Hi, I've got exactly the same problem. I'm currently in the process of installing new webservers and decided to use only php software collections from remi repo because the official ones won't get updated frequently enough to be safe. So yes, this seems to be the only option for now until the CentOS SCL team decides to do automated update builds of their SCLs.
Regards, Daniel -- Daniel Souvignier IT Center Gruppe: Linux-basierte Anwendungen Abteilung: Systeme und Betrieb RWTH Aachen University Seffenter Weg 23 52074 Aachen Tel.: +49 241 80-29267 souvign...@itc.rwth-aachen.de www.itc.rwth-aachen.de -----Original Message----- From: sclorg-boun...@redhat.com [mailto:sclorg-boun...@redhat.com] On Behalf Of Josep Manel Andrés Moscardó Sent: Thursday, March 8, 2018 9:16 AM To: sclorg@redhat.com Subject: Re: [scl.org] PHP Security Updates Hi, Referring to http://mirror.centos.org/centos/7/sclo/x86_64/rh/rh-php56/ I see the last update was latest 2016, and checking the latest php 5.6 available on php.net I can see an update from last week. So, is this what you are talking about? ..... I didn't notice.... On 07/03/18 19:17, Brian Haines wrote: > I was wondering, what is an appropriate period to wait for security > updates to php versions in the software collection? > > The following article got my attention: > https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php-co > uld-allow-for-arbitrary-code-execution_2018-023/ > > > I am using multiple versions of scl php on a server of mine and I > can't really use scl if only vulnerable versions of php are available. > > Is the best solution to use the remi repo to get secure software > collections versions of php? > > _______________________________________________ > SCLorg mailing list > SCLorg@redhat.com > https://www.redhat.com/mailman/listinfo/sclorg -- Josep Manel Andrés Moscardó Systems Engineer, IT Operations EMBL Heidelberg T +49 6221 387-8394
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ SCLorg mailing list SCLorg@redhat.com https://www.redhat.com/mailman/listinfo/sclorg
