Last night we upgraded PHP in the Grid from 5.3.10 to the latest release, 5.3.13. This new release patches several security vulnerabilities existing in 5.3.10. Here’s what the PHP development team says about this update:
“The PHP development team would like to announce the immediate availability of PHP 5.3.13. All users are encouraged to upgrade to PHP 5.3.13. The release completes a fix for a vulnerability in CGI-based setups (CVE-2012-2311). Note: mod_php and php-fpm are not vulnerable to this attack”
PHP 5.3.13 is active only on the Grid's Debian 6 environment. To change your hosting environment, login to OnSite. This upgrade should not cause any application issues. For a full list of changes between 5.3.10 and 5.3.13, visit php.net.
As always, let us know if you have any issues resulting from this upgrade.