PHP 7.X vulnerability and Magento 1.7

magento.stackexchange https://magento.stackexchange.com/questions/289382

  •  13-03-2021
  •  | 
  •  

Question

As many of you know there are multiple vulnerabilities that pertain to PHP 7.1, 7.2, and 7.3. I currently run PHP 5.6 with Magento 1.7. I am pretty confident that 1.7 does NOT support any of the recent PHP 7.X versions.

What should be our next steps, is there a high risk of keep running PHP 5.6?

Sources:

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php-could-allow-for-arbitrary-code-execution_2019-087/

https://support.magento.com/hc/en-us/articles/360033561271

Was it helpful?

Solution

I asked this question too on the r/PHP subreddit, and got some useful info on it It seems as though there are OSes and repos providing backports of the security fix for the older EOL versions (like 5.6).

See here for the thread: https://www.reddit.com/r/PHP/comments/d2syvg/is_cve201913224_an_issue_for_php5x_70/

EDIT:

You can get Debian/Ubuntu security backports via the Ondrej PHP repo, and CentOS/RHEL can get backports via the REMI repos. If you need the PHP source code with backports, Microsoft provide a GitHub Repo for that.

Licensed under: CC-BY-SA with attribution
Not affiliated with magento.stackexchange
scroll top