FM17 Server installs way outdated PHP

[Richard J]

Hi guys. Just a word of caution:
The FM Server 17 Windows distribution (released just weeks ago) has (at least) one big flaw. If you opt for the Filemaker contained version of PHP during installation, you will get PHP 5.6.24, released early 2016!
This version is so full of security holes that our security scanner practically throws a red card at it.

Ergo: IF you do accept the built-in version..make sure you update it to the last release of PHP5 which is 5.6.36, released in April 2018.
This version is also not bomb-proof, but a lot more secure.

Why o why, Filemaker Inc? This is such a bad move..

And why hide the PHP files way down in an obscure folder (which also has spaces in its name!)? Why not c:\PHP5 or something (it´s been best practice for a hundred years)?

And why not go all the way and make Filemaker 100% compliant with PHP7 (64-bit)?

Educated guess: I guess the Filemaker PHP API needs a bit of a rewrite for that..

Cheers /Richard
 

[ggt667]

Use CWP and do the PHP yourself.

FileMaker's PHP is heading down the same rabbithole as their XSLT; they just don't give a flying tomato in reverse about keeping up to date.

 

Edited June 20, 2018 by ggt667
Updated beeep word

[Josh Ormond]

I will venture to say that the engineering team is much smaller than you think it is. Plus, as they have stated, their focus right now is on the DataAPI.