On Sun, Jul 03, 2011 at 02:29:12PM +0200, Alain Péan wrote:
So 5.1.6 is the current package on CentOS, at least in base repo, I don't know for CentOSPlus, and your question is totally valid.
The php in base, for both C4 and C5, gets updates. I've not seen an update for the C4 plus package since, well, 2008. This also brings up the question what stack this package was part of upstream; I'm not able to locate it in Redhat's mirrors.
I am not using PHP, so I am not aware of the last vulnerabilities, but you should know that RedHat backports security fixes, and features, from further releases, so the version number is not that informative. See for example this rather old thread (2010) :
They only backport for supported packages. It appears that this package may have been orphaned upstream.
Returns a 404.
John