The PHP Group released PHP 5.2.8 this morning to fix the magic_quotes_gpc issue.
If you previously installed PHP 5.2.7-0.dotdeb.1 from Dotdeb and do not care about the version number displayed in your phpinfo(), save your bandwidth, your server is already secure 🙂 Otherwise, just apt-get upgrade your LAMP stack…
[update] The packages have been upgraded to 5.2.8-0.dotdeb.1 to fix an issue about pcre & utf8.
Stefan Esser has posted a warning about upgrading PHP to the 5.2.7 release :
(…)a change in the ext/filter extension that by default processes all incoming data, broke the magic_quotes_gpc feature. While magic_quotes_gpc itself is deprecated and it is recommended to not rely on it as protection against SQL injection, it is still used in many legacy applications that become very insecure once it is turned off. And exactly that happens with the upgrade to PHP 5.2.7. The fix for this was already commited to the PHP CVS and PHP 5.2.8 will be released next week.
I just fixed this issue in the Dotdeb packages, just upgrade your servers.
From PHP.net :
The PHP development team would like to announce the immediateavailability of PHP 5.2.7. This release focuses on improving the stability ofthe PHP 5.2.x branch with over 120 bug fixes, several of which are security related.All users of PHP are encouraged to upgrade to this release.
Further details about the PHP 5.2.7 release can be found in the release announcement for 5.2.7, the full list of changes is available in the ChangeLog for PHP 5.
PHP 5.2.7 is now available on Dotdeb for Etch (amd64/i386) and there’s a great news : libapache2-mod-php5 is now compatible with apache2-mpm-itk.
MySQL, the most popular open source database, releases on November 27, 2008, its version 5.1 GA (General Availability). It is now available on Dotdeb for Etch (amd64/i386)!
Version 5.1 introduces several enhancements to the already rich set of features. Most notable are partitioning, row based replication, the event scheduler, a new plugin infrastructure, and logs on demand.
There are more new features, but the general improvement is better performance and manageability. Many users have already adopted MySQL 5.1 in production. Their feedback has been reported in the MySQL technical articles. Check them out. MySQL 5.1 is ready for prime time!
Awstats is a commonly used program to calculate web statistics from your webserver logfiles. It can detect useragents, referers, unique visitors… But one of its another feature is to build usage reports from your mail server’s logfiles, as seen on this demo.
Here is how to quickly configure Awstats to take profit of your Qmail log files…
Read more »
The Vpopmail 5.4.25 packages has been updated to fix a problem with passwords longer than 8 characters.
The /etc/init.d/vpopmail script has been updated to launch simultaneously :
- the (enabled by default) POP3 server
- the (disabled by default) POP3-SSL server
- the (disabled by default) Vpopmaild server
depending on the settings in /etc/vpopmail/options.
On the previous week-end, Dotdeb’s website went down due to configuation problems. Sorry for that, it is now fixed.
I just updated Qmailadmin 1.2.11 for Etch amd64/i386 to include some changes :
- instead of a checkbox to enable/disable spam filtering on pop accounts, there is now a list to chose what to do (no filtering, marking spams, deleting spams, learn spam, learn ham). This allow anyone to easily train your bayesian filters.
- Spamassassin is now recommanded and will replace bogofilter in a near future
- Clamassassin replaces clamfilter.pl due to performance issues. Please DO update the /etc/procmailrc-* files during the upgrade to ensure virus are scanned.
I often receive emails telling me that Dotdeb is a great tool, but that some useful packages are missing, such as some PECL extensions. I wish I could maintain many and many packages, but I don’t think it’s a good idea for the Dotdeb’s overall quality and for my free time 😉 Sorry for that.
Then, this article will show you how to build packages from your favorite PECL extensions in a strict Debian way, using the dh-make-php package.
Read more »
Vpopmail 5.4.25 has been packaged for Etch amd64/i386 to fix some annoying bugs. It’s safe and recommanded to upgrade your servers to this version.
For more information, read the official Changelog.