Category Archives: PHP

PHP 8.2 Now Available

We’re pleased to announce that PHP 8.2 (8.2.2) is now available on all of our servers. You can easily change the PHP version per cPanel account via the “Select PHP Version” option in cPanel.

PHP 8.2 comes with numerous improvements and new features such as:

Readonly classes
Disjunctive Normal Form (DNF) Types
New stand-alone types: null, false, and true
New “Random” extension
Constants in traits
Deprecate dynamic properties

The full change log for version 8.2 can be found on PHP’s website here and the migration guide is also available. Please consult these for a detailed list of new features and backward incompatible changes. For third party applications, it’s best to confirm that they support PHP 8.2 before making the switch. However, if you run into any issues you can quickly and easily revert back to your prior version.

We now offer secure versions of PHP 5.4 through 8.2 which are all easily selectable from within cPanel. Version 8.0 remains the default for all new cPanel accounts while existing accounts will continue to retain their prior settings.

PHP 8.1 Now Available

We’re pleased to announce that PHP 8.1 (8.1.2) is now available on all of our servers. You can easily change the PHP version per cPanel account via the “Select PHP Version” option in cPanel.

PHP 8.1 comes with numerous improvements and new features such as:

Enumerations
Readonly properties
Fibers
Pure Intersection Types
never return type
First-class Callable Syntax
“final” modifier for class constants
New fsync and fdatasync functions
New array_is_list function
Explicit Octal numeral notation

Additional information concerning the version 8.1 release can be found on PHP’s website here and the migration guide is also available. Please consult these for a detailed list of new features and backward incompatible changes. For third party applications, it’s best to confirm that they support PHP 8.1 before making the switch. However, if you run into any issues you can quickly and easily revert back to your prior version.

Please note that only a limited number of extensions are currently available for PHP 8.1. We will continue to make new ones available as soon as they are offered. We now offer secure versions of PHP 5.4 through 8.1 which are all easily selectable from within cPanel. Version 8.0 is now the default for all new cPanel accounts while existing accounts will continue to retain their prior settings.

PHP 8.0 Now Available

We’re pleased to announce that PHP 8.0 is now available on all of our servers. You can easily change the PHP version per cPanel account via the “Select PHP Version” option in cPanel.

PHP 8.0 comes with numerous improvements and new features such as:

Union Types
Named Arguments
Match Expressions
Attributes
Constructor Property Promotion
Nullsafe Operator
Weak Maps
Just In Time Compilation

Additional information concerning the version 8.0 release can be found on PHP’s website here and the migration guide is also available. Please consult these for a detailed list of new features and backward incompatible changes. For third party applications, it’s best to confirm that they support PHP 8.0 before making the switch. However, if you run into any issues you can quickly and easily revert back to your prior version.

Please note that only a limited number of extensions are currently available for PHP 8.0. We will continue to make new ones available as soon as they are offered. We now offer secure versions of PHP 5.4 through 8.0 which are all easily selectable from within cPanel. Version 7.4 is now the default for all new cPanel accounts while existing accounts will continue to retain their prior settings.

PHP 7.4 Now Available

PHP 7.4 was released last month and is now available on all of our servers! As with prior versions, you can easily change the PHP version per cPanel account via the “Select PHP Version” option in cPanel.

PHP 7.4 comes with numerous improvements and new features such as:

The migration guide is available in the PHP Manual. Please consult it for the detailed list of new features and backward incompatible changes. For 3rd party applications, it’s best to confirm that they support PHP 7.4 before making the switch. However, if you run into any issues you can quickly and easily revert back to your prior version.

PHP 7.3 Now Available!

PHP 7.3 was released early this month and is now available on all of our servers! As with prior versions, you can easily change the PHP version per cPanel account via the “Select PHP Version” option in cPanel.

PHP 7.3.0 comes with numerous improvements and new features such as:

The migration guide is available in the PHP Manual. Please consult it for the detailed list of new features and backward incompatible changes. For 3rd party applications, it’s best to confirm that they support PHP 7.3 before making the switch. However, if you run into any issues you can quickly and easily revert back to your prior version.

PHP 7.2 Now Available!

We’re happy to announce that PHP 7.2 is now available on all of our hosting servers. It is also now the default version of PHP for all newly created cPanel accounts. PHP 5.4, 5.5, 5.6, 7.0, and 7.1 remain available as alternative options using the “Select PHP Version” link from within cPanel. A short guide on the use of PHP Selector can be found here.

The PHP version for all existing cPanel accounts has not changed, though you can use PHP Selector to change this at any time.

PHP 7.2 comes with numerous improvements and new features such as

If your applications support PHP 7.2, we do recommend making the switch. PHP Selector makes this process very simple and you can easily revert to any prior version of PHP at any time, if needed.

Critical PHPMailer & SwiftMailer Security Updates

Although the PHPMailer vulnerability was posted to our Script Security Forum a couple days ago, the widespread and critical nature of these warrants a post here as well. PHPMailer and SwiftMailer are both libraries used for sending emails. A very large number of scripts use one of these two libraries, including WordPress, Drupal, SugarCRM, Joomla and many others. Both libraries contain similar remote code execution vulnerabilities that can be exploited under certain circumstances.

It is very important that you make sure all instances of these libraries are updated. This will, unfortunately, be difficult to pinpoint in some cases since many plugins also include these libraries. Every core script, plugin and theme that you use should be investigated to determine whether or not these libraries are included and require updating.

All instances of PHPMailer must be updated to 5.2.21 or higher, which can be downloaded here.

All instances of SwiftMailer must be updated to 5.4.5 or higher, which can be downloaded here.

This would also be a good time to examine your plugins and themes to make sure they are all being actively maintained. As a general rule, if they haven’t received any updates within 6 months you should be concerned. If they haven’t received any updates within the past year, they probably shouldn’t be used at all.

The ongoing use of abandoned projects are one of the bigger risks that face websites like those powered by WordPress. While such a plugin may appear to be all good and up-to-date from within the WordPress admin panel, the developers may not have touched it in years and the project page may no longer even exist. As such, a regular audit of these is a very good idea and in general you should stick to more popular options when possible.

If you run into any issues with updating or have any questions please feel free to post a comment here, post on our forums or submit a ticket via our portal.

Feature Spotlight – PHP Selector

As we get close to completing all of our server upgrades, I wanted to go ahead and quickly highlight a feature that is available on the new servers. We’ve permitted clients to change the version of PHP that their site uses for many years now but this has always required a modification to the domain’s .htaccess file. Although this wasn’t particularly difficult, it has been simplified even further with the inclusion of PHP Selector. PHP Selector is a CloudLinux component that sits on top of CageFS and allows each cPanel user to select their desired PHP version.

Once you’ve logged into cPanel you’ll find the “Select PHP Version” option under the “Software” menu group as shown below.

Continue reading →

Critical Joomla Security Update

On Monday, December 14th, Joomla 3.4.6 was released to address a critical remote code execution vulnerability (CVE-2015-8562) that exists in all prior versions from 1.5.0 through 3.4.5. Hotfixes are also available for the older, unsupported 1.5 and 2.5 branches. It is imperative that you update all Joomla instances immediately. This was a zero day vulnerability that was actively being exploited prior to it having been discovered and patched. As such, it is remotely possible that your Joomla was already compromised.

We posted this to our forums and in our portal on Monday to give our clients a heads up but given the critical nature of this we figured another post couldn’t hurt. At that time we also deployed mod_security rules which we believe to sufficiently protect all Joomla instances hosted by us unless you have specifically disabled mod_security on the domain, which is not the default or recommended. As always, though, it is still important that these latest patches be applied immediately in order to secure your Joomla instances.

If you have any questions or concerns please don’t hesitate to contact us and we hope everyone has a Merry Christmas!

Script Security Updates

As the holiday shopping season has begun it is more important than ever for businesses to make sure their websites are secured against attackers. Staying on top of script updates (plugins and themes included) is one of the easiest and most vital parts of securing your website. We wanted to take a moment to cover a couple of serious updates that should receive special attention this holiday season.

A Joomla update (3.4.5) was released last month to address a critical remote and unauthenticated SQL injection vulnerability that is present in all 3.2+ versions. The severity of this cannot be stressed enough as it can allow attackers complete access to your account. We’ve had mod_security rules in place to block exploitation of this vulnerability since the day it was announced. To the best of our knowledge attackers have been unable to circumvent these rules but it is in your best interest to apply this update immediately if you have not done so already. If for some reason you’ve manually disabled mod_security on your website it remains fully exposed to this vulnerability if it hasn’t been patched and has likely already been compromised in some manner. For this reason we never recommend disabling mod_security. Further details concerning this update can be found here.

Last week a vulnerability in Zen Cart was also announced and has subsequently been patched. This is an arbitrary file inclusion vulnerability that again could allow attackers complete access to your account. Details and patches are available directly from Zen Cart here. Please note that public disclosure of this vulnerability is scheduled for December 16th but since a patch has already been released it wouldn’t take much for attackers to figure out how to exploit the vulnerability, if they haven’t already. All Zen Cart users should patch their instances immediately.

As always, we will continue to stay on top of these critical vulnerabilities and address them as possible or necessary. If you have any questions please feel free to submit a ticket via our client portal and we’ll gladly assist in any way that we can.