3-40
- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710
* Tue Oct 21 2014 Remi Collet <rcollet at redhat.com> - 5.3.3-39
- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
- core: fix integer overflow in unserialize() CVE-2014-3669
- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670
So this means, that php 5.3.3 on CentOS6 is uptodate regarding security
updates.
Of course, there are no functionality updates from later php releases.
But for Kolab, php 5.3.3 is enough, and I think it is better not to have
several other services running on the same virtual machine beside Kolab.
Nowadays it is so easy to just create another virtual machine, where you
can run your ownCloud etc.
This makes more sense than packaging your own Kolab packages, I think.
Hope this clarifies things,
Timotheus
More information about the users
mailing list