Jump to content

Recommended Posts

kaspersky detected vulnerability in my php
Affected products:
PHP versions earlier than 5.4.39
PHP 5.5 versions earlier than 5.5.23
PHP 5.6 versions earlier than 5.6.7

mine is i guess 5.3 bcz it's in c:\program files (x86)\IIS Express\v5.3\php.exe

Solution:
Update to the latest version:  http://php.net/downloads.php

so what am i exactly supposed to do ?
can i remove the 5.3 version and install latest 5.6.8?
how do i remove 5.3. and how do i install 5.6.8 ?  just delete the v5.3 folder and replace it ?
which file from http://php.net/downloads.php do i download ?
or do i download from http://windows.php.net/download#php-5.6   ? also which one ?
i'm on windows 7 using microsoft webmatrix 3 and visual studio express 2013 for web.
 

Link to comment
https://forums.phpfreaks.com/topic/296078-how-to-update-php/
Share on other sites

  • Solution

Not a IIS user. But I would assume you should able to download the latest version of PHP and copy the files over to your PHP5.3 installation folder and overwriting any existing files.

  • Before doing this first make a copy of your existing PHP5.3 folder
  • Download the latest 5.6 Non Thread Safe zipped package from windows.php.net (labelled VC11 x86 Non Thread Safe)
  • Stop IIS
  • Extract the contents of the zip to your PHP5.3 installation folder
  • Restart IIS

PHP should now be updated.

Edited by Ch0cu3r
Link to comment
https://forums.phpfreaks.com/topic/296078-how-to-update-php/#findComment-1510821
Share on other sites

here
http://stackoverflow.com/questions/7204758/php-thread-safe-and-non-thread-safe-for-windows
the say to use thread safe for iis  and non-thread safe for iis+fast cgi, so i guess i should go thread safe?

also i couldn't find IIS in services so i realized i don't even have IIS turned on (no checkmarks in programs and features-turn windows features on or off) ? should it be on ?

Link to comment
https://forums.phpfreaks.com/topic/296078-how-to-update-php/#findComment-1510837
Share on other sites

I only suggested Non Thread safe as that was what I read from the note on windows.php,net

 

 

Which version do I choose?

 

IIS
If you are using PHP as FastCGI with IIS you should use the Non-Thread Safe (NTS) versions of PHP.

If the non thread safe version does not work then try the thread safe version.

 

 

Also i couldn't find IIS in services so i realized i don't even have IIS turned on (no checkmarks in programs and features-turn windows features on or off) ? should it be on ?

 I only suggested to stop IIS in case Windows complained when you went to overwrite the files that a process was using/reading them.

Link to comment
https://forums.phpfreaks.com/topic/296078-how-to-update-php/#findComment-1510841
Share on other sites

it works but there are two files:
php.ini-development
php.ini-production
and i need to rename one of them into php.ini   ,   which one ?
Also a     php-cgi.exe *32    shows up in the processes when i run a php file in webmatrix, but it stays there even after closing Webmatrix. Is that normal ?

Link to comment
https://forums.phpfreaks.com/topic/296078-how-to-update-php/#findComment-1510932
Share on other sites

If you are developing/testing php code then rename php.ini-development to php.ni

 

 

Also a     php-cgi.exe *32    shows up in the processes when i run a php file in webmatrix, but it stays there even after closing Webmatrix. Is that normal ?

Yes php-cgi.exe is most likely being used by IIS. 

Link to comment
https://forums.phpfreaks.com/topic/296078-how-to-update-php/#findComment-1510934
Share on other sites

i know, there are also   iisexpress.exe *32   and    iisexpresstray.exe *32   processes   that start when i start webmatrix but they also end when i turn off webmatrix.
php-cgi.exe  doesn't.
is there a way to automatically end it when it's not being used ?

 

and do i also need the debug pack from here

http://windows.php.net/download#php-5.6

?

Edited by mike4309
Link to comment
https://forums.phpfreaks.com/topic/296078-how-to-update-php/#findComment-1511005
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.