Synology: SRM 1.3.1 Outdated PHP Version

Synology SRM 1.3.1 Outdated PHP Version

As per my promise to you, I have kept testing the new Synology Router, the RT6600ax. My tests have been looking to cover the product from every angle possible. Today, June 26, 2022, while I was testing my RT6600ax after installing the latest version of SRM, version 1.3.1-9316, I became aware of something that puzzled me. I activated the SSH function on my SRM and then went to look at some data. The first thing that I thought to check was the PHP version the operating system of the Synology router is using right now, which is how I found out that the latest SRM version (1.3.1-9316) is currently running PHP version 5.5.25 as its core version. My first thought was that this was an oversight on my part, but it wasn’t. Security and overall support for PHP 5.5 has reached end-of-life about 6 years ago. To be precise, 5 years and 11 months ago. This can be a problem, SRM 1.3.1-9316 running the outdated PHP version 5.5.25 released on May 14, 2015.

Synology SRM PHP version

To be clear, right now I do not know to what extent this can become an issue and potentially affect SRM. This being said, running an outdated PHP version is no something good. I have already contacted the Synology Security team and awaiting a response. Once I learn more from the Security Team, I will update this article with the relevant information.

UPDATE JUNE 27, 2022

Today, June 27, 2022, I received the reply from the Synology Security team informing me: “We’ve noticed this issue and will update the version in the future SRM“.

UPDATE JULY 21, 2022

New SRM 1.3.1-9346 RC is available. Unfortunately the new 1.3.1-9346 RC maintains the outdated PHP 5.5.25 version.

Note: If you are curious about the Linux kernel version of SRM 1.3.1, know that it’s Linux Kernel 4.4.60 from April 8, 2017.

This post was updated on Thursday / July 21st, 2022 at 4:45 PM