[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: php vulnerabilities

* Matthew Palmer:

> On Tue, Dec 21, 2004 at 01:28:00PM +0100, martin f krafft wrote:
>> Stop using PHP. Learn Zope and PostgreSQL.
> Because, of course, neither of those ever have security
> vulnerabilities, and if they did, their upstreams would naturally
> help us to backport security fixes to 3 year old versions of the
> software.

It's not just the historic version in Debian/stable.  For example,
SuSE has yet to release a php4 update, too, although they only support
4.3 these days, AFAIK.  The lack of coordination of security bug
resolution on the PHP developers' part is certainly a point to
consider before you deploy additional PHP-based applications.

I'm not sure if the other server-side scripting languages are so much
better.  I'm just following the PHP situation more closely, having
left behind a couple of PHP scripts at my previous workplace. 8-/

Reply to: