Posts Tagged ‘PHP’

MassTransit Enterprise [Windows]: PHP 5.2.9 Addresses Security Vulnerabilities

Wednesday, October 8th, 2008


Group Logic recommends that customers running the MassTransit Enterprise product on Windows platforms upgrade to the latest stable release of PHP, version 5.2.9. This latest release of PHP addresses a number of important security vulnerabilities that had been introduced in earlier releases of PHP.


Group Logic recommends upgrading to PHP version 5.2.9 to address security vulnerabilities and bugs that have been introduced in earlier releases of PHP.

According to PHP.NET, the specific vulnerabilities addressed in the 5.2.9 upgrade are as follows:

  • Fixed: Fixed possible stack buffer overflow in FastCGI SAPI.
  • Fixed: Properly address incomplete multibyte chars inside escapeshellcmd().
  • Fixed: Security issue detailed in CVE-2008-0599.
  • Fixed: A safe_mode bypass in cURL.
  • Fixed a crash on extract in zip when files or directories entry names contain a relative path.
  • Fixed security issue in imagerotate(), background color isn’t validated correctly with a non truecolour image.
  • Fixed explode() behavior with empty string to respect negative limit
  • Fixed a segfault when malformed string is passed to json_decode()

For further information on the security and bug fixes incorporated within the PHP 5.2.9 release, please refer to the official PHP changelog, located at this URL:

The PHP 5.2.9 release can be downloaded from MassTransit Latest Releases page.

NOTE: Group Logic cannot recommend this upgrade to MassTransit Admins operating on the Mac OS X platform due to limitations in the present distribution of PHP 5.2.9. Upgrade information will be forthcoming upon availability.

MassTransit PHP 5.2 upgrade

Wednesday, May 23rd, 2007


This document outlines the process that MassTransit administrators may follow to upgrade PHP 5.1.x to PHP 5.2 for use with MTWeb.



1. Go to and download the appropriate PHP package for your version of Mac OS X. If you are using a Mac OS X 10.4.x version, Group Logic recommends using the 5.2.0 universal binary version (runs on both PPC and Intel-based Mac platforms).
2. Double-click the compressed file that was downloaded. That file should automatically be decompressed and create the PHP installer package file on your desktop.
3. Double-click the installer package and follow the installer directions.
4. You must restart the Apache Server by typing “sudo Apachectl restart” at the command line of the terminal window. You will need Administrator access to restart Apache.


1. Rename your current PHP folder (e.g. “C:\php”) for back up in case there’s a problem with the new PHP version.
2. Go to and download the appropriate PHP 5.2 Windows zip package. Extract the package into a directory called php (e.g. “C:\php”). It is strongly recommended that PHP be installed on the same drive as the operating system. Installing PHP on a different drive will prevent MTWeb from working properly.
3. Delete the php.ini file from your system directory (e.g. “C:\Windows\”) and the libmysql.dll file from “C:\Windows\System32\”. The libmysql.dll file may be locked. You may need to restart IIS in order to delete it.
4. Follow the Windows PHP Setup instructions in the PDF file below (pages 6-8) to configure PHP 5.2. Skip step 1.

NOTE: If Stuffit Expander was used to open the PHP zip package and the required PHP files mentioned in the PDF below are not present, try using another application to open the PHP zip package.

Related Articles: