Topic: Outdated PHP version on SME Server

[calisun]

I am trying to install an application on SME server 9.1, but it will not run because PHP version on SME server is 5.3.3
I have contacted the developer and I got a response that:

PHP 5.3.3 is 6 years old.
PHP 5.3.3: http://php.net/releases/#5.3.3 (Released: 22 July 2010)
We are phasing out support for PHP 5.3.3 as it reached End of Life in 2014.

We recommend minimum PHP 5.3.21
PHP 5.3.21: http://php.net/releases/#5.3.21 (Released: 17 Jan 2013)
Please upgrade to a newer version of PHP as soon as possible. PHP 5.5, 5.6, or higher are recommended.

[stephdl]

On a sme9 64 bit you can install smeserver-php-scl and use php56 either for the whole server or per ibay

[calisun]

stephdl, thank you for the info. For a minute there I could not figure out how to install it until I found out that contrib name for smeserver-php-scl is actually called: PHP Software Collections. Got it installed and application is working fine.

I do have a question, would there be any disadvantage (security or performance) of having a whole server using newer version of PHP as opposed to only allowing ibay by ibay?

[guest22]

I am trying to install an application on SME server 9.1, but it will not run because PHP version on SME server is 5.3.3

Just for the record, SME Server 9.x follows upstream packages of Centos 6 which comes with PHP version 5.3.3. So the PHP version on SME Server is not outdated. Maybe you want to change the subject line AND add [Solved] please?

[calisun]

.... PHP version on SME Server is not outdated. ....

Just because that is what is in upstream packages, it does not mean that it is not outdated. Even according to the php.net developers, PHP 5.3.3 has reached End of Life in 2014

And also just for the record, CentOS 6 is also outdated and not available on the main page of centos.org any more. You have to go to page marked: 
"Older Versions, Legacy versions of CentOS are no longer supported. For historical purposes, CentOS keeps an archive of older versions. If you’re absolutely sure you need an older version then click here »" Granted, on that page it says "End of life 2020" for centos6, but that is for security and bug fixes only and it is not updated any more. And since it is not updated any more, all future security and bug fix releases of CentOS 6 will include PHP 5.3.3 (all the way until 2020)(unless PHP 5.3.3 is found to have security issue itself)

[stephdl]

Remi collet does the security updates....it is not me, i'm just the author of the integration. In fact when you use the php scl only for an ibay, you use a php cgi application, apache is not the handler of php. Theorically when apache is the handler it is more efficient and faster.....but i never noticed (or mesured) a such big difference.

It is a matter of choice...if all your php applications needs php56....go to use this php for the whole server.

For testing which php version you use you can play with phpinfo.

PS: if you think that the default options of php lack something, please shoot.

[Daniel B.]

Just because that is what is in upstream packages, it does not mean that it is not outdated. Even according to the php.net developers, PHP 5.3.3 has reached End of Life in 2014

Security updates are still provided by upstream (CentOS, which itself takes it from Red Hat), so, no, this version is not EOL, and will still be supported for a few more years.

And also just for the record, CentOS 6 is also outdated and not available on the main page of centos.org any more. You have to go to page marked: 
"Older Versions, Legacy versions of CentOS are no longer supported. For historical purposes, CentOS keeps an archive of older versions. If you’re absolutely sure you need an older version then click here »" Granted, on that page it says "End of life 2020" for centos6, but that is for security and bug fixes only and it is not updated any more. And since it is not updated any more, all future security and bug fix releases of CentOS 6 will include PHP 5.3.3 (all the way until 2020)(unless PHP 5.3.3 is found to have security issue itself)

So, you've found yourself that CentOS 6 is not outdated. That's the way enterprise distributions work, they are maintained for a very long time (10 years for RHEL and derivatives), so yes, packages seems a bit outdated, that's the price you have to pay for stability. But they are maintained. Note that newer hardware support is very regularly backported, so even today, RHEL6 can be installed on almost anything.