[Thu Jan 16 10:56:24 2014] [error] [client 10.71.4.3] PHP Fatal error: SourceGuardian Loader - This protected script does not support version 5.5.8 of PHP. Please contact the script author about this problem. Error code [07] in /usr/local/nagiosxi/html/includes/dbl.inc.php on line 2
At this point it was not planned, if it really needs to happen, as I'm sure you would like, we can probably work something out. If possible I would really like to know either what cve's its finding that 5.4 has not had backports for, or what tool is causing this report. Feel free to PM me as I'm sure you don't want the latter being public knowledge. But it seems like your auditors are just taking the vulnerability scanner at its word and never verifying if its actually vulnerable, which leads you to do a lot of extra work. When you went from 5.3 to 5.4, there were almost none if any patches that were not backported to 5.3, its just that it only is considering main php version and not what the rpm may contain, as I feel it should. I'm not trying to say it's a bad practice to update, thats certainly a good thing, but I think your auditors are a bit overboard and blindly accepting scans.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
