Netonix Forums

Hi,
We are are using multiple WS-26-400-IDC switches (firmware version 1.5.6) to monitor some PoE cameras at some of our special buildings and we are getting notified by our vulnerability management software (Tenable) that our version of PHP is no longer supported and is at risk of multiple vulnerabilities (we are running version 5.2.6 and the supported versions are 7.3.x, 7.4.x or 8.0.x). Is there going to be a firmware update that will fix this PHP version in the future?

Stephen will comment on this tomorrow for you..

Actually, we are investigating the option for upgrading several components of the switch now, including PHP

It's been a long time since the release of a "final" version/release, with lots of good bug-fix work being done.

New versions of underlying support code will ALWAYS bring some new unexpected incompatibility quirks
... That's just the way software works.

Might it not be wise to release a "final" version of current bug fixes BEFORE opening the Pandora's box of new support code, so the fixes are accessible to those who otherwise are running stable networks??

Then plan to quickly release another final version that only adds that new support code for those that like living life on the bleeding edge?

Hey JustJoe,

I don't have a problem with that. Only reason I hadn't was because I had already promised to include the TLS updates in the 1.5.7 release.
However, there are several large updates involved in that. So if everyone is more comfortable with 1.5.7 coming out with the updates that already exist in 1.5.7rcX then that is fine with us.

It will be out either later today or tomorrow.

Stephen wrote:Hey JustJoe,

I don't have a problem with that. Only reason I hadn't was because I had already promised to include the TLS updates in the 1.5.7 release.
However, there are several large updates involved in that. So if everyone is more comfortable with 1.5.7 coming out with the updates that already exist in 1.5.7rcX then that is fine with us.

It will be out either later today or tomorrow.

Works for meeee!
I think the folks needing the newer support libraries to meet their requirements and knowing you are working toward meeting their needs will also understand and appreciate the release "dividing line".

And thanks Stephen for always listening and being responsive. :)

Hi team, is there any update on the when this PHP version will be upgraded to a supported version? Also is there a roadmap regarding the date of each stable release?

Some things have come up with the WS3 that I have been trying to fix, but the PHP upgrade is my next major task for the WS series. A couple other feature requests and bugs have cropped up in the mean time as well so I am debating currently which I will tackle first. The major things I want to tackle with the next major release is the Dropbear upgrade (done), PHP upgrade (in progress) and TLS upgrade (in progress)

Thanks for the update and sorry for not replying sooner but do you have an approximate ETA for these features as part of stabilizing 1.5.9 to production. My manager and our security manager are keen to know what the next steps will be including a roadmap for this (FYI, all our WS-26-400-IDC switches are now on the 1.5.8 production release build)

Version 1.5.12 fixed a critical vulnerability (the Dropbear version) but do you have an approximate ETA for when the PHP component will be fixed as Tenable.io still says it's unsupported with version 5.2.6 detected and the current supported version of PHP is 8.x?