Re: AW: Vulnerable PHP version according to nessus
* Jordon Bedwell:
> New upstream version is used pretty loosely here. I would hardly
> consider a bug fix release a new version. You guys treat versions as
> if they're a matter of national security, because 5.3.7 vs 5.3.8 is
> obviously gonna have some major major API changes and some way new
> features.
5.3.7 to 5.3.8 perhaps not (I didn't check this), but we shipped 5.3.3
in squeeze. Upgrading to 5.3.7 and later would introduce the changed
is_a behavior, among other things. We don't want to force such
changes upon users, and certainly not in security updates.
Reply to: