Here are updated packages in the Yum repository:

• MySQL 5.5.36 for CentOS 5/6 changelog
• MySQL 5.1.73 for CentOS 5 changelog

The MySQL releases change the package structure automatically from mysql55 to mysql55w and mysql51 to mysql51w, so they don't conflict with base packages.

Here are updated packages in the Yum repository:

• PHP 5.6.0alpha1 for RHEL/CentOS 6
• PHP 5.5.9 for RHEL/CentOS 5/6 changelog
• Apcu 4.0.3 for PHP 5.5.9 on RHEL/CentOS 5/6
• PHP 5.4.25 for RHEL/CentOS 5/6 changelog
• Apcu 4.0.3 for PHP 5.4.25 on RHEL/CentOS 5/6
• Zend OpCache 7.0.3 for PHP 5.4.25 on RHEL/CentOS 5/6
  

The PHP 5.6.0alpha1 release will stay in el6-testing until it's release date, so it's clear it's not suitable for production use yet.

The other PHP releases are bug-fix releases only, no known security issue fixes included.

Here are updated packages in the Yum repository:

• PHP 5.5.8 for RHEL/CentOS 5/6 changelog
• PHP 5.4.24 for RHEL/CentOS 5/6 changelog

These releases are bug-fix releases only, no known security issue fixes included.

Here are updated packages in the Yum repository:

• PHP 5.5.7 for RHEL/CentOS 5/6 changelog
• PHP 5.4.23 for RHEL/CentOS 5/6 changelog
• PHP 5.3.28 for RHEL/CentOS 5 changelog

All three releases fix a CVE CVE-2013-6420.

PHP 5.3.28 also fixes a CVE CVE-2013-4248 previously fixed in PHP 5.5.2 and 5.4.18, but only now has been put into PHP 5.3. This is incorrectly mentioned on the PHP.net website and changelog as the Ruby variant of the same flaw CVE-2013-4073.

Here are updated packages in the Yum repository:

• PHP 5.5.6 for RHEL/CentOS 5/6 changelog
• PHP 5.4.22 for RHEL/CentOS 5/6 changelog
• Nginx 1.2.9 with CVE patch for RHEL/CentOS 5/6

The Nginx release includes a CVE patch CVE-2013-4547 Webtatic has backported from version 1.4, so that current Nginx 1.2 users on Webtatic have the security update.

The PHP releases have only bug fixes in.

PHP APCu is now included in the repository for both PHP 5.4 and 5.5. APCu is a cut down version of APC, which just deals with user cache, removing it's opcode cache that doesn't support PHP 5.5. This should allow you to continue to use the user cache to speed up websites.

New repositories were created a month ago to store old versions of packages that were in the EL5.1 and EL6 repositories, where newer versions are kept. Today, the old versions of these packages have been moved to these new archive repositories.

If you have installed the latest.rpm recently, you will already have configured access to these archive repositories, but otherwise you can get access by repeating installation of the repository version you are using, see the Yum Repository page for details on how to install this.

Archived versions of packages will instead now be accessible for installation via:

yum install package-name.version --enablerepo=webtatic-archive

If you do use the archived packages, please note that using them there may be bugs and security issues that have since been fixed in the latest version of the packages, so if you can avoid it, you should only use the standard repositories.

This separation will mean that the package metadata for the existing EL5.1 and EL6 repositories will be reduced in size now, and mirroring should by default only sync the latest packages. It is standard practice in Yum repositories to delete or archive old versions of packages, Webtatic has taken the latter approach so that if it's critical to you to stay on the old versions, you can still do that.

Here are updated packages in the Yum repository:

• PHP 5.5.1 for RHEL/CentOS 5/6 changelog
• PHP 5.4.17 for RHEL/CentOS 5/6 changelog

The PHP 5.5 and 5.4 releases addresses a CVE, CVE-2013-4113. The CVE and changelogs do not mention PHP 5.5.0 and 5.4.0 - 5.4.17 versions are affected, however they are and the security fix is in PHP.net's 5.5.1 version, and will be in their next PHP 5.4 release (5.4.18).

Webtatic has included the pending PHP 5.4.18 security fix for this in it's php54w*-5.4.17 release, so although PHP 5.4.18 will likely be released on PHP.net within the week addressing this issue, it will not be as urgent to upgrade if using php54w*-5.4.17.

Additionally, there have been the following improvements added to the Webtatic PHP releases:

• Zend Thread Safety (ZTS) mod_php module is now bundled with the standard mod_php module (non-ZTS), and will only be enabled if switching httpd prefork MPM to the worker MPM. All PHP extensions included in the repository will install standard extensions and ZTS extensions by default, and depending on the mod_php version being used, use the appropriate extensions in /etc/php.d (non-ZTS) and /etc/php-zts.d (ZTS).
• Mysqlnd is supplied as alternative additional package to php54w-mysql/php55w-mysql (using the system libmysqlclient), and will replace the alternative php54w-mysql55/php55w-mysql55 (using Mysql 5.5 libmysqlclient).
• Several built-in PHP extensions are now shared extensions, so they can be disabled by removing the appropriate /etc/php.d/*.ini and /etc/php-zts.d/*.ini files

Here are updated packages in the Yum repository:

• PHP 5.3.27 for RHEL/CentOS 5 changelog

The PHP 5.3 release addresses a CVE, CVE-2013-4113.

PHP 5.4.17 does not mention this CVE, so there is no urgency to upgrade to this if you are on 5.4.16, however Webtatic is preparing it at the moment with a few package improvements that will be released soon.

Here are updated packages in the Yum repository:

• PHP 5.5.0 for CentOS/RHEL 6.4 and 5.9 changelog

The PHP 5.5.0 release is out now for CentOS/RHEL 5 on the Webtatic Yum repository as well as CentOS/RHEL 6. It took a little longer to prepare the EL5 version due to resolving ICU requirements, as PHP 5.5 only supports ICU >= 4.0. There is a new set of packages icu42 / libicu42 now included for this.

Here are updated packages in the Yum repository:

• PHP 5.5.0 for CentOS/RHEL 6.4 changelog

The PHP 5.5.0 release is out now for CentOS/RHEL 6 on the Webtatic Yum repository. More information can be found at PHP 5.5 for CentOS 6.4 via yum. The packages have been in testing since the PHP 5.5.0alpha2 release.

PHP.net has also announced that PHP 5.3 will only be receiving critical fixes from now on. Webtatic will continue to provide any of these fixes for CentOS 5.