Hi,
I am a relative newbie to Linux/Virtualmin so please be kind.
I recently underwent a security scan from a payment provider, and one the issues they raised was a PHP vulnerability. They asked me to upgrade to PHP 8.4. I installed the Remi package which is lacking mysqli.so.
I still have both PHP versions installed, but my Wordpress installation cannot use the updated PHP because of the absence of mysqli.
I have tried to install it via the terminal, but my system insists it is already installed. I assume that it refers to the 8.0.3.0 version.
Am I doing something incredibly stupid here?
First, your PHP version provided by your OS is maintained by your OS. Most security scanning folks understand that distinction if you inform them of it. And the packages provided by your OS have a changelog that includes the list of CVEs patched so you can compare it to the ones your scanning people are saying are a problem. Switching to third-party packages is usually less secure over time than using your OS vendor packages, because at some point it’ll reach EOL and won’t be maintained anymore, while you can know your OS vendor package is maintained by the vendor for the life of the OS. (It may be that 8.4 will live as long as Rocky 9, though.)
Oops, I misspoke about how the packages work above (and have fixed it). If you followed our docs, you will have mysqli because it’s in the mysqlnd package for your PHP version.
Someone suggested I get into this business once. Easy. Just run script. Take it for what it’s worth. They probably just stick to the script to ‘bullet proof’ themselves.