Security

 View Only
last person joined: 5 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass PHP Version - End of Life

This thread has been viewed 32 times

  • 1.  Clearpass PHP Version - End of Life

    Posted Nov 27, 2023 02:13 PM

    I've searched the forums, google, opened a TAC case and emailed our account team, and no one has been able to provide an answer our security team is accept. 

    We have an ongoing scan result that is showing Clearpass running PHP v7.x, which is tagged as EOL. TAC has confirmed the versions of PHP running in clearpass as 7.x (where x depends on the branch). The PHP website is showing PHP v7.4 going end of life in November 2022. Anyone have any information on when or if Aruba is going to release any branch of Clearpass with a supported version of PHP?

    This is an ongoing unresolved internal ticket, and I was surprised my searching didn't bring up anyone else asking about it, which makes me think I've (hopefully) missed something. 

    Thanks



  • 2.  RE: Clearpass PHP Version - End of Life

    Posted Dec 01, 2023 03:41 PM

    I just got an alert from my security team today, Dec 1, asking about the same thing.  I'll open a TAC case too.


    Original Message


  • 3.  RE: Clearpass PHP Version - End of Life

    Posted Dec 01, 2023 04:12 PM

    Hi

    What ClearPass are you running?

    It sound very strange if ClearPass 6.11 would have an End of Life version of PHP as this version was released this time of year in 2022.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP 2023, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACDP , ACEP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------

    Original Message


  • 4.  RE: Clearpass PHP Version - End of Life

    Posted Dec 01, 2023 06:18 PM

    I opened a ticket with support and they replied

    As of now, we support For Clearpass v6.10.1 having PHP v7.3.28.Clearpass v6.10.7 has PHP v7.3.33.And for Clearpass v6.11.3 found with PHP version is  7.4.33.

    Our sales engineer confirmed with this message 

    "Currently we are still using PHP version 7, which has been noted to be "end of life".  That limitation is then not impacting customers however as we have been working with extended support of the language by one of the maintainers that releases the security only fixes regularly under his own project name to provide these security fixes.  The timeline of this will be sufficient to cover existing customers and not force them to upgrade to PHP 8 in the 6.11 release.  We are otherwise in process off migrating to PHPv8, however due to the large number of incompatibilities with previous versions of the language we opted to not force customers to undergo that change with the 6.11 reinstall.  This then also provides us the chance to auto-convert some of the issues that customers would otherwise be forced to undergo themselves such that when we release PHPv8 in a future SSR version that it allows customers the opportunity to minimize their additional work."

    I understand that it's a big lift to upgrade to a new release of PHP, but it would be nice to have some sort of roadmap or projected release date for the exception to the remediation. I was hoping someone here may have heard something more than what I have. 


    Original Message


  • 5.  RE: Clearpass PHP Version - End of Life

    Posted 14 hours ago

    Update 6/18/24 - CVE-2024-4577

    For those running clearpass in a windows, this is a critical vulnerability related to PHP and CGI. There is no mention I can find of this CVE in the Aruba Security Advisories. 

    The release notes for Clearpass Cumulative Patch 2 for 6.12.0, 6.12.1 (released 05/21/24) show

    It is going to suck to have to migrate to another NAC if there isn't a fix in the very near future for this. 


    Original Message