(Last updated on: November 13, 2015)
Some Webtix customers are running on servers with patched older versions of PHP and Apache. Automated PCI scanners do not take “patching” into consideration for compliance issues. This results in refusal of PCI approval, unless their version numbers are re-configured to be hidden from server output. Online resources suggest having updated software and hiding specific brand/version info from output. Current stable release of PHP is 5.3.8 and gets security updates. Anything below PHP 5.3.8 does NOT get security updates, per the PHP Foundation. Any scan finding a lesser PHP number will result in a PCI refusal. Current stable release of Apache is 2.2.19 and gets security updates. Anything below Apache 2.2.19 does NOT get security updates, per the Apache Software Foundation. Any scan finding a lesser Apache number will result in a PCI refusal.