ClickCease Crunching Some Numbers on PHP Support

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Crunching Some Numbers on PHP Support

Joao Correia

April 19, 2024 - Technical Evangelist

PHP Extended Lifecycle Support (ELS) allows you to continue using older versions of PHP while still receiving security updates for the language, without introducing breaking changes to your application.

The first and obvious question might be, “Why would I want to do that instead of simply updating PHP?” Assuming your organization can upgrade your existing application codebase to a more recent language version, while ensuring no bugs are introduced, and thoroughly testing every scenario, there’s still the issue of also needing to migrate dependencies.

 

Dependencies Are Just Someone Else’s Problem

 

…is not the correct mindset. Dependencies become your problem the moment they are added to your codebase. A problem in a dependency can break your application or make it vulnerable to security issues, regardless of the quality and security of your own code.

But don’t just take our word for it. Here are some statistics to highlight the issue.

The Packagist Archive project (https://github.com/bettergistco/PackagistArchive) “contains virtually every active package and thousands of inactive packages published to Packagist,” the primary repository for PHP packages in the industry.

Interesting statistics provided include a table with the maximum reported version number of the packages:

 

 version | count  

———+——–

     5.0 |   1038

     5.1 |   1388

     5.2 |   3205

     5.3 |  34318

     5.4 |  58898

     5.5 |  76834

     5.6 |  96168

     7.0 | 121782

     7.1 | 149362

     7.2 | 171130

     7.3 | 183333

     7.4 | 206935

     8.0 | 195895

     8.1 | 216676

     8.2 | 215960

     8.3 | 215519

 

We observe that a staggering number of packages support only PHP version 5.6, with over 96,000 packages claiming that as the supported version. This means approximately 1 in 20 packages out of all available PHP packages may not be upgradeable to a more recent version of PHP without additional effort to ensure compatibility.

If 1 in 20 seems manageable, consider that the average project has dozens of dependencies, from simple helpers to complex frameworks.

 

But Surely Every Package Maintainer Will Update Their Packages

 

…or not. Over 29,000 packages are marked “dead,” meaning they are no longer actively supported. However, that doesn’t stop developers from using them, even years after they were last updated. Introducing these to a new version of PHP, which they were never designed for, is a sure way to break their functionality, especially given PHP’s tendency to introduce breaking changes with every version upgrade.

 

Upgrading PHP: The Right Choice, But Not Always Feasible

 

Upgrading to a more recent version of PHP is the ideal scenario. However, real-world situations, such as unsupported dependencies, the effort required, the costs associated with such an endeavor, and the lack of any immediate and tangible benefits to the application beyond “working just as it did before,” make the upgrade less appealing.

Most organizations will then seek alternatives – ensuring the security of PHP updates without the associated breakage. This is where PHP ELS can help. Find out more here.

Summary
Crunching Some Numbers on PHP Support
Article Name
Crunching Some Numbers on PHP Support
Description
PHP ELS allows you to continue using older versions of PHP while still receiving security updates for the language. Read more
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

LEARN ANOUT LIVE PATCHING WITH TUXCARE

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter