Supported PHP version - 7.4 is unsupported
-
@Deeksha-Rana
I am a user of QloApps and have some questions that I hope you can answer.Currently, I see two sources for QloApps:
https://github.com/sumitwebkul/hotelcommerce
and
https://github.com/Qloapps/QloAppsSo I am not sure which one is the official and most stable source to use.
and when will the next version be released ?
-
Hi @kessaku,
Please use this repository of QloApps: https://github.com/Qloapps/QloApps
This is the only official and stable source of QloApps.The other source that you have mentioned (https://github.com/sumitwebkul/hotelcommerce ) is the repository of one of our contributors to QloApps. There can be multiple such repositories of our contributors.
Also, the next version of QloApps will be released soon and we will announce the same in the forum once it is released for use.
-
I go back to my original question. PHP 7.4 is unsupported by the PHP foundation. If we look at known exploits, there are problems that are not patched.
Using the latest version of PHP 7.4.x, we see that there is one known public exploit that has a public exploit that is known to have been exploited and used for ransomware.
Will your next release move to a current supported PHP version to allow a safe environment?
-
@Deeksha-Rana
Can you tell me an estimated time frame for the release of the new version? Thanks -
Hi @kessaku,
We can't commit to an estimated release date for the upcoming version.
The new version will be released soon and we will announce on the forum once the latest version is released.
-
@Deeksha-Rana I have had a look in your GitHub repo, and see no attempts to commence work related to compatibility with secure versions of PHP. While you cannot provide an ETA on the available date, is there actually any intent to start work? For anyone serious about cyber security, it is poor form to run on PHP7.4 which is unsupported and has known vulnerabilities.
Before implementing with your platform, I am seeking some reassurance that you have a commitment to cyber security to run with supported application stacks, and your failure to release patches to deal with PHP 7.4 vulnerabilities is concerning.
-
We have informed you that currently, QloApps is fully compatible with PHP 7.4
We will soon begin the process of making QloApps compatible with PHP 8 latest version. This transition is expected to take approximately 3 to 4 months.
In the meantime, you can continue to use QloApps with PHP 7.4.
Regarding PHP 7.4 vulnerabilities,
We are always concerned about any vulnerability in QloApps and we are continuously resolving these in every version release.
Also, we always welcome any contribution from our users to raise the vulnerabilities found by then. So that we can resolve them in QloApps and make this software better together, -
The problem is, Sumit, PHP 7.x is end of life and unsupported - No-one will patch vulnerabilities in that version - Thats why it is critical to get to 8.x as soon as possible. https://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-1791763/PHP-PHP-7.4.33.html
-
Hi @gregk,
We understand the importance and urgency of upgrading the PHP Version of QloApps.
I would like to inform you that the upgrade is definitely in our roadmap and we are planning to switch the QloApps PHP version to 8.x soon.
We can not provide you with any tentative release date for the same but we will surely inform you once the upgraded QloApps will be released.
-
Seeing that PHP version 7.4 is unsupported prompts users to consider the importance of keeping software updated. It highlights the need for awareness about security vulnerabilities and performance improvements, encouraging developers to adopt newer versions for better functionality and to ensure compatibility with modern applications.