Wedge
Public area => The Pub => Off-topic => Topic started by: Arantor on August 23rd, 2011, 12:02 AM
-
I doubt this will affect most of you but anyway.
http://www.theregister.co.uk/2011/08/22/php_security_warning/
Long story short: do not use PHP 5.3.7, it has a fairly nasty vulnerability in the internal crypt library that, well, doesn't crypt things properly.
It does have an impact on both SMF and Wedge, as it happens. Specifically that older forums make use of the crypt function in order to hash passwords, as well as custom indexes, will be compromised by this bug.
I doubt the older forums thing is a huge deal for the vast majority of users, but potentially the custom indexes one is. If your host uses 5.3.7, get them to upgrade to a dev version or kick them to upgrade to 5.3.8 when it is released in the next few days.
-
Thanks for the info! ;)
-
Yeah, thanks for the information Arantor. Glad my host didn't updated, I believe they are still on 5.2
-
If they're on 5.2, they should be on 5.2.17 - it's been out over 6 months, and hosts don't really have much reason not to upgrade.
-
Well i think my hosting waiting 5.3.X (final) to upgrade still on 2.17
thank you for info
-
Depends on your definition of 'final'. 5.3 final won't appear until 5.4 is considered stable, and given that 5.4 is not even yet in beta...
But if they can't even be bothered to upgrade to a security patch of PHP in 6 months after it came out, I'd be asking questions...