dcsimg

Developers Urged To Avoid Latest PHP Update

By HTMLGoodies Staff

WEBINAR:
On-Demand

Application Security Testing: An Integral Part of DevOps


Many developers are quick to upgrade to the latest PHP releases in order to take advantage of the latest functionality, or protect themselves and their users from potential security issues. The folks who create the PHP scripting language this week, however, are urging PHP users to avoid updating to last week's release, due to a serious but that affects cryptographic functions.

The release with the problem, version 5.3.7, contains a flaw that deals with the crypt() function that is utilized for cryptographically hashing a text string. If a developer uses the command along with the MD5 algorithm and what is called salt characters (which are typically used to aid in randomizing the resulting hash value) PHP responds by returning the salt, but not the salted hash.
 
Although they were aware of the issue, they released the update anyway because it fixed several other security issues. That said, they still informed users about the problem, and asked them to hold off, stating that "Due to unfortunate issues with 5.3.7 users should wait with upgrading until 5.3.8 will be released (expected in few days)".

Read the original article here.



Make a Comment

Loading Comments...

  • Web Development Newsletter Signup

    Invalid email
    You have successfuly registered to our newsletter.

    By submitting your information, you agree that htmlgoodies.com may send you HTMLGOODIES offers via email, phone and text message, as well as email offers about other products and services that HTMLGOODIES believes may be of interest to you. HTMLGOODIES will process your information in accordance with the Quinstreet Privacy Policy.

  •  
  •  
  •  
Thanks for your registration, follow us on our social networks to keep up-to-date