PHP 5.3.3 & 5.2.14 released
 

Important point:


via http://php.net/

Re: PHP 5.3.3 & 5.2.14 released
 

Thanks for the heads up rrf.

For those of you whose servers are in scope for your PCI-DSS assessment this means you must upgrade. Its unclear whether or not this would be classed as a critical security patch so installing within the 1 month requirement for critical security patches would be prudent. If you are running PHP 5.2 then this means you need to upgrade to 5.3 pretty quickly. I think you could make a case for going to 5.2.14 within 1 month and then to 5.3.3 within the next month. But thats about it for 5.2 since there is no guarantee of future security patches.

Re: PHP 5.3.3 & 5.2.14 released
 

HackerGuardian (Comodo) is already sending out the notices to users saying that they'll be out of PCI Compliance in 7 days if they are not updated. I expect to see a rush of users needing that X-Cart PHP 5.3 patch :)

EDIT NOTE: I mistakenly said HackerSafe (which was bought by ScanAlert which was bought by McAfee). I've edited it to say HackerGuardian (Comodo)

Re: PHP 5.3.3 & 5.2.14 released
 

Yea, unfortunately that php 5.3 patch only works on the 'stable' (i.e. latest) version of each branch. For example, I tried the 4.1.12 patch on a 4.1.8 cart and it was a no go. Going to start a new thread for people to post solutions to this issue - need a central clearing house of patches for each version.

Re: PHP 5.3.3 & 5.2.14 released
 

Here's another fun problem - Plesk doesn't run on PHP 5.3 yet. Anyone heard anything about when that is going to be addressed? I'm a big Plesk fan and don't want to switch to Cpanel :(

Re: PHP 5.3.3 & 5.2.14 released
 

As far as I know the hosting platform that QualiTeam operates on for their own hosting company is operating under Plesk. Myself, I'm a cPanel guy, but I remember seeing a few people on WebHostingTalk talking about doing a custom php build in Parallels (Plesk), but it had to be on the newer version of their software.

Re: PHP 5.3.3 & 5.2.14 released
 

From what I have read you can run PHP 5.3 on Plesk for your applications (e.g. X-Cart) but not for the control panel. Sound like they are using an encoder that isn't compatible with PHP 5.3 for the CP. They are two different PHP installs so its possible to go to PHP 5.3 for X-Cart and leave Plesk running PHP 5.2.x. Now that defeats the PCI requirements and Parallels just suggests to hide the php version using expose_php=off in the php.ini to pass scans.

http://forum.parallels.com/showthread.php?t=92192

Re: PHP 5.3.3 & 5.2.14 released
 

Have you considered the atomicturtle repositories for doing this? So far I've had no probs with running php- 5.3.3

Re: PHP 5.3.3 & 5.2.14 released
 

I just received notice today that my hosting company (EWD) that will be switching to PHP 5.3 shortly. What problems can I expect, if any, while using x-cart 4.2.3 and 4.1.11?

Re: PHP 5.3.3 & 5.2.14 released
 

4.1 you'll need to patch. I believe the 4.2.x is already PHP 5.3 compatible.

You can get the patch from inside the File Area in the members area.