Ya, I think I'll take my chances with getting an exception on the apache issue, and wait until the PHP update comes out.

Joe, any idea when the PHP 5.2.6 update will roll?

Cheers,
T

well, they took off the excessive ports issue, and the apache version issue. I might as well just ask for them to remove the PHP version issue then, huh? If it was that easy ;)

Then I can be "compliant". Yay! As if it means a whole hell of a lot.

T

That did it. I am now PCI compliant. Oh yay! ;)

T

Hi

I am just going thro the PCI at the moment. an out of the box install only showed 4 medium priority items that i need to change to get compliant!

1. restrict recursive queries to the hosts that should use this name server??? i asume in the ACL i add the ip addresses of the systems i want to connect to it??

2. disable SSL 2.0 and use SSL 3.0 or TLS 1.0 - I cannot see anywhere i can change this with in the settings??

3. make sure all forms are sent and received over SSL - html issue!

4. Reconfigure services to avoid the use of weak ciphers - hay what???

anyone got any ideas????

Colin

In the "install scripts" part of VM pro I want to install the shopping cart "Magento" but the install says I need php 5.2

Is there a way to selectively install php 5.2 without a full virtualmin upgrade (which is already up to date anyway)

How do I install the official php 5.2 package providd by VM? Is there one?

Thanks,
Max

I answered the SSL v2.0 in your bug report colinkent

Joe, do you guys have an eta on PHP 5.2.6? If you guys are going to release it soon, I would much rather wait for it than to install my own.

+1 for news about PHP 5.2.6 here.

would very much like to run an opcode cache, too: either XCache or eaccelerator. would be very grateful for an install recipe.

best,

Adrian
Adrian Russell-Falla

Joe wrote:
BTW2-Note I said PHP 5.2.6. 5.2.5 has security vulnerabilities, unless patched. ;-)

I still have php 5.1, and ain't able to update to 5.2.6.

How long are you with the update Joe?
Does you have a timeline?

I still think this software are great, but php 5.2.6 will make it even better.

Peter, Denmark

Howdy,

What distribution are you using?

If you're using something like CentOS 5 or RHEL 5, which are currently offering PHP 5.1.6 -- they backport security fixes and such into that version of PHP. You should be in good shape, security-wise.

In dealing with any of the PCI Compliance testers, they're pretty understanding about the backporting, you should just be able to mark older versions they detect as a "False Positive" and simply mention what distro you're running, and that you're up to date with patches.

I'm sure there's some features in 5.2.6 that folks may want, and Joe will certainly get around to that. But in the meantime, as far as security is concerned running PHP 5.1.6 on RHEL/CentOS5 is up to date.
-Eric