Update to 2.6.5 with PHP version 5.3. Possible ?

3 Posts

adminadlec Reply #1, 5 years, 9 months ago

Following the announcement "Revolution 2.6.4 and Prior Two Cricital Vulnerabilities; Upgrade Mandatory/Patch" and with 2 websites hacked, we've updated several modx installs with 2.6.5 version as recommended.
Problem : we have 2/3 installs of modx (version 2.5.0pl) on a server with a PHP version of 5.3 that we cannot update.
Is there a way to manually apply a patch to a modx 2.5.0 ?
Is the requirement of PHP 5.5 for modx 2.6.5 an absolute rule ?.

Any help will be appreciated .
Laurent

Ps : Forget my english, i'm french ;-)

This question has been answered by alejaaandro. See the first response.

discuss.answer

39 Posts

alejaaandro Reply #2, 5 years, 9 months ago

Definitely not an expert answer, just an idea!
I have a very old version installed (2.0.3) and was hacked on Friday night. Recovered and hacked again sometime today and that's when I saw the announcement.
I don't have the time to upgrade now (since I'm afraid upgrading from such an old system would cause lots of problems and I wouldn't have the time to fix them now).
So for now, what I did was, after recovering I upgraded the 3 files mentioned at the end of the announcement and hope for the best..
https://forums.modx.com/thread/104079/urgent-active-attacks-on-modx-revolution-sites-below-revolution-2-6-5#dis-post-559785

* Experienced MODX developers can do an interim manual patch on 2.6.x and above by replacing the follow...

Hope this is a good starting point..

3 Posts

adminadlec Reply #3, 5 years, 9 months ago

Thanks so much Alejaaandro. Probably read the announcement too fast ;-) Will do that before finding a way to upgrade.

☆ A M B ☆
3,141 Posts

Mark Hamstra Reply #4, 5 years, 9 months ago

The patch helps to keep you safe, but there are also other vulnerabilities like the ones in 2.5.2 that you'd need to consider. Upgrading is the best way to make sure you have it all.

MODX 2.6.5 has a 5.3.3 minimum requirement, however some extras require a higher version and may break if you update those. A lot of my extras will refuse to install on 5.3. At the very least update Gallery if you use it (should be fine on 5.3), but stay away from the more recent Formit until you've updated PHP. I don't know about other extras that break, but one of my clients had an issue with FormIt on 5.3 yesterday.

Mark Hamstra • Developer spending his days working on Premium Extras and a MODX Site Dashboard with the ability to remotely upgrade MODX and extras to make the MODX world a little better.

Tweet me @mark_hamstra, check my infrequent blog at markhamstra.com, my slightly more frequent ramblings at MODX.today or see code at Github.

3 Posts

adminadlec Reply #5, 5 years, 9 months ago

Thanks Mark,
Fortunately, Gallery is not used. And indeed, the last update of Formit needs PHP > 5.4 (at least because of the array syntax in the main file "[]" instead of "array()" (seen it yesterday trying to update this component)
Will publish the patch but we're working on a way to be able to upgrade. Having this old version of PHP on these servers is no longer bearable for the future.
Thanks again
Laurent

Quote from: markh at Jul 24, 2018, 08:33 AM

The patch helps to keep you safe, but there are also other vulnerabilities like the ones in 2.5.2 that you'd need to consider. Upgrading is the best way to make sure you have it all.

MODX 2.6.5 has a 5.3.3 minimum requirement, however some extras require a higher version and may break if you update those. A lot of my extras will refuse to install on 5.3. At the very least update Gallery if you use it (should be fine on 5.3), but stay away from the more recent Formit until you've updated PHP. I don't know about other extras that break, but one of my clients had an issue with FormIt on 5.3 yesterday.

[ed. note: adminadlec last edited this post 5 years, 9 months ago.]

Answered Update to 2.6.5 with PHP version 5.3. Possible ?