New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update prerequisities install php 5.3 eol #74

Closed
EvertonMelo opened this Issue Mar 12, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@EvertonMelo

EvertonMelo commented Mar 12, 2018

according to the official website of the php project.

5.3 after: 3 years, 6 months ago enf of life .
5.3.29 ( 2017 )

font: http://php.net/eol.php

we need to do a source code update for the supported versions.

Branch | Initial Release | Active Support Until | Security Support Until

php 5.6 or 7.0; 7.1 and 7.2
http://php.net/supported-versions.php

without it the site is vulnerable to dozens of CVEs:

font: https://www.securityfocus.com/bid/41991

@EvertonMelo

This comment has been minimized.

EvertonMelo commented May 1, 2018

Okay.

@EvertonMelo EvertonMelo closed this May 1, 2018

@guzzilar

This comment has been minimized.

Contributor

guzzilar commented May 2, 2018

@EvertonMelo Hi,
Apologise for my silent, I agreed that we should review and do source code update once to prevent any security vulnerable issues that had happened on PHP below v5.6.

However, this might be a tough and long road to achieve regarding that many servers in the website market still provide PHP around version 5.4 ~ 5.5 for users.
The fastest action that I think I'll take right now is to mention on our README and all docs that we are not recommend to use Omise-PHP with PHP version below v5.6 due to the end of life cycle that you mentioned above.

If you have any ideas please feel free to submit either pull request or issue ticket.
It might take time to response (sorry) but we would definitely love to hear our folks' opinions.

And, thanks for this report.
Nam.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment