I was recently asked about a legacy application that is running on PHP 4.4.2 on IIS 6.0. We were informed that this version of PHP is out of date and contains security vulnerabilities
I personally, have zero experience with PHP.
It has been suggested that we upgrade PHP to a later version. According to Wikipedia, the latest stable version is 5.4. Is version 5.4 backward compatible with 4.4.2?
I assume that there is an installer for PHP 5.4 that we could run that would install the new version of PHP. Would that work safely and the legacy application would still run fine?
Are there any breaking changes in newer versions of PHP that might make upgrading the legacy PHP application risky?
Look at this, check for any deprecated code (especially preg VS ereg ) -
http://www.php.net/manual/en/migration5.incompatible.php
Look for the general differences -
http://www.php.net/manual/en/faq.general.php#faq.general.differences-45
Check about the migration -
http://www.php.net/manual/en/faq.migration5.php
EDIT -
One more general link, may be helpful at times -
Check Change Logs
Related
Is Zend Framework 2 work with PHP version 5.3.2?. During the skeleton application installation i got following message.Is this just a warning or it will cause any problem in future?
D:\web\Apache24\htdocs\zendsample>composer create-project -n -sdev zendframework
/skeleton-application D:\web\Apache24\htdocs\zendsample
Your version of PHP, 5.3.22, is affected by CVE-2013-6420 and cannot safely perf
orm certificate validation, we strongly suggest you upgrade.
Installing zendframework/skeleton-application (2.4.11)
Make thinks short :
With PHP 5.3 you'll not able to use Traits and new features php 5.4 wich is used in most of vendor plugin and the framework itself.
Usually it's strongly recommanded to upgrade your PHP version.
From this link PHP version maintained PHP 5.3 is no longer maintained since 2014. It's antique. You'll be face to security issues and no evolution of your code will be possible.
To answer your question :
You'll not able to use traits
You'll faceing security issues
You'll not able to improve your code withe best practises (wich evolves permanently)
your views can't use short version for echoing stuff <?='toto'?>
All new features linked above are not supported with your version if it's used in the framework, you'll can't run the framework itself.
I recommend upgrade your version at least at 5.6 or 7 for a good longevity support
EDIT : 5.5 to 5.6 because 5.5 no longer supported.
After getting this message i just upgraded my php to 5.5.
I have a simple question why do we need to upgrade PHP version on a live server? Is there any good reason to do so? I'm confused; we're using PHP 5.3 and our CEO doesn't want to update to PHP 5.5 which is recommended in Laravel 5. Can somebody give me reason why we should or we shouldn't do it?
Further to some of the comments on your question:
Do we need to upgrade PHP
The answer to this part of the question is "No". In some cases it might not be possible to upgrade as newer version can cause applications to break if they rely on older features.
Do we need to upgrade PHP for Laravel 5
The answer to this part is "Yes". You will have to upgrade for Laravel 5 as it relies on newer features of PHP that only exist from PHP 5.4 (Laravel 5) and 5.5.9 (Laravel 5.1).
Should we upgrade PHP
You didn't ask this question, but I put it in here because Yes, you should. Versions of PHP have a lifetime. They are supported in full for bugs for a while, and then they are supported for security flaws for slightly longer. However, after a while, versions of PHP will no longer receive any support. Security holes might be found in older version that will never be patched. You should keep your version of PHP up to date in order to remain safe from PHP vulnerabilities that may have been discovered.
As always, the PHP website contains all the information about the currently supported versions of PHP: http://php.net/supported-versions.php
We have a requirement for upgrading the PHP version (5.3.25) to current stable version which is 5.6.17. So, for this we need to find which approach would be best.
Step by step approach, in which we can upgrade from 5.3.X to 5.4.X, 5.4.X to 5.5.X and so on.
Direct upgrade, in this we will directly upgrade from 5.3.X to 5.6.X.
Apart from the upgrade, what all things we should keep in mind while doing this.
It would be good, if any of you have any documents which we can refer to.
PHP maintainers upload list of incompatible changes of every release. Here are the documents you may want to read:
5.4 incompatible changes
5.5 incompatible changes
5.6 incompatible changes
If you have regression tests, you're the lucky man; if you don't, i strongly recommend test every change in virtual environment before real environment update on main server. If you're brave enough, you can try to setup vagrant - this will allow developers to easily share their environment and to reproduce server state as it should be after upgrade to 5.6.
I also wouldn't recommend partial upgrades, i think it's better to target for 5.6 at the first (and only) migration step.
On my experience, we upgraded our PHP version from 5.3.28 to 5.6.6 directly because of server upgrades, and one more reason is you can easily check all your modules faster if there's an error rather than checking it on every version.
What you should keep in mind:
deprecated functions
if you're using PHP frameworks (CodeIgniter, Laravel, etc.), consider upgrading them too
current code implementations
I read this article recently on Ars: http://arstechnica.com/security/2014/03/php-bug-allowing-site-hijacking-still-menaces-internet-22-months-on/
I have some very old PHP servers still running some legacy code. They use PHP version 5.2.17
The article above states that PHP versions prior to 5.3.12 and 5.4.2 are vulnerable.
The fact that they mention 5.3.x and 5.4.x, it makes me think that 5.2.x is NOT vulnerable - is this correct?
Thank you to anyone who can confirm and provide a reputable source for this.
PHP versions prior to 5.3.12 and 5.4.2 are vulnerable.
5.2.17 is very much prior to both of those. If you look on http://www.php.net/ChangeLog-5.php#5.4.3, bug #61910 was fixed only in the 5.3 and 5.4 branch.
Having said that, the wording may be ambiguous. PHP 5.2 may be left out because it was not supported anymore. Or it may have been left out because the vulnerability only existed in 5.3+. I can't find definitive proof one way or the other.
What are the differences between PHP 5.2.x and 5.3.x?
Because all extensions are made separately for these.
Thanks a lot.
PHP 5.3 is a newer version with a number of new features (closures, namespaces, etc.). Is is the current stable version for the PHP project. PHP 5.2 is an older version, which is now heading towards the end of its support cycle - now only important security issues are being fixed. If you start a new project, start it with PHP 5.3.
When changes in PHP core are made that change the structure enough that extensions can no longer be compatible - the second digit in the version number is incremented (5.0, 5.1, 5.2, 5.3). The first digit is for very major changes changing the whole language (like between PHP 4 and 5). Between 5.2 and 5.3, you can expect source code compatibility (though some incompatibilities exist) but not binary module compatibility.
You can find an exhaustive list of backwards incompatible changes from 5.2 to 5.3 on PHP.net.
PHP extensions depends on the phpapi version among other things, along with the Zend Module API version and the Zend Extension API version, which as far as I'm aware, changes at each PHP version because of the core changes made to the language. This explains why each PHP version has a new build for each extension.
You can find the answer in PHP official website.
In this page: Migrating from PHP 5.2.x to PHP 5.3.x.