I'm trying to get PCI Compliance for my dedicated server (Red Hat Enterprise Linux), which is running Magento. When I first installed Magento on the server, I realized that RHEL comes with a PHP version which is too old for Magento (5.1.6). So, I found a separate repo with PHP version 5.2.11, which got everything running fine, but now I'm in a bind. My PCI Compliance test says that since my PHP version is < 5.3.1 it has security issues. If I try to update to 5.3.1, Magento breaks. I don't want to edit the Magento core to fix those problems, so I guess what I need is a repo with PHP 5.2.11, but that I can confidently say/prove has back-ported to patch up the issues that the PCI Compliance scan identifies.
I realize this is terribly convoluted, but if you have any suggestions/tips I'd be happy to hear them.
Thanks.