With the release of a new update to DSM 7.1 Beta, Synology has also released an update to the PHP package bringing it from version 7.4.18 to version 7.4.24 – PHP is an open source scripting language which aims to help web developers write dynamically generated web pages efficiently. This language is suitable for web development in that it can be easily embedded into HTML.
Although Synology has released the PHP 7.4.24 version, know that this version, and its previous ones, all have a security issue (CVE-2021-21708), and a Memory leak bug that has been fixed in the PHP 7.4.28 and PHP 8.1.3 versions. Today I proceeded to contact Synology via their official Security channel to report this. Right now, DSM 7.0.1 Update 2 is using PHP 7.3.3 (cli) (built: Dec 18 2020 10:30:19) (NTS). So not only is the PHP package affected, but so are DSM 7.0.1 and DSM 7.1 Beta that are using PHP to run. I will be updating this article as soon I get a reply from the Synology Security Team.
Did you know that the release of the automatic update on Synology NAS can take a few weeks or months to be available in all regions of the world? In this article I will teach you how to update your current PHP 7.4 to PHP 7.4.24 manually.
Once you have downloaded the PHP .spk file, go to Package Center / Manual Install then upload it. After that, click Next. Follow the instructions in the image below.
This post was updated on Monday / February 21st, 2022 at 2:06 AM