PHP 5 Upgraded for Security
We’ve updated PHP 5 on our servers to cover sixteen recently identified security issues. This only affects customers who have chosen to use PHP 5 — but since this upgrade only fixes security bugs, even those customers shouldn’t notice any changes.
This update was delayed because the Debian Linux version of this security update has a bug in the PHP strip_tags() function, which affects popular Web applications like vBulletin and Moodle. The symptom is that new “posts” in these programs have missing paragraphs if the post contains an odd number of apostrophes, which is obviously unacceptable. After discovering that, we “downgraded” to the previous working version of PHP 5 until we could resolve the issue.
The bug originated in PHP itself but has since been fixed there. Since it hasn’t yet been fixed in Debian, we’ve patched it ourselves for now. The patch is available here for those who might want the .patch file.
(By the way, this page explains how we handle security updates if you’re curious.)