PHP long-term security and support

 

PHP 5.6 community support ends December 31, 2018. Ensure your applications are supported and secure.

We provide complete long-term support (LTS) and ongoing maintenance for the Zend certified PHP runtime environment which is distributed as part of Zend Server. Support for each major PHP runtime version is provided for at least five years from initial release, extending the two-year support and three-year security period provided for the open source PHP releases. Our support is backed by a commercial SLA and includes phone and web-based support.

Community maintenance for PHP 5.6 will come to an end on December 31, 2018, marking the end of life for this version. As part of our extended support offering, Zend provides commercial support and security fixes for PHP 5.6 until the end of 2020 at minimum and for PHP 7.1 until the end of 2021.

 

Get your support quote

 

 

php long term support chart

 

When you’re ready to transition to the latest PHP version, either your existing applications or new functionality, we can assist with migration services, methodologies, and guidance, allowing you to effectively modernize and migrate your applications to the latest, most secure, and best performing version of PHP.

Long-term security and support gives you the flexibility to continue running your business-critical production applications safely while providing you the freedom to upgrade your environment when it suits your business. 

Long-term support policy

Zend Server releases typically support multiple PHP runtime versions. In general, one yearly Zend Server release will be designated as a LTS version for a specific mature PHP major runtime version. Once such a Zend Server release has been defined, it serves as the long-term supported maintenance environment for that major PHP version (no additional Zend Server major releases will generally be planned for that PHP runtime version).

The support period for a given major PHP version begins with the first Zend Server release that includes it, typically available several months following the PHP version general availability (GA) release, having given it time to stabilize for production use. Over the 2-year lifespan of the PHP version, additional Zend Server releases may be made available that support that PHP version. Finally, the LTS release of Zend Server for that PHP version will be supported for at least an additional 3 years, completing a total of at least 5 years of support for the PHP runtime environment version. Long-term support is provided for production systems per the Zend Server production SLA subscription.

SLA Phase 1: Active releases support (2 years)

Start Date: GA of Zend Server containing the specific major PHP version

Active release support is provided per the product SLA tier and scope of support coverage. In the Active release support phase, the Zend team, at Rogue Wave, provides enhanced versions of the runtime on a periodic basis as well as full technical support. They'll deliver bug and security fixes for issues identified and qualified by the team with high severity on a continuous basis. While in this period, They'll also address specific customer requested bug fixes in PHP, Zend Server, or Zend Framework for Enterprise SLA accounts. During this support period, bug fixes, PHP runtime updates, and security fixes can be addressed in a new minor version or will be provided as a hotfix for the current and previous minor version.

SLA Phase 2: Long-term support (3 years)

Start Date: 24 months after the GA of Zend Server for a PHP major version for an additional 36 months

During the LTS period, the Zend team will continue to deliver critical bug fixes and security fixes for the defined LTS Zend Server and its PHP runtime version. During this period, updates are typically delivered for the LTS version. No new versions are planned or new functionality introduced for the LTS Zend Server and PHP version. For customers at the Enterprise SLA tier, the Zend team will deliver specifically requested customer critical bugs and security fixes for functionality issues and vulnerabilities significantly impacting the customer's applications. They'll make commercially reasonable efforts accordance with the customer's SLA to address such issues including in the PHP engine and supported PHP extensions. Customer specific requested fixes will be delivered if most cases as a private release upon customer request and typically replacing affected components. The Zend team may decide to release a public version in cases where a widespread severe problem is identified.

Extended support periods beyond the SLA

For older Zend Server and PHP runtime versions that fall outside the scope of the committed SLA tiers and long-term support durations, the Zend team can typically provide an extended period of support and fixes based on the specific version. Such extended period agreements are limited to Enterprise SLA subscriptions where the scope and extent of the support is defined in a customer specific Extended SLA agreement.

Security vulnerabilities policy

The Zend team provides security hot fixes for vulnerabilities qualified by Zend with high severity. Some of these issues may have been fixed but not yet released by the PHP open source maintenance processes while others are newly discovered security vulnerabilities that are not intended to be fixed in the open source PHP distribution. High severity security issues are in general remotely exploitable security vulnerabilities that pose a threat to the application execution or compromise its data. Local exploits are typically not considered severe threats. They may make exceptions to the extended support duration and scope in cases where certain conflicts or dependencies on external unsupported components arise.