At Seiden Group, we listen to client requests that keep their IBM i applications secure, modern, and practical.
Recently, a customer asked us to port the GnuPG (GNUPG) PHP extension to IBM i. This extension is now available to Seiden Support subscribers.
Each year brings a new PHP release. We’re prepared Seiden PHP+ so that IBM i users can adopt PHP 8.5 shortly after it becomes generally available (GA) around November 20, 2025. As I mentioned in Keep Your PHP Secure: Why Regular Updates Matter, PHP users should adopt a regular upgrade schedule to make upgrades easier.
Two updates stand out to me:
Cybersecurity best practices require regular security assessments, including for PHP.
PHP is actively maintained, with a new update released every month. Each release includes bug fixes, performance improvements, and, most important, security patches for newly discovered vulnerabilities. Staying on an old version for too long leaves your applications exposed to risks that the PHP community has already fixed.
The Node.js ecosystem has been disrupted by self-replicating malware called Shai-Hulud.
In September 2025, researchers found that Shai-Hulud had infected more than 500 npm packages, including some from trusted maintainers. The worm did not just publish a few bad versions. It spread automatically, using stolen credentials to infect other packages owned by the same developer.
At Brussels Airport recently, I noticed airline staff working from paper passenger lists because their digital systems were unavailable. The EU Cybersecurity Agency (ENISA) later confirmed the disruption was caused by a ransomware attack on a third-party airline system (Reuters report).
IBM i Access Client Solutions (ACS) is a critical tool for essential features such as 5250 emulation, SQL, Db2 performance, and open source package management. Every update is packed with functionality improvements, bug fixes, and security updates.
Carol Woodbury
I had the privilege of hosting security expert Carol Woodbury as she led a roundtable discussion at this past summer’s OCEAN TechCon. Carol is IBM i Security SME and Senior Advisor with our friends at Kisco Systems.
Although there are many reasons—including performance—to update to newer PHP releases, the number one reason is to avoid losing security updates.
Each version of PHP (7.4, 8.0, 8.1, 8.2, 8.3, etc.) has three years of support before it is considered end of life. For two years, it gets bug fixes and all security fixes. In the third year, it gets only critical security fixes. After that, nothing!
If you have encrypted your website, API, Telnet server, or other service with TLS (SSL), good for you!
Now, do you know when those certificates will expire? If they expire without renewal, your service could become unavailable without warning.
In the past, to find expiration dates for digital certificates on IBM i, you’d either have to look in the Digital Certificate Manager (DCM), call the Retrieve Certificate Information (QYCURTVCI, QycuRetrieveCertificateInfo) API, or keep extremely good notes!
CERTIFICATE_INFO, an IBM i service recently delivered by IBM, solves all this. This SQL table function, documented here, returns a result table that contains information about server or Certificate Authority (CA) certificates, including their expiration date.
Here’s how to use CERTIFICATE_INFO to find expiring certificates.
A client asked about a vulnerability found in libwebp, which is used by PHP’s image-handling gd extension.
My first step was to find a reputable source for details. According to this trusted article about the vulnerability, the issue affected only libwebp versions 1.3.1 and earlier. I checked our own system and found we had a patched version from IBM, so we were safe. The client was, too.
Here is the procedure you can use for checking the version of this or any other open source package on IBM i. Read more →