Skip to main content
Topic: PHP Version (Read 3393 times) previous topic - next topic

PHP Version

I ran Secunia PSI on my system just now, and it is reporting that the version of PHP installed in NoteWorthy (version 5.3) is out of date. I've checked and it appears that the current (issued) version is 5.4.15.
Is there a way a non-programmer like me could upgrade?
I think that I should wait for the upgrade to PHP to be included in NoteWorthy, but if someone has upgraded and can provided instructions, I'd try it out.
While I could copy the files that are in the PHP sub-folder, I assume there may be DLLs installed elsewhere, and/or registry entries. And php.ini may need alteration.
So I'm leaving it alone for now! I'm not aware that there are security issues with the older version.

Edit:-  A bit of further digging found this on the Secunia site:-

******************************************
Description

A vulnerability has been reported in PHP, which can be exploited by malicious people to potentially disclose sensitive information.

The vulnerability is caused due to an error in the "soap_xmlParseFile()" and "soap_xmlParseMemory()" functions (ext/soap/php_xml.c) when parsing XML entities via SOAP objects, which can potentially be exploited to e.g. disclose contents of certain local files by sending specially crafted XML data including external entity references.

The vulnerability is reported in versions prior to 5.3.23 and 5.4.13.
******************************************

Properties sheet details the installed version of PHP as version 5.3.20-dev


Re: PHP Version

Reply #1
There are no plans to upgrade the PHP binaries used in the NWC PHP Starter Kit. PHP  security issues are for servers using PHP based content delivery to clients. They are not relevant in the NWC context, as basically any PHP script that you run using NWC already has full access to your system.

 

Re: PHP Version

Reply #2
Thank you for your clarification. I wasn't particularly concerned - I had already set Secunia to ignore the issue.