Supported PHP version - 7.4 is unsupported
-
@Deeksha-Rana Two topics: Firstly, PHP 7.4 is unsupported by the PHP foundation, and may have security vulnerabilities that are not patched. That is my concern.
Additionally, I understand that QloAps is basically a fork of PrestaShop. It's easy to see the PrestaShop details within your code. My concern is the same. It's a very old fork. My question is still valid. Are you back porting security updates from Prestashop that impact the core code that is still part of your product?
-
Hi @gregk,
We understand your concern and the QloApps team is continuously working to address any vulnerability issue that may arise.
QloApps was built on prestashop in the beginning and now these two software work completely independently. QloApps has no relation with the prestashop at present.
We do not utilize Prestashop updates for QloApps. Instead, we are independently and continuously enhancing QloApps.
As we mentioned previously, QloApps will be made compatible with the latest version of PHP in the next major release version of QloApps.
We will surely inform you once the next major version of QloApps is released.
Till then we suggest you use PHP 7.4 as QloApps is fully compatible and supports PHP version 7.4.
-
@Deeksha-Rana
I am a user of QloApps and have some questions that I hope you can answer.Currently, I see two sources for QloApps:
https://github.com/sumitwebkul/hotelcommerce
and
https://github.com/Qloapps/QloAppsSo I am not sure which one is the official and most stable source to use.
and when will the next version be released ?
-
Hi @kessaku,
Please use this repository of QloApps: https://github.com/Qloapps/QloApps
This is the only official and stable source of QloApps.The other source that you have mentioned (https://github.com/sumitwebkul/hotelcommerce ) is the repository of one of our contributors to QloApps. There can be multiple such repositories of our contributors.
Also, the next version of QloApps will be released soon and we will announce the same in the forum once it is released for use.
-
I go back to my original question. PHP 7.4 is unsupported by the PHP foundation. If we look at known exploits, there are problems that are not patched.
Using the latest version of PHP 7.4.x, we see that there is one known public exploit that has a public exploit that is known to have been exploited and used for ransomware.
Will your next release move to a current supported PHP version to allow a safe environment?
-
@Deeksha-Rana
Can you tell me an estimated time frame for the release of the new version? Thanks -
Hi @kessaku,
We can't commit to an estimated release date for the upcoming version.
The new version will be released soon and we will announce on the forum once the latest version is released.
-
@Deeksha-Rana I have had a look in your GitHub repo, and see no attempts to commence work related to compatibility with secure versions of PHP. While you cannot provide an ETA on the available date, is there actually any intent to start work? For anyone serious about cyber security, it is poor form to run on PHP7.4 which is unsupported and has known vulnerabilities.
Before implementing with your platform, I am seeking some reassurance that you have a commitment to cyber security to run with supported application stacks, and your failure to release patches to deal with PHP 7.4 vulnerabilities is concerning.
-
We have informed you that currently, QloApps is fully compatible with PHP 7.4
We will soon begin the process of making QloApps compatible with PHP 8 latest version. This transition is expected to take approximately 3 to 4 months.
In the meantime, you can continue to use QloApps with PHP 7.4.
Regarding PHP 7.4 vulnerabilities,
We are always concerned about any vulnerability in QloApps and we are continuously resolving these in every version release.
Also, we always welcome any contribution from our users to raise the vulnerabilities found by then. So that we can resolve them in QloApps and make this software better together, -
The problem is, Sumit, PHP 7.x is end of life and unsupported - No-one will patch vulnerabilities in that version - Thats why it is critical to get to 8.x as soon as possible. https://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-1791763/PHP-PHP-7.4.33.html
-
Hi @gregk,
We understand the importance and urgency of upgrading the PHP Version of QloApps.
I would like to inform you that the upgrade is definitely in our roadmap and we are planning to switch the QloApps PHP version to 8.x soon.
We can not provide you with any tentative release date for the same but we will surely inform you once the upgraded QloApps will be released.
-
Seeing that PHP version 7.4 is unsupported prompts users to consider the importance of keeping software updated. It highlights the need for awareness about security vulnerabilities and performance improvements, encouraging developers to adopt newer versions for better functionality and to ensure compatibility with modern applications.