Latest updates, PHP 5.5.7 / 5.4.23 / 5.3.28

Here are updated packages in the Yum repository:

All three releases fix a CVE CVE-2013-6420.

PHP 5.3.28 also fixes a CVE CVE-2013-4248 previously fixed in PHP 5.5.2 and 5.4.18, but only now has been put into PHP 5.3. This is incorrectly mentioned on the PHP.net website and changelog as the Ruby variant of the same flaw CVE-2013-4073.

Latest updates, PHP 5.5.6 / 5.4.22, Nginx security fix, APCu

Here are updated packages in the Yum repository:

The Nginx release includes a CVE patch CVE-2013-4547 Webtatic has backported from version 1.4, so that current Nginx 1.2 users on Webtatic have the security update.

The PHP releases have only bug fixes in.

PHP APCu is now included in the repository for both PHP 5.4 and 5.5. APCu is a cut down version of APC, which just deals with user cache, removing it's opcode cache that doesn't support PHP 5.5. This should allow you to continue to use the user cache to speed up websites.

Latest updates in testing, PHP 5.5.6 / 5.4.22

The following packages are in testing, and available for download in the testing repositories:

  • php55w 5.5.6
  • php54w 5.4.22

Assuming you have the Webtatic repositories set up (see Yum Repository), you can update using:

    yum update <package> --enablerepo=webtatic-testing

Latest updates in testing, PHP 5.5.5 / 5.4.21, MySQL 5.5.34

The following packages are in testing, and available for download in the testing repositories:

  • php55w 5.5.5
  • php54w 5.4.21
  • php55w-pecl-apcu / php54w-pecl-apcu 4.0.2
  • mysql55 5.5.34

Assuming you have the Webtatic repositories set up (see Yum Repository), you can update using:

    yum update <package> --enablerepo=webtatic-testing

Latest updates in testing, PHP 5.5.3 / 5.4.19, MySQL 5.5.33

The following packages are in testing, and available for download in the testing repositories:

  • php55w 5.5.3
  • php54w 5.4.19
  • mysql55 5.5.33

Assuming you have the Webtatic repositories set up, you can update using:

    yum update <package> --enablerepo=webtatic-testing

Repository structure change: old versions of packages moved to archive repository

New repositories were created a month ago to store old versions of packages that were in the EL5.1 and EL6 repositories, where newer versions are kept. Today, the old versions of these packages have been moved to these new archive repositories.

If you have installed the latest.rpm recently, you will already have configured access to these archive repositories, but otherwise you can get access by repeating installation of the repository version you are using, see the Yum Repository page for details on how to install this.

Archived versions of packages will instead now be accessible for installation via:

yum install package-name.version --enablerepo=webtatic-archive

If you do use the archived packages, please note that using them there may be bugs and security issues that have since been fixed in the latest version of the packages, so if you can avoid it, you should only use the standard repositories.

This separation will mean that the package metadata for the existing EL5.1 and EL6 repositories will be reduced in size now, and mirroring should by default only sync the latest packages. It is standard practice in Yum repositories to delete or archive old versions of packages, Webtatic has taken the latter approach so that if it's critical to you to stay on the old versions, you can still do that.

Latest updates, PHP 5.5.1 / 5.4.17

Here are updated packages in the Yum repository:

The PHP 5.5 and 5.4 releases addresses a CVE, CVE-2013-4113. The CVE and changelogs do not mention PHP 5.5.0 and 5.4.0 - 5.4.17 versions are affected, however they are and the security fix is in PHP.net's 5.5.1 version, and will be in their next PHP 5.4 release (5.4.18).

Webtatic has included the pending PHP 5.4.18 security fix for this in it's php54w*-5.4.17 release, so although PHP 5.4.18 will likely be released on PHP.net within the week addressing this issue, it will not be as urgent to upgrade if using php54w*-5.4.17.

Additionally, there have been the following improvements added to the Webtatic PHP releases:

  • Zend Thread Safety (ZTS) mod_php module is now bundled with the standard mod_php module (non-ZTS), and will only be enabled if switching httpd prefork MPM to the worker MPM. All PHP extensions included in the repository will install standard extensions and ZTS extensions by default, and depending on the mod_php version being used, use the appropriate extensions in /etc/php.d (non-ZTS) and /etc/php-zts.d (ZTS).
  • Mysqlnd is supplied as alternative additional package to php54w-mysql/php55w-mysql (using the system libmysqlclient), and will replace the alternative php54w-mysql55/php55w-mysql55 (using Mysql 5.5 libmysqlclient).
  • Several built-in PHP extensions are now shared extensions, so they can be disabled by removing the appropriate /etc/php.d/*.ini and /etc/php-zts.d/*.ini files

Latest updates, PHP 5.5.0 on CentOS/RHEL 6

Here are updated packages in the Yum repository:

The PHP 5.5.0 release is out now for CentOS/RHEL 6 on the Webtatic Yum repository. More information can be found at PHP 5.5 for CentOS 6.4 via yum. The packages have been in testing since the PHP 5.5.0alpha2 release.

PHP.net has also announced that PHP 5.3 will only be receiving critical fixes from now on. Webtatic will continue to provide any of these fixes for CentOS 5.