Resolved Update PHP to specific version (ex. 7.2.19 > 7.2.24)

[gcamerano]

Hi everyone,
this may be a silly question, however I can't seem to find the correct procedure.

I'm running Plesk Onyx 17.8.11 Update #71 on Ubuntu 18.04.3 LTS‬

I want to update my current PHP version (7.2.19) to the latest stable release (7.2.24).
It's an important security update (NGINX-PHPFPM vulnerability CVE-2019-11043).

I tried through the Plesk tool (Add and Remove Product Components) and through command line with

plesk installer --select-release-current --show-components

but it says that 7.2 version is the most up to date.

Any ideas?

 

[IgorG]

According to Plesk Onyx ChangeLog latest version of PHP 7.2.23 was shipped in 69 update Change Log for Plesk Onyx
Have you installed it?
PHP 7.2.24 will be shipped in the upcoming update.

 

[msnet]

And when does this "upcoming update" arrive? 7.2.24 and 7.3.11 need to be available asap.

 

[IgorG]

And when does this "upcoming update" arrive?

Just monitor ChangeLog - Change Log for Plesk Onyx
I think it will be released in one-two weeks.

 

[B_P]

Just monitor ChangeLog - Change Log for Plesk Onyx
I think it will be released in one-two weeks.

Dear @IgorG given that this is a security which fixes the above mentioned CVE bug, I think it is not acceptable to release it only in one to two weeks. Have a look at Urgent security issue in NGINX/php-fpm – Nextcloud for instance. They recommend an urgent update!

 

[gcamerano]

I agree: this is a serious threat that allows remote code execution.
Mitigation is possible by tinkering with NGINX directives, but still a PHP upgrade is necessary as soon as possible.

 

[gcamerano]

Great news: PHP has been updated on Plesk: Change Log for Plesk Onyx

Thanks Plesk staff