Hey Tommie, You're right that it appears our docs don't have an explicit page dealing with this question. Perhaps we could write one, and I'll see about getting this request tracked, although I can't guarantee it will occur.
At any rate, the latest update is 5.6.30 <http://www.php.net/ChangeLog-5.php>, which means that even 5.5.38 is many CVE's behind the "state of the art". In order to use a latest-version PHP server, you'll have to administer your own PHP server on Compute Engine <https://cloud.google.com/compute/> or deploy a Custom Runtime <https://cloud.google.com/appengine/docs/flexible/custom-runtimes/build> app on the App Engine Flexible Environment <https://cloud.google.com/appengine/docs/flexible/>. I'll let you know if I have any more useful information to share about the process of selecting the PHP version used in the App Engine production environment. Cheers, Nick Cloud Platform Community Support On Friday, February 24, 2017 at 9:13:24 AM UTC-5, Tommie wrote: > > Official docs says PHP is on version 5.5.34. Most recent security update > is 5.5.38. > > On Friday, February 24, 2017 at 3:11:15 PM UTC+1, Tommie wrote: >> >> Hi, >> >> Does anyone know where to find vulnerability patching strategies and/or >> official documentation on how google keeps its PHP version patched from new >> CVEs? I'm investigating GAE for a project and i'm finding very little >> documentation around this. >> >> Thanks! >> > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/90909df3-ce2a-4000-ba23-05daa52838ee%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
