When is the next xampp update due

Problems with the Windows version of XAMPP, questions, comments, and anything related.

When is the next xampp update due

Postby lls » 25. April 2017 23:31

I have recently updated to to xampp 5.6.30 which has in it PHP 7.1.1 however my security folk tell me that we should be using PHP 7.1.2 because of security vulnerabilities. So I actually have two questions. The first is can I simply update the PHP component with 7.1.2 or alternatively the second question is will there be a release of xampp soon which incorporated PHP 7.1.2
lls
 
Posts: 2
Joined: 25. April 2017 22:58
XAMPP version: 5.6.30
Operating System: Windows Server 2012

Re: When is the next xampp update due

Postby Altrea » 26. April 2017 20:13

lls wrote:I have recently updated to to xampp 5.6.30 which has in it PHP 7.1.1

No.
XAMPP 5.6.30 contains PHP 5.6.30
XAMPP 7.1.1 contains PHP 7.1.1

lls wrote:however my security folk tell me that we should be using PHP 7.1.2 because of security vulnerabilities.

Vulnerability in which context? Ask your security folk if these security vulnerabilities are exploitable on local only test and development environments.
That is the environment XAMPP is designed for.
A local test and development environment can have multiple software security vulnerabilities without ever being attackable or insecure.

lls wrote:The first is can I simply update the PHP component with 7.1.2

technically yes. But we don't provide any support for that. So you are on your own with that.
If you does have the knowledge and skill to update this core single component on your own i cannot guess.

lls wrote:will there be a release of xampp soon which incorporated PHP 7.1.2

We don't have any release schedule. It's done when it's done.
To get a clue you can take a look at past release dates.

If you want to always get best scores in so named vulnerability scanners than xampp is the wrong product for you. XAMPP does not provide single component upgrases.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 11 Pro x64

Re: When is the next xampp update due

Postby lls » 26. April 2017 21:46

Thank you all for your replies they have been very useful

My Security Guys tell me the following in relation to PHP vulnerabilities:-

- A denial of service vulnerability exists in mysqli.c due to a memory leak. An unauthenticated, remote attacker can exploit this to crash the application.
(BID 96300 / PHP Bug #73949)

- A remote code execution vulnerability exists in the PHP-Win client due to a DEP violation. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (BID 96303 / PHP Bug #73876)

Based on the information I have so far I think we are okay and the exploits are minimal
lls
 
Posts: 2
Joined: 25. April 2017 22:58
XAMPP version: 5.6.30
Operating System: Windows Server 2012

Re: When is the next xampp update due

Postby Altrea » 26. April 2017 22:42

lls wrote:Based on the information I have so far I think we are okay and the exploits are minimal

That is one of the most important lessons IT employees and especially IT security employees have to learn :D Always set into correct context.
IT security assessment tools are great to get an idea of possible securty issues, but always needs to get construed related to the specific environment.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 11 Pro x64


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 149 guests