Zend provides complete long term support and ongoing maintenance of both the Zend Server PHP application platform and the certified PHP runtime environment which is distributed as part of Zend Server. Support for each major PHP runtime version is provided for 5 years from initial Zend Server release on that version, which is 40% longer than the 3 year support period provided by the open source PHP community. This delivers Zend’s customers and partners a reliable, secured and fully supported PHP application platform while allowing flexibility in managing production environments lifecycle. Zend’s long term support for PHP and Zend Server allows IT organizations to efficiently define and plan their business critical application development, production deployments and migration strategies.
Zend Server releases typically support multiple PHP runtime versions. In general, one yearly Zend Server release will be designated as a Long Term Support (LTS) version for a specific mature PHP major runtime version. Once such a Zend Server release has been defined, it serves as the long term supported maintenance environment for that major PHP version (no additional Zend Server major releases will generally be planned for that PHP runtime version).
The support period for a given major PHP version begins with the first Zend Server release that includes it, typically available several months following the PHP version GA release (thus giving it time to stabilize for production use). Over the 2 year lifespan of the PHP version, additional Zend Server releases may be made available that support that PHP version. Finally, the LTS release of Zend Server for that PHP version will be supported for at least an additional 3 years, completing a total of at least 5 years of support for the PHP runtime environment version. Long term support is provided for production systems according to the Zend Server production SLA subscription.
Active release support is provided according to the product SLA tier and scope of support coverage. In the Active release support phase, Zend provides enhanced versions of the runtime on a periodic basis as well as full technical support. Zend will also deliver bug and security fixes for issues identified and qualified by Zend with high severity on a continuous basis. While in this period, Zend will also address specific customer requested bug fixes in PHP, Zend Server or Zend Framework for Enterprise SLA accounts. During this support period, bug fixes, PHP runtime updates and security fixes can be addressed in a new minor version or will be provided as a hotfix for the current and previous minor version.
During the long term support period, Zend will continue to deliver critical bug fixes and security fixes for the defined Long Term Support (LTS) Zend Server and its PHP runtime version. During this period, updates are typically delivered for the LTS version. No new versions are planned or new functionality introduced for the LTS Zend Server and PHP version.
For customers at the Enterprise SLA tier, Zend will deliver specifically requested customer critical bugs and security fixes for functionality issues and vulnerabilities significantly impacting the customer’s applications. Zend makes commercially reasonable efforts accordance with the customer’s SLA to address such issues including in the PHP engine and supported PHP extensions. Customer specific requested fixes will be delivered if most cases as a private release upon customer request and typically replacing affected components. Zend may decide to release a public version in cases where a widespread severe problem is identified.
For older Zend Server and PHP runtime versions that fall outside the scope of the committed SLA tiers and long term support durations, Zend can typically provide an extended period of support and fixes based on the specific version. Such extended period agreements are limited to Enterprise SLA subscriptions where the scope and extent of the support is defined in a customer specific Extended SLA agreement.
In addition to the extended support commitment, Zend Professional Services provides migration services, methodologies and guidance allowing customers to effectively modernize and migrate their applications to the latest PHP versions and take advantage of the new benefits introduced by the runtime environment.
Zend provides security hot fixes for vulnerabilities qualified by Zend with high severity. Some of these issues may have been fixed but not yet released by the PHP open source maintenance processes while others are newly discovered security vulnerabilities that are not intended to be fixed in the open source PHP distribution. High severity security issues are in general remotely exploitable security vulnerabilities that pose a threat to the application execution or compromise its data. Local exploits are typically not considered severe threats. Zend may make exceptions to the extended support duration and scope in cases where certain conflicts or dependencies on external unsupported components arise.