Php updates delay compared to cPanel
Forum
  1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and cPanel
  1. bettinz
  2. Friday, 09 September 2016
  3.  Subscribe via email
Php 7.0.10 is in repo since 23th of August
Rate this post:
  1. 09.09.2016 16:09:41
  2. # 1
bettinz Accepted Answer
Posts: 12
Joined: 19.01.2013
0
Votes
Undo
Hello, I'm using Cloudlinux repos for EasyApache 4.
I like to have latest versions of php because usually they fix critical security vulnerability.
cPanel released php 7.0.9 on 26th of July https://documentation.cpanel.net/display/EA4/EasyApache+4+Change+Log
but you sync the repo only one month later (testing one month later and stable few days after).

Now with 7.0.10 it's about 2 weeks since the cPanel release. Can we expect more regular updates when EasyApache 4 became stable with CloudLinux?

Thank you
  1. 15.09.2016 08:09:16
  2. # 2
bettinz Accepted Answer
Posts: 12
Joined: 19.01.2013
0
Votes
Undo
PHP 7.0.11 released with security fix (and maybe they release 5.6 too). 
 We're still on 7.0.9 with stable and since few days 7.0.10 is on beta channel.
  1. 21.09.2016 03:09:47
  2. # 3
bettinz Accepted Answer
Posts: 12
Joined: 19.01.2013
0
Votes
Undo
Am I the only one wondering about php updates?

http://news.cpanel.com/easyapache-20-september-2016-maintenance-release/
cPanel, Inc. has released updated RPMs for EasyApache 4 on September 20, 2016, with PHP versions 5.6.26 and 7.0.11. This release addresses vulnerabilities related to CVE-2016-7411, CVE-2016-7412, CVE-2016-7413, CVE-2016-7414, CVE-2016-7416, CVE-2016-7417, and CVE-2016-7418. We strongly encourage all PHP 5.6 users to upgrade to version 5.6.26 and all PHP 7.0 users to upgrade to version 7.0.11.
https://access.redhat.com/security/cve/CVE-2016-7416

ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.
  1. 21.09.2016 14:09:04
  2. # 4
Scott Mutter Accepted Answer
Posts: 60
Joined: 23.04.2014
0
Votes
Undo
I'm not using PHP 7.0 yet on any of our servers, so I really can't speak for it specifically.  We are using PHP 5.6.26, with a mixture of CloudLinux alt-php on some servers and EA4-php on other servers.


PHP 7.0.10 was released by PHP on August 18th

It looks like PHP 7.0.10 for CloudLinux was released around August 25th

PHP 7.0.11 was released by PHP on September 15th

It looks like PHP 7.0.11 for CloudLinux was released today - September 21st


PHP 5.6.26 was released by PHP on September 16

PHP 5.6.26 for CloudLinux was released today - September 21st

PHP 5.6.26 for cPanel (EA4) was released today - September 21st


The fact that it takes 5+ days for PHP versions to be released by php.net and picked up by CloudLinux and cPanel, that is a little concerning.  I wish this interval could be reduced.  I'm really not sure why there is this much time between versions being released.  But I would think that whatever patches CloudLinux or cPanel apply, those patches are fairly uniform between PHP 5.6.25 and PHP 5.6.26.  It's just a matter of downloading the new PHP 5.6.26 source and building new RPMs.  I'm not sure why it takes 5+ days to do this.  But perhaps there is more involved than I am aware of.

If you always want the latest and greatest, the only way you're going to accomplish this is to get it straight from the horse's mouth - in this case php.net.  There's bound to be some delay when you start adding middle men (i.e. CloudLinux and cPanel) between a product (PHP) and the end-user (us).  I'm not that upset over the 5+ days in-between for this, but at the same time I don't understand why it takes 5+ days, I would think this could be reasonably solved within 1 day.  Especially when you know that new versions of each PHP release is going to be released about every month (I'd expect PHP 5.6.27 to be released around October 16th).
  1. 21.09.2016 15:09:30
  2. # 5
Jacob Perkins Accepted Answer
Posts: 1
Joined: 04.03.2016
0
Votes
Undo
Hi,

