Month of PHP exploits

Has anybody else been following the Month of PHP bugs coming in March: http://blog.php-security.org/archives/71-Month-of-PHP-Bugs-and-PHP-5.2.1.html

I was wondering if anybody here is planning on making an effort to update the version of PHP included in the cool stack to compensate as theses bugs (and their respective patches) are released throughout the month of March.

This looks to be pretty serious business. We're in the process of moving all of our PHP based sites either offline or IP address restricted during March (yeah, a major pain... but the problems appear to permeate through the very core of PHP).

What will you be doing?

John

[676 byte] By [john.tracya] at [2007-11-26 19:41:31]

«« out of space on /var - upgrade OS to free up ?
»» Another timer problem

# 1

> What will you be doing?

> John

Good question.

We are putting out a new release with PHP5.2.0 that will include the Suhosin extension. So for one thing, be sure to enable suhosin.

Users need to look at their flawed coding practices and cleanup their act. It is easy to blame the programming language and environment - but a lot of the security problems are due to poor design and bad programming practices.

shantiSa at 2007-7-9 22:22:47 >

top of Java-index,Open Source Technologies,OpenSPARC...

# 2

Shanti, do you have a release data you can share for the new coolstack, and/or the new php packages?

smattoona at 2007-7-9 22:22:47 >

OpenSPARC

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Month of PHP exploits

Open Source Technologies New Topic

Open Source Technologies Hot Topic

Open Source Technologies

All Classified