Re: php vulnerabilities
* Matthew Palmer:
> On Tue, Dec 21, 2004 at 01:28:00PM +0100, martin f krafft wrote:
>> Stop using PHP. Learn Zope and PostgreSQL.
> Because, of course, neither of those ever have security
> vulnerabilities, and if they did, their upstreams would naturally
> help us to backport security fixes to 3 year old versions of the
It's not just the historic version in Debian/stable. For example,
SuSE has yet to release a php4 update, too, although they only support
4.3 these days, AFAIK. The lack of coordination of security bug
resolution on the PHP developers' part is certainly a point to
consider before you deploy additional PHP-based applications.
I'm not sure if the other server-side scripting languages are so much
better. I'm just following the PHP situation more closely, having
left behind a couple of PHP scripts at my previous workplace. 8-/