Update PHP?

Hello Developers,

Is it possible to update the PHP version that Pihole installs?

The reason I ask is because our Nessus vulnerability scanner vomits whenever it hits our PiHole server, citing multiple-multiple known vulnerabilities.

Granted, Nessus isn't doing anything especially sophisticated, it's merely probing for known vulnerabilities, versions used, etc., whether that function is exposed or not. However, in this day and age of everything connected to the Internet getting hacked (not to mention the potentially exploitive nature of a DNS server), it would probably be "a good thing" to help eliminate this threat be upgrading PHP.

Wouldn't sudo apt-get update && sudo apt-get upgrade do that for you?

My pihole runs PHP 7.0.27 released on 04 Jan 2018.

We try to aim for compatibility, so we choose a version of PHP which is most likely to be installable. It may be that a user decides to add a repository with a newer version of PHP, but we have to rely on the latest one in the default repositories. PHP is often kept in v5 and v7 packages, which are different from each other to prevent accidental upgrading from 5 to 7. You can install 7 and use it though, and if you find that a version PHP has updated to 7 on default repositories you can make a PR to update that (see the installer).

2 Likes

Thanks for replying and apologies for the long delay.

Both you and Slawa got me exploring, and I went ahead and updated to PHP 7.2. (I'm on CentOS 7, which ships with PHP-5, so there are a few extra steps involved to get it up to 7). All's well so far, of course.

But quick question: does pihole need anything more than just PHP? Like php72-mcrypt or php72-xml?

(I'm also very glad to see that some future version of pihole will not rely on PHP at all! That day can't come soon enough!)

You will also need the sqlite extension for long term data.