thePHP.cc Logo Deutsch Contact
PHP 7: Security Support Ends. Now what?

PHP 7: Security Support Ends. Now what?

Security support by the PHP project for PHP 7.4, the final release series of PHP 7, ends today. What does this mean for you?

PHP 7.4 was released on November 28, 2019. Active support for this version ended on November, 28 2021. Since then, only critical security issues for PHP 7.4 have been fixed and new versions have only been released as needed.

PHP 7.4: End of Security Support

I explained the terms "active support" and "security support" in an article in 2016, when active support for PHP 5.6 ended.

What this means for you

If you are still using PHP 7.4 (or older), then you are using a version of PHP that has already reached its end-of-life and is no longer supported by the PHP project.

If you are currently using PHP 8.0, then you are using a version of PHP that will reach its end-of-life a year from now. Active support for this version ended two days ago. The PHP project will continue to fix critical security issues for PHP 8.0 until November 26, 2023. However, bugs that are not security-relevant will no longer be fixed for this version.

The outdated version of PHP you are using may still be maintained by the vendor of your operating system. However, this maintenance is usually limited to critical security fixes and does not include backporting of regular bug fixes. You will also miss out on a lot of improvements that have been implemented in PHP.

What you should do

It is high time to plan an upgrade of your PHP stack to PHP 8. This should be a short-term goal for you.

Upgrading the version of PHP you use should not be a rare event that you dread. You must not think of upgrading your PHP stack as a "special project". You need to make upgrading the PHP version you use part of your normal workflow and align the upgrade cycle of your PHP stack with the release cycle of the PHP project. This should be a long-term goal for you.

Frameworks, Libraries, and Tools

While PHP itself is the most important part of your PHP stack, it is not the only part of it. You should also ensure that you are actively using supported versions of your framework and the libraries and tools you use.

Sooner or later, new versions of frameworks, libraries and tools will no longer support PHP 7. Here is a list of popular projects for which I could find information on PHP 7 support:

Of course, the release of a new version such as PHPUnit 10 does not mean that PHPUnit 9.5 will no longer work. Old versions like PHPUnit 9.5 may even still get bug fixes, but new versions with new features require a new version of PHP.

We can help you

Existing systems age primarily because technology evolves. In the long term, the secure and smooth operation of software is only possible on up-to-date systems. We can support you in planning and implementing the migration of your software to PHP 8.