Nagios Support Forum

Does anyone know if upgrading PHP to version 5.4 or later is possible and/or supported for this appliance?

The requirement to do this comes from a vulnerability scanning tool called QualysGuard having flagged this server as having a severity 5 (highest) security vulnerability due to "EOL/Obsolete Software: PHP 5.3.x Detected".

Thanks.

Upgrading past the version supplied with Nagios XI is not typically recommended as it may break dependent portions of the software. However, packages that display high severity vulnerabilities are typically back patched by us upon upgrade. In this case, and the case of most of these security scanners, it is simply detecting that a newer version of PHP is available, and this is quite common to see. I would not worry too much about it unless there is a specific vulnerability that puts you at great risk, and that we have not patched, or put out a notice about.

Tacking on to slansing's post, automated security scanners will very often mark "outdated" software as the highest severity without regard to any specific vulnerability, even if the version in question was quite stable and secure. As a general rule, scanners are meant to guide and not to dictate.

Thanks for the response, I figured as much

Feel free to close this thread if you wish.

Hmm, one more thing before you do close the thread..

Are there plans to upgrade PHP in the near future as per the below supported versions table?

http://php.net/supported-versions.php

5.3 is 3 years old at this stage and the PHP website actually states for an End of Life version "A release that is no longer supported. Users of this release should upgrade as soon as possible, as they may be exposed to unpatched security vulnerabilities."

We support whatever version the distros choose to use. Please note that that comment is from the php site, which does not take into account what teams like the centos package maintainers do to backport security patches to the major version on that distro. Cent and RHEL both backport pactches from higher versions, as they keep the same major version number throughout the life of a major release.

I'm running PHP Version: 5.4.16 for what it's worth. If you search my posts, you'll find the hurdles I had to cross.

I'm a few beers into the afternoon and my search abilities are diminished...

:cheers

Good point, I had forgotten you did that.