End of php life

I have php 5.3, 5.4, 5.5 installed, default is 5.4, and I can switch to 5.3/5.5 by Apache handler in htaccess.
I know 5.3 is dead, but does “End of Life” mean, just “existence” of 5.3 on server would be a security issue? or as long as I don’t use any 5.3 script and I don’t switch to 5.3 via htaccess, I’d be fine? or just “existence” of it makes my server vulnerable?

End Of Life means just that.

  • no bug fixes
  • no security patches
  • NO support of any kind

IMHO it usually makes sense to go with the most recent stable, but others prefer more cutting-edge

In any case, if you have tested your code in a dev environment using a recent PHP version and all of your tests passed, then I see little (note, I did not say any) problems with you moving it live

Actually I meant to ask existence of an end of life version on server is a security hole for server?

More appropriately,
Why don’t you want to upgrade?

I will upgrade indeed, but usually I have several versions installed on parallel e.g. 5.3, 5.4, 5.5, 5.6, so I wanted to know removing end of life version from server is a must?

A “must” ?
Not AFAIK as long as you are willing to accept all that is implied with running a DEAD version.

No one can force you, but you should do it. They are no longer providing security patches for it, so the longer you leave it out there, the better chance someone will use a known vulnerability against that version on your server.

2 Likes

http://php.net/supported-versions.php

According to that 5.4 will be a dead version in September so you should really be migrating all code to be compatible with version 5.5 and once the first “production” release of PHP version 7 comes out you should start to revisit your codebase and evaluate what will break with version 7 and what code you use is deprecated in version 7

2 Likes

Most excellent advice.

Pay attention to DEPRECATED
Forewarned is fair

2 Likes

Deprecated functions happened in my code often, once ereg_* was deprecated in my code, I don’t recall ereg_* are deprecated as of which version.

5.3.0
http://php.net/manual/en/function.ereg-replace.php

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.