PHP 7.4.33 - Security Release

The Remi Repository released this update on November 3rd. Just saying...
 
An alpha channel has already the update:

Code: 
PHP 7.4: 7.4.32 to 7.4.33 update is available.

It might take a while for the update to get available in other channels.
 
Peter Laws said:
The downside of DA taking over CB, but, oh well.
Click to expand...
Yea, that had bad idea written all over it. But, it is what it is.

Really wish they'd incorporate the Remi RPM repository for PHP updates in an official manner, so that I don't have to back channel all of that. But at least my PHP updates aren't tied to CustomBuild which is now tied to DirectAdmin updates.
 
Also DA provides tarballs that must be successfully compiled on different OS + must be compatible with their own patches, they don't use precompiled php packages.
 
I suppose my concern would be - what happens in the event of a zero-day exploit? Something that is handled by CustomBuild, but that people can't really afford to wait for the update to go through the channels (alpha -> current or stable). Would we be forced to move to the alpha channel, but then risk DirectAdmin being unstable/buggy?
 
Hi everyone, in case of a critical security issue we can push-out a release to all the channels. In this particular case with PHP 7.4.33, we decided it is not urgent enough to be pushed out to current, that is why it is available in alpha only.
 
Does DirectAdmin apply any custom patches to the PHP source they use in Custombuild?

If not, then there's nothing stopping someone from downloading the PHP source from php.net and compiling it themselves outside of Custombuild.

If you have root to a server there's really not much that ever stops you from compiling source yourself. Compiling source is the low hanging fruit.
 
fln said:
Hi everyone, in case of a critical security issue we can push-out a release to all the channels. In this particular case with PHP 7.4.33, we decided it is not urgent enough to be pushed out to current, that is why it is available in alpha only.
Click to expand...
Hi,
Is it safe to use (Customize Versions) on Stable directadmin update channel (Current 1.643) ?
Or we must update the DA to use newer versions?

For example: setting the php to 7.4.33 from Customizing Versions and update the php to 7.4.33 on DA 1.643 ? Any extra step needed in this case ?

Regards
 
@trover most of the time (and in this particular case with PHP 7.4.33) yes. Just chaning the verion you can successfully build a new PHP just fine. On some rare occasions this might not work. It happens if we need some logic change inside the custombuild script itself to compile a new version. This is more likely to happen with new major releases if they change what sequence of commands needs to be run for the software to be built.

Just keep in mind that if you customize the version you are essentially freezing it in time. With new DA and new CB there could be new versions available but you will be stuck with 7.4.33 until you remove the version override.

@sparek there are some patches being applied when CB builds PHP, they are available in the /usr/local/directadmin/custombuild/patches directory.
 
You must log in or register to reply here.
Back
Top