[CentOS] php 5.6 on CentOS 6

Jonathan Billings

billings at negate.org
Sun Jun 21 22:58:56 UTC 2020



> On Jun 21, 2020, at 16:38, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:
> This my reply is not intended for the OP, as he stated he will not listen about End Of Life of of PHP 5. Just in case anybody comes across this thread, please read what is written on the page referred to by Alexander Dalloz:
> 
> >> PHP 5.6 is EOL. https://www.php.net/supported-versions.php

If you are using the packages PHP packages in CentOS and keep your OS up to date, you can disregard this. 

> This in plain English language says that php 5 is not supported by vendor since Jan 1 2019, i.e. almost a year a a half now. This means that PHP development team does not release security patches, and even though RedHat "backports" patches to older versions, difference in internals between PHP version 5 and version 7 is quite significant, so you should not assume that even if RedHat team still backports security patches for issues discovered in version 7, you are safe: there may be still be issues in version 5 which by no means are discovered by anyone.
> 
> This boils down to one thing. If you still have anything using PHP version 5.[any] you should migrate this to PHP version at least 7.2. You ideally should have done that before Jan. 1, 2019.
> I hope, this helps somebody.
> 
> By no means I meant to question the brilliant job RedHat does backporting (taking my hat off and bowing to RedHat here). However, as I said, there may be bugs in PHP 5 that will not be relevant to PHP 7, hence there is nothing to backport to fix them.

I realize you are out of touch with how CentOS packages (and RHEL packages they’re built from) are handled, since you’ve decided to stop using it and move to FreeBSD, but this is how Red Hat backports fixes to php and other enterprise software: 

https://access.redhat.com/security/updates/backporting

So if someone is coming across this thread, know that if you are using the supported PHP packages in CentOS’s repositories, security fixes are backported, and if security issues are identified in the version in RHEL, they’ll issues fixes during the lifetime of the release.  So, in CentOS 7, expect the php 5 packages to be supported for a couple more years, despite all the gnashing off teeth of the PHP upstream developers.

If you plan on starting a new project, definitely start with php 7.  But if you have concerns about an existing 5.x codebase, as long as you are keeping your OS up to date, you have some time to migrate.

--
Jonathan Billings


More information about the CentOS mailing list