Hi guys.

We are running a server with the latest centos which come with php 5.3. The app that is running needs php 5.2.

This box have access from internet, so I was wondering how insecure could be to have php 5.2. Could this be a big security issue?

I was doing some test and it is really difficult to do this workaround and find a repo. seems like atomicorp used to have them, but not any more.

I was reading a little bit and it seems this version is really old and without support.

if you MUST downgrade php

first uninstall it using yum or rpm
there might be a TON of dependencies , so use caution

then copy the centos.repo for 6.4 and turn it into a 6.3 pointing to "the Vault"
baseurl=http://vault.centos.org/6.3

( CentOS moves the unsupported os's to the vault )
but there is a "README" placeholder
-- to quote it --
install php from the 6.3 repo from the vault

add an exclude to the /etc/yum.conf so it will not reinstall php
this WILL cause a bunch of "Warnings" to pop up in yum and in the logs
so be warned
you will see a lot of warnings

If you want to downgrade php, follow above post but if you want to use multiple versions of php simultaneously.
http://www.howtoforge.com/how-to-use...g-3-centos-6.3
http://linuxplayer.org/2011/05/intal...-on-one-server
or you can use
phpbrew
for using multiple php versions simultaneously.

Maybe...have you checked the PHP change logs?
Right..which is why it was upgraded.

I'll also add that you are going down a bad path doing this. You should NEVER, EVER, in my opinion, downgrade services to accommodate old software. All you are doing is making it more difficult to maintain that server, introducing security holes and instability, and letting your programmer off the hook. They should be upgrading their software to make it use current systems. I also find it VERY difficult to believe that something that runs on PHP 5.2 will not run on PHP 5.3...what, exactly, breaks, and how?? How do you KNOW it 'needs 5.2'?? Anything from the error logs?

thanks guys.

the zend optimizer only runs on php 5.2. there is zendGuard for php 5.3. but applications that were encoded for zend optimer cannot run on zend guard (php 5.3)

The "developers" has a new version of the application but it cost a lot of money and the company have to approve it first. we are working on that.

and what about running centos 5.8 or 5.9 and the upgrade to php 5.2? is this a bad idea as well?. thise version dont receive any security updates nor patches, right?

ANY time you're using old software/OS, you are inviting trouble. CentOS is freely updated and available, and I believe the 5.9 version is still receiving updates/patches. But, it's still old and will be out of date soon...and you're still having the issue of the old PHP.