[TYPO3-dev] is it time for PHP5.2.1 now?
Stefan Geith
typo3dev2009.nospam1 at geithware.de
Wed Dec 9 12:21:51 CET 2009
Franz Holzinger schrieb:
>>> If nobody opposes on this list, then I will start developing
>>> sr_feuser_register in PHP 5.2.1 in the next year.
>>> All new bug fixes and features will require PHP 5.2.1 then.
>>>
>>
>> I guess users of Debian Etch would raise their hand, since they have
>> 5.2.0 and Etch is still supported.
>> Urhhhhm, I am one of those users. *Oppose*
>>
>> What's so different that you need 5.2.1 instead of 5.2.0?
>
> IMHO PHP 5.2.0 contains too many security relevant bugs. Therefore the
> requirement should start with at least 5.2.1 or even better 5.2.2 which
> fixes security issues:
> http://php.net/ChangeLog-5.php
>
> Version 5.2.2
> 03-May-2007
>
> * Security Fixes
> o Fixed CVE-2007-1001, GD wbmp used with invalid image size
> ...
But for Debian: all security issues get backported.
So _if_ Etch comes with 5.2.0, then all security
patches are backported to 5.2.0 and thus 5.2.0 in Etch
can be considered secure.
So as long as Debian Etch is supported, 5.2.0 should be
good ...
/Stefan
More information about the TYPO3-dev
mailing list