The PHP developers recently released versions 7.1.30, 7.2.19 and 7.3.6 that fix several bugs. We’ve upgraded the PHP 7.1, 7.2 and 7.3 series on our servers as a result.
These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.
After recent server updates, two customers contacted us with a problem: their pages that used correctly to display “unicode” non-ASCII characters (like “©” or “curly quotes”) started showing invalid characters like “�” instead.
If this happens to you, it’s likely to be caused by a bug in your script that’s only now visible because of a security change in recent MySQL database versions. For example, the problem happened to the two customers we mentioned because they were using old versions of the Joomla and TextPattern software. Updating each of those fixed it, so if you you have trouble, be sure you’re using the latest versions of any software like that.
Read the rest of this entry »Update May 24 11:00 PM Pacific time: The maintenance described below has been completed and all services are running normally.
Over the last year, we’ve been slowly upgrading our servers from Debian Linux version 8 (codename “jessie”) to version 9 (codename “stretch”). We’ll be finishing that process soon, with brief scheduled maintenance on each server.
The upgrade requires that each hosting server be taken offline for a few minutes over a three hour maintenance window and then restarted, causing brief scheduled “downtime” for websites and email on that server. The total downtime for any site should not exceed ten minutes during this three hour period.
Mail arriving while a server is being restarted will be queued and delivered after a short delay. No mail will be lost.
This coming weekend, we’ll be updating some (not all) web servers:
So, for example, the “web05” and “web14” servers will be updated. This page explains how to find which server a site is on. (Servers ending in digits “0” – “3” and “7” – “9” have already been updated.)
Read the rest of this entry »Update May 18 10:46 PM Pacific time: The maintenance described below has been completed and all services are running normally.
Over the last year, we’ve been slowly upgrading our servers from Debian Linux version 8 (codename “jessie”) to version 9 (codename “stretch”). We’ll be finishing that process over the next few weeks, with brief scheduled maintenance on each server.
The upgrade requires that each hosting server be taken offline for a few minutes over a three hour maintenance window and then restarted, causing brief scheduled “downtime” for websites and email on that server. The total downtime for any site should not exceed ten minutes during this three hour period.
Mail arriving while a server is being restarted will be queued and delivered after a short delay. No mail will be lost.
This coming weekend, we’ll be updating some (not all) web servers:
So, for example, the “web03” server will be updated on May 17, and the “web11” server will be updated on May 18. This page explains how to find which server a site is on.
(Servers ending in digits “0”, “9”, “8” and “7” were updated last weekend, and servers ending in digits “4”, “5” and “6” will be updated the following weekend; we’ll post a separate announcement about that.)
Read the rest of this entry »Update May 11 10:20 PM Pacific time: The maintenance described below has been completed and all services are running normally.
Over the last year, we’ve been slowly upgrading our servers from Debian Linux version 8 (codename “jessie”) to version 9 (codename “stretch”). We’ll be finishing that process over the next few weeks, with brief scheduled maintenance on each server.
The upgrade requires that each hosting server be taken offline for a few minutes over a three hour maintenance window and then restarted, causing brief scheduled “downtime” for websites and email on that server. The total downtime for any site should not exceed ten minutes during this three hour period.
Mail arriving while a server is being restarted will be queued and delivered after a short delay. No mail will be lost.
This coming weekend, we’ll be updating some (not all) web servers:
So, for example, the “web10” server will be updated on May 10, and the “web07” server will be updated on May 11. This page explains how to find which server a site is on.
(Additional servers will be updated the following weekends; we’ll post separate announcements about that.)
Read the rest of this entry »The PHP 7.3 series has been out long enough that all modern script software should be compatible with it, and the authors of popular scripts like WordPress recommend using it. Because of that, we’re making PHP 7.3 the default for new customers.
We haven’t changed the version for any existing accounts, but we recommend that all customers use PHP 7.3 if possible. PHP 7.3 is slightly faster than PHP 7.2 and around twice as fast as PHP 5. If you care about your site’s speed (and you should), always use the newest version of PHP that’s compatible with your scripts. Our Why Update PHP? page explains more about PHP version updates.
WordPress 5.2 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites. WordPress 5.2 works fine on our servers (make sure you’re using a recent version of PHP for your site).
If you’ve previously installed an older version of WordPress, you should update it from within your WordPress Dashboard.
The PHP developers recently released versions 7.1.29, 7.2.18 and 7.3.5 that fix several bugs. We’ve upgraded the PHP 7.1, 7.2 and 7.3 series on our servers as a result.
These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.
Today our servers began using an updated version of the Apache web server software that adds a new security feature: it collapses and ignores consecutive slashes in URLs it receives (among other security fixes).
For example, this URL (note the two slashes between “admin” and “options”):
https://www.example.com/wp-admin//options-permalink.php
… would now be treated exactly as if the web server had been sent:
https://www.example.com/wp-admin/options-permalink.php
This feature ensures that “hackers” cannot add extra slashes to bypass rules intended to restrict access to certain URLs. (The example above is a real security problem in WordPress from 2009 — it allowed hackers to access the permalink screen because the access restrictions were only applied to the exact pattern “/wp-admin/options-permalink.php”, and not to variations like “/wp-admin//options-permalink.php”.)
This change should not cause any problems, and our customers should not notice any change.
However, in the unlikely event that you have intentionally written script code that behaves differently when it sees two consecutive slashes in a URL instead of one slash, you would need to change your code to not rely on that behavior. (Two consecutive slashes in the path of a URI are not valid anyway, and other web servers will remove them by default, so relying on it would be unreliable to start with.)
As always, don’t hesitate to contact us if you have any questions or difficulties.
The PHP developers recently released versions 7.1.28, 7.2.17 and 7.3.4 that fix several bugs. We’ve upgraded the PHP 7.1, 7.2 and 7.3 series on our servers as a result.
These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.
