Red Hat Bugzilla – Bug 51147
consider using php 4.0.7-cvs
Last modified: 2007-04-18 12:35:34 EDT
beta3 contains php-4.0.6. 4.0.7, in CVS, fixes many security and
performance problems with 4.0.6 which necessitate that many sites use the
CVS version. Is there any possibility of including it instead of 4.0.6?
Significant fixes (to me, anyway ;-) from 4.0.6:
* includes cyrus-imap support
* lots of crashes fixed
* thread-safe performance increased
* some data corruption bugs fixed
* LDAP memory leaks plugged
* mail() exploit to spawn arbitrary processes fixed
* overflows fixed
* sessions performance improved
In addition to the security benefits, shipping php-4.0.7 would also allow
users to compile (or Red Hat to bundle) php-gtk, which requires 4.0.7....
PHP 4.0.7 breaks binary compatibility for existing extensions due to recent
changes to the Zend engine. Therefore I do not recommend upgrading to the CVS
version, or 4.0.7, during the RHL7.x series
I thought the compatibility break was 4.0.4 -> 4.0.6 (which RH did an upgrade to
in RH 7.1 errata), not in 4.0.6 -> 4.0.7?
Anyone know the actual answer to this yet?
If not I'll stick with 4.0.6 untill I get a definitive 'you will be adorned by
The actual answer is irrelevant, 'cause now I want PHP 4.1.1, which adds major
performance and security benefits.
To answer your question regarding backwards compatibility and binary plugins, it
looks like Red Hat has already totally thrown that out the window, so you might
as well just give your users the most functional, secure release of PHP you can
(ie, 4.1.1 or CVS).
For example, check out
<http://www.zend.com/store/products/product_compatibility.php> for a list of
binary plugins from just one vendor, Zend. Look at ones like the Zend
Optimizer, for example (chosen 'cause it's one I actually use). Zend Optimizer
1.1 shipped when RH 7.1 shipped, and supported PHP 4.0.4 and 4.0.5. When RH
released PHP 4.0.6 as errata for 7.1, RH broke Zend Optimizer 1.1 on 7.1.
Similarly, if you installed stock 7.1 and Zend Optimizer 1.1, and then upgraded
to 7.2, the RH upgrade broke your Zend Optimizer. The new version of Zend
Optimizer fixes that, but it also works with 4.1.1....
This can be closed. hampton beta 1 includes php-4.1.1
I'm marking it rawhide for lack of a better category (NEXTRELEASE, anyone? ;-)