Last night NGINX issued a security advisory for versions 0.5.6 – 1.13.2 regarding an integer overflow issue in the built-in range filter module. This issue could potentially allow denial of service or disclosure of worker process memory if abused. Our NGINX build has been patched to fix this issue. The patched version is nginx/1.13.2. We will be deploying this new version across all nodes today.

*) Security: a specially crafted request might result in an integer overflow and incorrect processing of ranges in the range filter, potentially resulting in sensitive information leak (CVE-2017-7529).

In other news, we’ve started to add (BETA) support for PHP 5.6 in the hypernode-vagrant development environment because we are preparing to start supporting PHP 5.6 on production Hypernodes some time soon.

We are using the hypernode-vagrant in our continuous integration to build and test the PHP modules that we use on top of the default PHP installation. This means that the Vagrant currently only contains our compiled base PHP 5.6 packages and not all modules required to optimally run Magento out of the box yet.

If you want to play around with this PHP 5.6 in the hypernode-vagrant already you can check out the latest master, remove your local.yml, run vagrant up and follow the prompt again. You can now enter ‘5.6’ as a PHP version option.

If you run Xenial box version 4219 or up you can switch to a different PHP version on the fly without spawning a new box by using the hypernode-switch-php tool as root.

For information about how to use the Vagrant, check out this article.