Sunday, April 12, 2009

PHP 5.2.9 Windows Version Updated

PHP developers has released another Windows version of PHP 5.2.9 due to security flaws found on OpenSSL library which was assigned CVE-2009-0590, CVE-2009-0591 and CVE-2009-0789. The fact that only Windows version is affected is interesting as it comes from same source, but different bundling.

Windows version shipped all the necessary libraries into the package, thus larger in size and everytime a single module is updated (due to security fixes or any other problems), it has to be rebuilt and make a new package, thus requiring users to install the new version by removing the old one first (the safe way).

This condition does not applies to Linux which can utilize dynamic linking so that the program will search for the available libraries installed on the system. So you only need to upgrade your existing libraries and the PHP package can link to the new one (if available). In the worst case, you can just use the old configuration parameters and apply it to the source and recompile it so that it founds the new version and linked them in. No need to uninstall the old one big grin