Joakim Nygård Archive Linked About

The PHP version in Mac OS X is old

1 Aug 2007

From security update 2007-007 released today by Apple:

CVE-ID: CVE-2007-1001, CVE-2007-1287, CVE-2007-1460, CVE-2007-1461,
CVE-2007-1484, CVE-2007-1521, CVE-2007-1583, CVE-2007-1711,
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9,
Mac OS X v10.4.10, Mac OS X Server v10.4.10
Impact: Multiple vulnerabilities in PHP 4.4.4
Description: PHP is updated to version 4.4.7 to address several
vulnerabilities. Further information is available via the PHP web
site at

I say update to PHP5 already instead of patching a version that was surpassed 3 years ago. It’s been so long that PHP4 has been declared end of life and the GoPHP5 project is gaining traction.

I know Apple probably won’t upgrade in a minor OS version bump, but here’s hoping they’ll include PHP 5.2 in Leopard. Until then, I’ll continue to compile PHP5 myself (or grab the PHP binary from Marc Liyanage). Keeping third party software up to date is a big step towards a secure environment.