Description of problem: Seems that rh-php72 gots a kind of lost. I was wondering why are no updates where released for the php72 packages since December 2018. According to the CVE List where were a lot of CVEs in the meanwhile: https://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-269705/PHP-PHP-7.2.10.html I also found this CVEs mentioned in the Redhat Product Erratas, but only for PHP 7.1: https://access.redhat.com/errata/RHSA-2019:2519 As PHP 7.1 goes EOL end of the month via rhscl and 7.0 will follow next month PHP 7.2 gets the only still supported Version via rhscl. (according to https://access.redhat.com/support/policy/updates/rhscl) Also in the bugtracker rh-php72 is not listed by now as a selectable Component. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. yum install rh-php72 on CentOS7 or look at http://mirror.centos.org/centos/7/sclo/x86_64/rh/rh-php72/ Actual results: See only Version 7.2.10-3.el7 from 5.12.2018 Expected results: See an updated Version fixing newer PHP CVEs since End of 2018 Additional info:
This needs to be patched ASAP; the latest version of rh-php72 from Redhat SCL is failing scans because of critical vulnerabilities on our web servers. Please provide an update to all php 7.2 pachages in SCL.
Any updates on this? This is urgent as it's a security issue!