• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Php 5.2.8

J

jamescrown

Guest
Hello,

There is a recent vulnerability in PHP 5.2.6

The available build of plesk 9.0 081208.18 is currently installing PHP 5.2.6 to %plesk_bin% and %plesk_dir%\additional\pleskphp5

Can you please release a new build of Plesk 9.0 which uses PHP 5.2.8 ?

Thank you.
 
I think you can just intall the new version into that directory and it should work fine, the same apply to php4
 
That works for %plesk_dir%\additional\pleskphp5 only. So yes, the PHP version clients use can be upgraded however the version that plesk control panel uses cannot as it will cause errors. Currently this is causing sites hosted on Plesk servers to fail PCI compliance unless you prevent the scanner access to port 8880 and 8443.
 
you will have to replace the php.ini file that plesk is using. Plesk is using the php.ini file under admin folder
do not forget to copy some settings from the old php.ini
 
Hello,

Do you currently have PHP 5.2.8 working from %plesk_bin%? Please only respond to this post if you know how to get PHP 5.2.8 working from %plesk_bin%.
 
jamescrown said:
Hello,

There is a recent vulnerability in PHP 5.2.6

The available build of plesk 9.0 081208.18 is currently installing PHP 5.2.6 to %plesk_bin% and %plesk_dir%\additional\pleskphp5

Can you please release a new build of Plesk 9.0 which uses PHP 5.2.8 ?

Thank you.
Click to expand...

It will pass 50 years before parallels will be able to release abything like that.
They are not able to fix bugs that were present in plesk 8.6 and are still present in plesk 9.
I can tell you that they are probably amazed that php works with theire product.
They are just lame so dont't expect anything except more bugs.
 
How to "get around" PCI Compliance

The default installation for Plesk php exposes the php header information by adding it's signature to the web server header. That is how the PCI Compliance companies "see" what version you are using. You can turn this off with (so far) no ill effects by going to php.ini in %plesk_dir%/admin and changing:

expose_php = On

to

expose_php = Off
 
You must log in or register to reply here.

Similar threads

micneon
Question Need URL to get stable Version Number
Replies
2
Views
217
micneon
micneon
J.Wick
Issue Multiple Vulnerabilities in PHP 5 thru 8.3.7 Could Allow for Remote Code Execution - PATCH NOW
Replies
2
Views
1K
Tobias Sorensson
T
M
Issue unable to add component PLESK-PHP8.2.
Replies
1
Views
948
Nikolay
Nikolay
P
Question PHP 7.1 for old Magento 1.x site
Replies
11
Views
1K
pvdv
P
M
Question PHP 5.3
Replies
8
Views
2K
manni
M
Back
Top