While doing our quarterly PCI compliance network scan, there are many “high” vulnerabilities it picked up on our FreePBX Distro server, Apache 2.4.6 and PHP 5.6 are the two things it’s most unhappy about. We use one commercial module, so we are required to run the FreePBX Distro. We have multiple remote locations, so we must have web access to the FreePBX server for our digium phones to get firmware updates, etc.
With that state of affairs of cyber attacks, having these very old version of Apache and PHP running are getting more and more scary. Is there a way we can safely upgrade our Apache to something much more current on the FreePBX Distro? I know PHP 7 support was added in FreePBX 16, but we haven’t upgraded to 16 yet, so that may present it’s own series of issues.
Also on a related note, is there any time frame when a new FreePBX distro based on an updated OS will be released? Or if/when commercial modules will ever be supported on something other than the distro?(i.e. debian)
2 posts - 2 participants