PCI compliance requires at least Apache 2.2.8

I still think this software are great, but php 5.2.6 will make it even better.

For systems that we currently provide php5 packages for (those that have php4, by default), 5.2.6 is already in the repos.

I’m currently working on an optional “bleeding edge” repository for folks running CentOS/RHEL 5 that really like to hurt themselves with the latest and greatest stuff–stuff that hasn’t been all that well-tested by huge armies of users and QA staff. It’ll include the latest PHP5, Apache, MySQL, and SpamAssassin. Possibly a few other bits and pieces. I’m never going to recommend it…but it’ll be there for folks that want it.

That should be available in another week or two.

We just got a new CentOS 5.2 server running current vmpro. I don’t see an option to upgrade to php 5.2.x? Is it available for CentOS 5.2? php 5.1.6 shows up in the VM updates as the latest and its provided by centos.


We don’t provide the PHP 5 packages on CentOS 5 (it already has PHP 5, and we don’t replace packages unless absolutely necessary), and the “bleeding edge” repository I discussed has not been launched yet (and I’ll never recommend people use it…it’ll just be there for people who absolutely cannot stand running the version shipped by their OS). :wink:

I am running centos 5.2…

I like to run phpMyAdmin. We’ll, not anymore, seeing as the version I have is not compatible with php 5.1.6.

I am confused. "Bleeding edge virtualmin repo" not recommended but a plan in place to provide php 5.2.x for those who have the virtualmin php package?

How do I get php 5.2.x installed on our centOs 5.2 boxes with out a third party repo (like Jason Litka’s). It’s a critical, fundamental part of a LAMP server sercurity IMHO to be able to keep your scripting CGI app updated. PHP 5.2.5’s recent security debacle for example. In addition, several CMS and web-based apps are running php and use the provided/updated features (like drupal). Some of them are running updates for their software that plug security and/or stability issues and those apps depend on php 5.2.x or the latest flavor of it. Issues bifurcate quickly when such a fundamental part of the system’s packages are halted in their development, if PHP is not up to date, then your php based apps that depend on php which your clients like to use are not up to date either.

So what is our recourse - do we move to a different OS platform that has the philosophical mindset of keeping packages up to date until the release of their new version? Or do I wait until there is a virtualmin friendly php 5.2.x upgrade path for our virtualmin installs? Seems weird that CentOS does not have a version "6" in the wings, or 5.3, that they know will support such a common setup (LAMP) and that they would drop support of the php branch…

Anyways. What next?

Well, to be clear – the latest PHP 5.1.x on RHEL/CentOS has no known security issues.

RHEL and CentOS backport all their security fixes to it.

The goal of the RHEL/CentOS projects is stability, not to provide the latest and greatest versions of apps.

You’re right though, some apps are requiring PHP 5.2.x now, and that becomes a problem when using RHEL and CentOS.

IMO, your real options are:

  1. Use Joe’s bleeding edge repo – which he, of course, doesn’t recommend, as it’s bleeding edge and not well tested :slight_smile: However, I do believe he uses it.

  2. Switch to a distro who is more concerned with offering newer packages. Ubuntu may be your best option there, though Debian isn’t too far behind it (Ubuntu Hardy provides PHP 5.2.4, Debian Etch has PHP 5.2.0).

Personally, I like Ubuntu (an opinion that differs from the Virtualmin developers :-), and I find it works plenty well for me. If you’re attached to RHEL or CentOS though, or otherwise prefer them, you might try Joe’s bleeding edge repository (which has PHP 5.2.6) rather than switching distros.

Thats GREAT!

Thansk Joe. You are the best.

I have been reading these posts in which the last one was dated 1 year ago.
Any updates on being able to run PHP 5.2 on centos without breaking it?

Its getting difficult to run anything now with php 5.1.6
I have a bunch of Joomla extensions that just wont run on php 5.1.6 and explicitly require 5.2.x

I have tried manually updating php5 with remi packages on a test server but it always just falls to bits.

Any way of doing this to a production server? Can’t even get it to work on a test server :frowning:

Well, there is a bleeding edge CentOS PHP 5.2.x package.

Of course, the default PHP that comes with CentOS is what’s recommended and best tested – but if you need a more recent version, the bleeding edge one seems to work fine for most folks.

You can get more info on that here:


Any word on this? My new webmin/virtualmin install on centos still shows 5.1.6. 5.2.11 is out and cpanel is totally on top of it in their updates. It would be nice if webmin upgraded to at least 5.2.anything… Let us know what’s up.

Version 5.1.6 is the latest provided by CentOS.

You can use the Virtualmin Bleed Repository, which provides PHP 5.2.9 as of now:


If you require a newer version, I’d suggest filing a request using the Support link above.


For systems that we currently provide php5 packages for (those that have php4, by default), 5.2.6 is already in the repos.

Sorry to perhaps repeat this, but Joe seems to be saying that Virtualmin provides a “5.2.6” (or whatever is current) php version for Centos 5.3, etc.

In NEXT paragraph he also talks about “bleeding edge” stuff, with lots of more risky items, etc.

I have always interpreted these sentences to mean BOTH a 5.2.6 (somewhere) AND a bleeding edge version.

  1. Are these (5.2.6 and bleeding edge) supposed to be different or the same thing?

  2. How can I get a 5.2 (current) php on my Centos 5.3 system WITHOUT getting bloody? Is it possible? I don’t want bleeding edge (but for Joomla, Moodle, etc. …) I do want php 5.2.x

Well, note that Joe’s post is from way back in July of 2008.

So, 5.2.6 was bleeding edge at that point :slight_smile:

Onto your questions:

Are these (5.2.6 and bleeding edge) supposed to be different or the same thing?

Yeah, the confusion here is the timeframe Joe said all that. At the time Joe said that, 5.2.6 was available in the bleeding edge repository. Today, 5.2.11 is, I believe.

How can I get a 5.2 (current) php on my Centos 5.3 system WITHOUT getting bloody? Is it possible? I don’t want bleeding edge (but for Joomla, Moodle, etc. …) I do want php 5.2.x

You have two options – use what CentOS provides (5.1.x), or “get bloody” :slight_smile:

Anything not provided with CentOS is non-standard, and no where near as well tested as their distro provided PHP version.

But as you point out, recent web apps often don’t even work on what they provide.

So your choices are limited :slight_smile:

My recommendation is probably to use the Virtualmin bleeding edge repo, which a lot of folks here are using and feel it works fine for them. And if you run into trouble, you can always come back here to try and figure out what’s going on :slight_smile: