On December 8th 2016, the PHP group released PHP 5.6.29.
This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.
PHP 5.6.29 packages are now available for Debian 7 “Wheezy”, on both amd64 and i386 architectures, in ZTS and non-ZTS (default) flavors, along with the usual PECL extensions.
On November 10th 2016, the PHP group released PHP 5.6.28.
This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.
PHP 5.6.28 packages are now available for Debian 7 “Wheezy”, on both amd64 and i386 architectures, in ZTS and non-ZTS (default) flavors, along with the usual PECL extensions.
On November 10th 2016, the PHP group published PHP 7.0.13.
This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.
Packages of PHP 7.0.13 are now available for Debian 8 “Jessie” on amd64 and i386 architectures, along with the following PECL extensions : APCu, APCu_bc, geoip, igbinary, imagick, memcached, mongodb, msgpack, redis, ssh2 and xdebug (Careful, PHP 7 support from some of them is still very young!).
Packages of Nginx 1.10.2 for Jessie and Wheezy – amd64 and i386 – have been updated to fix CVE 2016-1247.
Secure log file handling (owner & permissions) against privilege escalation attacks. /var/log/nginx is now owned by root:adm. Thanks Dawid Golunski for the report. Changing /var/log/nginx permissions effectively reopens #701112, since log files can be world-readable. This is a trade-off until a better log opening solution is implemented upstream (trac:376).
This update can also bring full HTTP2 support to Jessie with a new additional repository. As a reminder, Chrome as a browser was not supported on stock Jessie, because it requires a more recent OpenSSL 1.0.2 for its ALPN protocol. Now that jessie-backports includes such an OpenSSL version, Dotdeb provides Nginx packages with full HTTP2 support for Chrome. Here is how to install them :
deb http://packages.dotdeb.org jessie-nginx-http2 all
Please note that this change will not be available on Wheezy.
Redis 3.2.5 has been released on October 26th 2016 to fix a compilation issue.
The upgrade urgency is low.
The packages are now available :
Nginx 1.10.2 has been released on October 18th 2016, to fix issues with HTTP/2 and bugs with the sub_filter, aio threads and sendfile directives.
As a consequence, packages of Nginx 1.10.2 are now available :
For more details about which modules are included in the different Nginx flavors (light, full and extras), just take a look at the configuration options of their respective sections in the Jessie and Wheezy Makefiles.
On October 13th 2016, the PHP group published PHP 7.0.12.
This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.
Packages of PHP 7.0.12 are now available for Debian 8 “Jessie” on amd64 and i386 architectures, along with the following PECL extensions : APCu, APCu_bc, geoip, igbinary, imagick, memcached, mongodb, msgpack, redis, ssh2 and xdebug (Careful, PHP 7 support from some of them is still very young!).
On October 14th 2016, the PHP group released PHP 5.6.27.
This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.
PHP 5.6.27 packages are now available for Debian 7 “Wheezy”, on both amd64 and i386 architectures, in ZTS and non-ZTS (default) flavors, along with the usual PECL extensions.
Redis 3.2.4 has been released on September 26th 2016, bringing an important security fix and a few other changes.
The upgrade urgency is critical.
The packages are now available :
On September 15th 2016, the PHP group published PHP 7.0.11.
This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.
Packages of PHP 7.0.11 are now available for Debian 8 “Jessie” on amd64 and i386 architectures, along with the following PECL extensions : APCu, APCu_bc, geoip, igbinary, imagick, memcached, mongodb, msgpack, redis, ssh2 and xdebug (Careful, PHP 7 support from some of them is still very young!).