[CentOS] advice on having php 5.2.x:

Thu Feb 9 21:01:35 UTC 2012
Johnny Hughes <johnny at centos.org>

On 02/09/2012 04:16 AM, John R. Dennison wrote:
> On Thu, Feb 09, 2012 at 12:07:34PM +0200, Peter Peltonen wrote:
>> Hi,
>> There is a PHP 5.2 RPM for CentoOS5 in the testing repo:
>> http://dev.centos.org/centos/5/testing/SRPMS/
> This should be avoided at all costs.  Those packages have not been
> updated for ever and as a result have multiple known critical
> vulnerabilities.  Additionally, as has been pointed out repeatedly,
> these packages must be removed; the project is effectively pushing known
> vulnerable packages.
> Use the IUS repository and the php-5.2.17 packages they supply.  IUS is
> known and vetted and they have a commercial stake in the stability and
> integrity of the packages in that repo as they are what RackSpace makes
> available to their own paying customers.
> Please see http://wiki.centos.org/AdditionalResources/Repositories for
> more information and a link to the IUS repo.

For the record, those 5.2.10 php files are the latest released from here:


Those are from the Red Hat Web Application Stack for EL5.  It gets
errata here:


As to whether or not you should use them, that is ... of course ... up
to you.  It is the latest released, by upstream.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20120209/a9b55b3c/attachment-0005.sig>