I've searched the forums, google, opened a TAC case and emailed our account team, and no one has been able to provide an answer our security team is accept. We have an ongoing scan result that is showing Clearpass running PHP v7.x, which is tagged as EOL. TAC has confirmed the versions of PHP running in clearpass as 7.x (where x depends on the branch). The PHP website is showing PHP v7.4 going end of life in November 2022. Anyone have any information on when or if Aruba is going to release any branch of Clearpass with a supported version of PHP?
This is an ongoing unresolved internal ticket, and I was surprised my searching didn't bring up anyone else asking about it, which makes me think I've (hopefully) missed something.
I just got an alert from my security team today, Dec 1, asking about the same thing. I'll open a TAC case too.
What ClearPass are you running?
It sound very strange if ClearPass 6.11 would have an End of Life version of PHP as this version was released this time of year in 2022.
I opened a ticket with support and they repliedAs of now, we support For Clearpass v6.10.1 having PHP v7.3.28.Clearpass v6.10.7 has PHP v7.3.33.And for Clearpass v6.11.3 found with PHP version is 7.4.33.
Our sales engineer confirmed with this message
"Currently we are still using PHP version 7, which has been noted to be "end of life". That limitation is then not impacting customers however as we have been working with extended support of the language by one of the maintainers that releases the security only fixes regularly under his own project name to provide these security fixes. The timeline of this will be sufficient to cover existing customers and not force them to upgrade to PHP 8 in the 6.11 release. We are otherwise in process off migrating to PHPv8, however due to the large number of incompatibilities with previous versions of the language we opted to not force customers to undergo that change with the 6.11 reinstall. This then also provides us the chance to auto-convert some of the issues that customers would otherwise be forced to undergo themselves such that when we release PHPv8 in a future SSR version that it allows customers the opportunity to minimize their additional work."
I understand that it's a big lift to upgrade to a new release of PHP, but it would be nice to have some sort of roadmap or projected release date for the exception to the remediation. I was hoping someone here may have heard something more than what I have.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.