php_mysql_apache [Electronic resources] نسخه متنی

Staying in the Loop

You should already have bookmarked the Web sites for Apache, PHP, and MySQL. It doesn't matter if you've been using these technologies for one day or six yearsthere will always be a need to refer back to the sites. The primary reason for visiting the Web sites is to obtain updates for your installed software. Of course, you could always subscribe to an announcements-only mailing list:

• For MySQL announcements, go to http://lists.mysql.com/ and subscribe to the MySQL Announcements list.

• For Apache announcements, go to http://www.apache.org/foundation/mailinglistsl and subscribe to the Apache News and Announcements list.

• For PHP announcements, go to http://www.php.net/mailing-lists.php and subscribe to the Announcements list.

When to Upgrade

As indicated in the installation chapters, minor version changes occur whenever the developers find it necessary to do sonot on any particular schedule. But just because a minor version change has occurred, that doesn't necessarily mean you should run right out and upgrade your software. Sometimes, however, it does indeed mean this.

The primary instance in which you should immediately upgrade your software is when a security fix is announced. Usually, security issues are not discovered until they are exploitedsometimes in a testing environment but sometimes by a rogue user who just wants to cause trouble for the world. Once a security issue is verified, you can bet that it becomes the top priority for developers to fix, and very quickly you will see an announcement of an upgrade. When that occurs, you should follow suit and upgrade immediatelyeven if you don't use the particular element that is the cause of the security issue. A hole is a holewhy leave it uncovered?

Here is an example of the Apache changelog, documenting a change that occurred between version 2.0.46 and 2.0.47, that would be an indicator of a need to upgrade:

SECURITY [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial of service when target
 host is IPv6 but proxy server can't create IPv6 socket. Fixed by the reporter.

A good rule of thumb would be that if the word

security appears anywhere in the changelog, you should upgrade.

However, if the release is simply a maintenance release, meaning that it contains bugfixes and general enhancements that occur through normal development, you probably don't need to drop everything and upgrade your software. Here are some examples of maintenance items, from the Apache and PHP changelogs:

Add support for "streamy" PROPFIND responses. (from Apache changelog)
Fixed bug 21958 (workaround for unusual realpath() on AIX & Tru64). (from PHP changelog)

If nothing in the list of changes is relevant to you, your work, or your environment, you could probably put off the upgrade until scheduled downtime or a rainy day. For example, if all the bugs fixed in a maintenance release of PHP have to do with an AIX or Tru64 platform and you run Linux on Intel architecture, you can put the task aside.

Even if you don't immediately upgrade your software, it's a good idea to stay at least within one or two minor versions of the current production version of the software. Anything past that and it becomes more likely that new features would be added or bugs fixed which are indeed relevant to your work or your environment.