We’ll be talking a lot about “security updates” on the blog, so a word about what these are and how we handle them is probably in order.
There are literally thousands of software programs on our servers, most of which are written by other people and used by many companies. From time to time, “security vulnerabilities” with these kinds of programs are discovered. A security vulnerability is something that could allow a “hacker” (or “cracker”, for purists, although that battle has been lost) to take advantage of a programming bug to do something unauthorized with the program, such as send spam or delete files.
Read the rest of this entry »
We’ve updated PHP 4 on our servers to cover six recently identified security issues. Users shouldn’t notice any changes.
An upgrade for PHP 5 is also in progress. After testing, we actually rolled out the update onto our servers for a short time, until a customer reported an unusual problem with vBulletin posts getting cut off when they contain an odd number of apostrophes shortly afterward. This problem appears to be related to the update, so we have rolled back to the previous version of PHP 5 while we investigate this. (This kind of thing is very rare: this is the first security update in over year that has caused a problem. We have a suite of “regression tests” that we use to test PHP upgrades, and there wasn’t a general problem with it. We’ll follow up with more details when we know more.)
By the way, if you’re unfamiliar with what we mean by a “security update”, this page will help.
