Hi,
We are are using multiple WS-26-400-IDC switches (firmware version 1.5.6) to monitor some PoE cameras at some of our special buildings and we are getting notified by our vulnerability management software (Tenable) that our version of PHP is no longer supported and is at risk of multiple vulnerabilities (we are running version 5.2.6 and the supported versions are 7.3.x, 7.4.x or 8.0.x). Is there going to be a firmware update that will fix this PHP version in the future?
Unsupported PHP Version
- peter.fowler
- Member
- Posts: 13
- Joined: Thu Sep 03, 2020 6:22 pm
- Has thanked: 0 time
- Been thanked: 1 time
-
Dave - Employee
- Posts: 726
- Joined: Tue Apr 08, 2014 6:28 pm
- Has thanked: 1 time
- Been thanked: 158 times
Re: Unsupported PHP Version
Stephen will comment on this tomorrow for you..
-
Stephen - Employee
- Posts: 1061
- Joined: Sun Dec 24, 2017 8:56 pm
- Has thanked: 90 times
- Been thanked: 192 times
Re: Unsupported PHP Version
Actually, we are investigating the option for upgrading several components of the switch now, including PHP
-
JustJoe - Experienced Member
- Posts: 266
- Joined: Sat Aug 02, 2014 11:33 pm
- Has thanked: 94 times
- Been thanked: 59 times
Re: Unsupported PHP Version
It's been a long time since the release of a "final" version/release, with lots of good bug-fix work being done.
New versions of underlying support code will ALWAYS bring some new unexpected incompatibility quirks
... That's just the way software works.
Might it not be wise to release a "final" version of current bug fixes BEFORE opening the Pandora's box of new support code, so the fixes are accessible to those who otherwise are running stable networks??
Then plan to quickly release another final version that only adds that new support code for those that like living life on the bleeding edge?
New versions of underlying support code will ALWAYS bring some new unexpected incompatibility quirks
... That's just the way software works.
Might it not be wise to release a "final" version of current bug fixes BEFORE opening the Pandora's box of new support code, so the fixes are accessible to those who otherwise are running stable networks??
Then plan to quickly release another final version that only adds that new support code for those that like living life on the bleeding edge?
-
Stephen - Employee
- Posts: 1061
- Joined: Sun Dec 24, 2017 8:56 pm
- Has thanked: 90 times
- Been thanked: 192 times
Re: Unsupported PHP Version
Hey JustJoe,
I don't have a problem with that. Only reason I hadn't was because I had already promised to include the TLS updates in the 1.5.7 release.
However, there are several large updates involved in that. So if everyone is more comfortable with 1.5.7 coming out with the updates that already exist in 1.5.7rcX then that is fine with us.
It will be out either later today or tomorrow.
I don't have a problem with that. Only reason I hadn't was because I had already promised to include the TLS updates in the 1.5.7 release.
However, there are several large updates involved in that. So if everyone is more comfortable with 1.5.7 coming out with the updates that already exist in 1.5.7rcX then that is fine with us.
It will be out either later today or tomorrow.
-
JustJoe - Experienced Member
- Posts: 266
- Joined: Sat Aug 02, 2014 11:33 pm
- Has thanked: 94 times
- Been thanked: 59 times
Re: Unsupported PHP Version
Stephen wrote:Hey JustJoe,
I don't have a problem with that. Only reason I hadn't was because I had already promised to include the TLS updates in the 1.5.7 release.
However, there are several large updates involved in that. So if everyone is more comfortable with 1.5.7 coming out with the updates that already exist in 1.5.7rcX then that is fine with us.
It will be out either later today or tomorrow.
Works for meeee!
I think the folks needing the newer support libraries to meet their requirements and knowing you are working toward meeting their needs will also understand and appreciate the release "dividing line".
And thanks Stephen for always listening and being responsive. :)
- peter.fowler
- Member
- Posts: 13
- Joined: Thu Sep 03, 2020 6:22 pm
- Has thanked: 0 time
- Been thanked: 1 time
Re: Unsupported PHP Version
Hi team, is there any update on the when this PHP version will be upgraded to a supported version? Also is there a roadmap regarding the date of each stable release?
-
Stephen - Employee
- Posts: 1061
- Joined: Sun Dec 24, 2017 8:56 pm
- Has thanked: 90 times
- Been thanked: 192 times
Re: Unsupported PHP Version
Some things have come up with the WS3 that I have been trying to fix, but the PHP upgrade is my next major task for the WS series. A couple other feature requests and bugs have cropped up in the mean time as well so I am debating currently which I will tackle first. The major things I want to tackle with the next major release is the Dropbear upgrade (done), PHP upgrade (in progress) and TLS upgrade (in progress)
- peter.fowler
- Member
- Posts: 13
- Joined: Thu Sep 03, 2020 6:22 pm
- Has thanked: 0 time
- Been thanked: 1 time
Re: Unsupported PHP Version
Thanks for the update and sorry for not replying sooner but do you have an approximate ETA for these features as part of stabilizing 1.5.9 to production. My manager and our security manager are keen to know what the next steps will be including a roadmap for this (FYI, all our WS-26-400-IDC switches are now on the 1.5.8 production release build)
- peter.fowler
- Member
- Posts: 13
- Joined: Thu Sep 03, 2020 6:22 pm
- Has thanked: 0 time
- Been thanked: 1 time
Re: Unsupported PHP Version
Version 1.5.12 fixed a critical vulnerability (the Dropbear version) but do you have an approximate ETA for when the PHP component will be fixed as Tenable.io still says it's unsupported with version 5.2.6 detected and the current supported version of PHP is 8.x?
Who is online
Users browsing this forum: No registered users and 25 guests