As a note, cPanel releases PHP updates the Tuesday following the Thursday pushes. So PHP drops on Thursday (sometimes early mornings, sometimes very late evening), and then we come in Friday, build the changes, and test them / prep them for release on Tuesday. This is only around 3 business days. 

cPanel released EA4 updates with PHP 5.6.26 yesterday, Sept 20th. 
  1. 21.09.2016 17:09:34
  2. # 6
Eugene Zamriy Accepted Answer
Posts: 2
Joined: 21.09.2016
0
Votes
Undo
Hello Scott, I'm the alt-php packages maintainer.

Here is alt-php56-5.6.26 /  alt-php70-7.0.11 release timeline:
  • 15 Sep 2016 - upstream release on php.net
  • 16 Sep 2016 - alt-php beta release by CloudLinux, see announcement
  • 20 Sep 2016 - alt-php stable release by CloudLinux, see announcement
So, the real delay between the upstream release and the alt-php release is 1 day. Our alt-php beta channel is pretty safe to use, so if you want updates immidiately, you can install them with "yum groupinstall alt-php --enablerepo=cloudlinux-updates-testing". We will publish a special warning for potentially dangerous beta releases in our blog announcements. To avoid massive outage because of fresh updates, we do not release them right into stable.

As for ea-php packages: we technically cannot release them faster than cPanel does. You've read the Jacob's post - 5 days for cPanel release + 1 (max 2) days for us to apply our patches, rebuild the packages, etc and you will be able to install them from EA4 beta repositories soon.
  1. 21.09.2016 19:09:39
  2. # 7
bettinz Accepted Answer
Posts: 12
Joined: 19.01.2013
0
Votes
Undo
Hello all, I'm happy to see I'm not alone. I'm using EasyApache 4 and I'm forced to use CloudLinux repo. EasyApache repo is different from Alt-Php repo.
Look here:

http://repo.cloudlinux.com/cloudlinux/EA4/6/updates/x86_64/

Updates for easyapache 4 were uploaded on 2016/09/13
https://www.cloudlinux.com/cloudlinux-os-blog/entry/beta-easyapache-4-updated-1-3
(note it's in testing, so it will be available after some days)

and this update include ea-php70*7.0.10-2 released on 2016/08/16

 http://www.php.net/ChangeLog-7.php#7.0.10

Again, php 7.0.9 released by php.net on 2016/07/21 and uploaded in testing on 2016/08/23
https://www.cloudlinux.com/cloudlinux-os-blog/entry/beta-updates-for-easyapache-4-released

27 Days for 7.0.10, 32 days for 7.0.9 (plus some days to switch between testing and stable). What I'm asking is if it's normal and it's because easyapache4 repo it's still in beta. Of course I hope to see 5 or 7 days between releases, but now we're around the month.
  1. 22.09.2016 02:09:56
  2. # 8
Eugene Zamriy Accepted Answer
Posts: 2
Joined: 21.09.2016
0
Votes
Undo
Hello bettinz,

Previous CL EA4 updates were really slow because we were adopting our monitoring / build / testing processes for the new product. But now the situation became better and the latest ea-php* packages are already published to our beta repositoriy (~1 day delay after cPanel release). We are going to release them to stable today / tomorrow after additional testing.

So, my recommendation is the same as for alt-php: use beta if you want to receive updates immediately.
  1. 22.09.2016 15:09:45
  2. # 9
Igor Seletskiy Accepted Answer
Posts: 1194
Joined: 09.02.2010
0
Votes
Undo
We have pushed the release to production. I want to say thanks for my team for pushing through it and staying late and getting it out.

The release was delayed due to unexpected patch in PHP-FPM. We are taking all possible measures to prevent such issues in the future. I also want to thank cPanel team for being open and working with us on improving the process.
  1. 23.09.2016 20:09:37
  2. # 10
bettinz Accepted Answer
Posts: 12
Joined: 19.01.2013
0
Votes
Undo
And I want to thank you all CloudLinux Team for the great work. Thank you  ;)
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.