Page 1 of 1

Urgent: PHP 7.2 in SCL not updated for very long time

Posted: 2019/11/05 02:12:06
by winst
Hello,

The recent critical security update for PHP 7.2 , as documented in

https://access.redhat.com/errata/RHSA-2019:3299

I am using SCL PHP 7.2 in CentOS 7 with php-fpm (together with default PHP 5.4.16 as apache module that comes with CentOS 7), but when I check if there is updates, I noticed SCL PHP 7.2 has not been updated since 2018 Dec :

http://mirror.centos.org/centos/7/sclo/ ... /rh-php72/

I do noticed a bug is already submitted here:

https://bugzilla.redhat.com/show_bug.cgi?id=1766673

However, since there seems not much progress yet, I would like to know for now, any options I have for having latest PHP 7.2.x installed together with default PHP 5.4 in the same server? (Need both versions to coexist due to multiple hostings require diff. php version in the web server).

Thanks!
winst

Re: Urgent: PHP 7.2 in SCL not updated for very long time

Posted: 2019/11/05 07:29:49
by TrevorH
As far as I know they are in progress. I did find https://buildlogs.centos.org/centos/7/s ... /rh-php72/ and that has packages dated yesterday. Those are unsigned.

Re: Urgent: PHP 7.2 in SCL not updated for very long time

Posted: 2019/11/05 07:38:10
by TrevorH
I've asked that those be pushed sooner rather than later. This is a critical security issue but it does only affect people using it with nginx. If you don't use nginx then you are not affected.

Re: Urgent: PHP 7.2 in SCL not updated for very long time

Posted: 2019/11/05 23:55:58
by TrevorH
yum list rh-php72\* --enablerepo=centos-sclo-rh-testing

Re: Urgent: PHP 7.2 in SCL not updated for very long time

Posted: 2019/11/08 01:37:38
by winst
Thanks for the information. Hope the updates can be released ASAP....