PHP 7.4.11, 7.3.23, 7.2.34 released

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #2705
    lightswitch05
    Participant

    These are all regularly scheduled security releases and all users are encouraged to upgrade:

    [7.4.11](https://www.php.net/ChangeLog-7.php#7.4.11)

    [7.3.23](https://www.php.net/ChangeLog-7.php#7.3.23)

    [7.2.34](https://www.php.net/ChangeLog-7.php#7.2.34)

    If you are still here, I would like to share a little automation tool I created to notify of these updates in an automated pipeline environment: [PHP Version Audit](https://www.github.developerdan.com/php-version-audit/)

    If you ran it today against 7.4.10, you would now see this output informing you about the new version and CVEs:

    docker run –rm -t lightswitch05/php-version-audit:latest –version=7.4.10
    {
    “auditVersion”: “7.4.10”,
    “hasVulnerabilities”: true,
    “hasSecuritySupport”: true,
    “hasActiveSupport”: true,
    “isLatestPatchVersion”: false,
    “isLatestMinorVersion”: false,
    “isLatestVersion”: false,
    “latestPatchVersion”: “7.4.11”,
    “latestMinorVersion”: “7.4.11”,
    “latestVersion”: “7.4.11”,
    “activeSupportEndDate”: “2021-11-28T00:00:00+0000”,
    “securitySupportEndDate”: “2022-11-28T00:00:00+0000”,
    “rulesLastUpdatedDate”: “2020-10-01T15:01:54+0000”,
    “vulnerabilities”: {
    “CVE-2020-7069”: null,
    “CVE-2020-7070”: null
    }
    }

    The descriptions for the CVEs are null because the [National Vulnerability Database](https://nvd.nist.gov/vuln/search) does not have descriptions yet, but the information will be updated once it is available. The tool works by pulling down this JSON file that is automatically updated twice a day, which you are also welcome to use directly https://www.github.developerdan.com/php-version-audit/rules-v1.json

    Feel free to checkout the code if you are interested: https://github.com/lightswitch05/php-version-audit

    #2706
    tehnologie
    Guest

    >I would like to share a little automation tool I created to notify of these updates in an automated pipeline environment

    Thank you Developer Dan.

    #2707
    SaraMG
    Guest

    Looks like you’re parsing Changelog-#.php which is probably for the best so that you can pick up references to CVEs (directly or indirectly via bug numbers), but I just want to make sure you’re aware of these two APIs on [php.net](https://php.net):

    * [https://www.php.net/releases/active.php](https://www.php.net/releases/active.php) // JSON
    * [https://www.php.net/releases/feed.php](https://www.php.net/releases/feed.php) // XML

Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.