Tanstaafl <tanstaafl <at> libertytrek.org> writes:
> I have a VM running in the cloud that has an old web/php app (10+ years > old, believe it or not), that still runs fine on apache 2.2.25, but I > pinned php to 5.3 some time ago. googling for "vulnerabilities in php 5.3" yeilded many interesting links. Here is one: http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-97802/PHP-PHP-5.3.3.html > Does anyone see any big potential gotchas (major changes) with php 5.4, > or even 5.5, if I were to upgrade it? Security wise, there are many tools for testing the security of your web server, hopefully, you are concurrent on your server testing: http://projects.webappsec.org/w/page/13246988/Web Application Security Scanner List open source list at the bottom.... Google for php-<version>-bugs to see if any related to your servers. If what you have done is secure, then it *should* be ok, just monitor and watch your logs closely for a while. hth, James
