On Mon, May 17, 2021 at 08:56:06PM +0100, Nick Howitt wrote: > > > On 17/05/2021 19:32, Kevin Fenzi wrote: > > roundcubemail in epel7 is very old at this point, and can never be > > upgraded because epel7 has too old a php. > > > > It's got 10 CVEs open against it. > > > > I'm planning on retiring it later today. > > > > I can mail epel-announce about it... > > > > kevin > > > What is the PHP issue? Roundcube 1.4 requires PHP >= 5.4.1 - > https://roundcube.net/about/#features. Current PHP is php-5.4.16-48. There > is also 1.3.16 and the LTS 1.2.13 = https://roundcube.net/download/. Currently epel7 has 1.2.12. We could update to 1.2.13, which fixes 2 of the CVE's... but that leaves 8 more. I don't really think they are going to be doing any more 1.2.x releases now that 1.5 is almost out. Sorry I wasn't being exact there, it's not php itself, it's various php related things. Like php-pear version 1.10.1 is needed and rhel7 has 1.9.4 and so on. If you would like to try and get 1.4.x working on epel7 that would be great! Of course the 1.2 -> 1.4 jump would be pretty major for users, but such things happen. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
