Blog
January 13, 2025
PHP 7.3 added numerous new features and improvements to the developer experience. However, as of December 2021, it officially became an end of life (EOL) version, and teams still using PHP 7.3 should work to upgrade or find third-party support as soon as possible to remain secure.
In this blog, I walk through the historical significance of PHP 7.3, including the key features and deprecations that were included in this version. I then explain what PHP 7.3 EOL means for your team, discuss the risks of continuing to deploy PHP 7.3, and recommend options for PHP teams looking to upgrade.
Get Support for PHP 7.3
Zend Long Term Support (LTS) keeps your apps secure through 2026 with patched PHP 7.3 builds and migration support. Upgrade on your schedule, maintain compliance standards, and access 24/7/365 support.
PHP 7.3: Overview
PHP 7.3 was released on December 6, 2018, and was the third feature release in the 7.0 series. It included several syntax improvements to simplify development, a large jump in performance capabilities, and a few key deprecations.
PHP 7.3 Features
PHP 7.3 introduced a number of new features to the language, adding the ability to throw an exception when parsing or encoding JSON, support for samesite cookies, improved FastCGI Process Manager (PHP-FPM) logging, and many others:
- Flexible heredoc and nowdoc syntax
- Trailing commas in function calls
- Using references with list()
- Counting improvements
- Key access
- JSON_THROW_ON_ERROR
- LDAP controls support
Further information and documentation surrounding PHP 7.3 can be found by visiting the PHP 7.3 Release Announcement.
PHP 7.3 Performance Improvements
PHP 7.3 saw the first double-digit bump in performance in the PHP 7 series, with impressive gains for a variety of applications:
- WordPress + WooCommerce saw 12.5% gains
- Drupal 8 saw 11.2% gains
- Joomla saw 4.5% gains
- Magento 2.3.0 saw 11% gains
- Most application frameworks saw ~5% gains
However, if you are still running Magento, WordPress, Drupal, or custom software on PHP 7.3, your applications are no longer taking advantage of the latest performance improvements in PHP. Migrating to an updated version is strongly recommended.
PHP 7.3 Deprecations
PHP 7.3 introduced a few deprecations, primarily to remove inconsistent behavior. For instance, the “define()” function, used to declare a constant, has always accepted a third value, a Boolean flag used to indicate whether or not to allow referencing the constant case insensitively; the default is to be case sensitive. Since this is inconsistent with how constants are more generally declared (e.g., with the “const” keyword), the flag is now deprecated.
Other deprecations were likewise included in the PHP 7.3 release. Additional details surrounding PHP 7.3 deprecations can be found in the PHP manual.
Back to topPHP 7.3 End of Life: What You Need to Know
When Did PHP 7.3 Reach End of Life?
PHP 7.3 reached end of life on December 6, 2021.
How Long Is PHP 7.3 Supported?
PHP 7.3 is no longer supported by the PHP community.
However, through Zend Long Term Support Services, PHP 7.3 can be supported through 2026.
Are Applications Still Using PHP 7.3?
According to the 2025 PHP Landscape Report, approximately 10% of teams are still using PHP 7.3.
Is PHP 7 Outdated?
Yes, PHP 7 versions are outdated. All PHP 7.X versions are end of life and no longer supported by the community.
If your application uses PHP 7.1, PHP 7.2, PHP 7.3, PHP 7.4, or PHP 8.0, you should upgrade to a supported version as soon as possible.
Back to topConsequences of Deploying PHP 7.3 EOL
PHP versions, including PHP 7.3, reach end of life after security support from the community ends. At this point, they no longer receive any updates from the community, such as bug fixes, security patches, and more.
Continuing to use a PHP version after end of life will have significant impact on your application's security, performance, stability, and cost of ownership.
Increased Security Risks
Insufficient security is the number one consequence of deploying PHP 7.3 EOL. New security vulnerabilities are identified daily, and continuing to use PHP 7.3 EOL exposes critical applications and sensitive data to an ever-growing roster of security threats. New security risks, or Common Vulnerabilities and Exposures (CVEs), are found daily.
Once identified and publicly exposed, each CVE is assigned an ID number and compiled into a list, with each entry including information surrounding the CVE's impact, affected PHP versions, and mitigation details. The longer a PHP version is end of life, the more CVEs will be identified.
For instance, many PHP 7.3 CVEs have been identified in 2024 alone. A few examples can be viewed in the table below.
CVE | Severity | Type | Subject | Date | Affected Versions |
CVE-2024-11236 | Severe | Cross-Site Request Forgery | Integer overflow in the dblib quoter causing OOB writes | 2024-11-23 | 7.3.0-7.3.33 |
CVE-2024-8932 | Severe | Cross-Site Request Forgery | php: OOB access in ldap_escape | 2024-11-22 | 7.3.0-7.3.33 |
CVE-2024-8926 | High | Remote Code Execution | php: PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass) | 2024-10-07 | 7.3.0-7.3.33 |
CVE-2024-8927 | High | Remote Code Execution | php: cgi.force_redirect configuration is bypassable due to the environment variable collision | 2024-10-07 | 7.3.0-7.3.33 |
CVE-2024-11233 | Moderate | Information Disclosure | Single byte overread with convert.quoted-printable-decode filter | 2024-11-23 | 7.3.0-7.3.33 |
CVE-2024-11234 | Moderate | Cross-Site Request Forgery | Configuring a proxy in a stream context might allow for CRLF injection in URIs | 2024-11-23 | 7.3.0-7.3.33 |
Stay Up to Date on the Latest PHP 7.3 Vulnerabilities
The Zend Security Center makes it easy to identify and mitigate PHP vulnerabilities before they become problems, keeping your PHP application secure and compliant.
Poor Performance
Each new PHP version introduces performance improvements. Not only do these updates deliver improved user experience, but they also can help your team save on hardware, hosting, and development costs. As PHP 7.3 EOL occurred several years ago, teams continuing to deploy PHP 7.3 cannot take advantage of the most up-to-date features associated with the language.
Application Instability
Applications that are not updated consistently are more likely to experience increased downtime. For instance, if your application uses PHP 7.3 EOL, it may be relying on a deprecated library, and a bug or flaw in that library could lead to your application crashing. Now apply that issue to enterprise applications using dozens of non-updated libraries, or updated libraries that are not compatible with PHP 7.3.
Hidden Costs
Using PHP 7.3 EOL can quickly become expensive through a number of hidden costs. Where teams running supported PHP versions can focus on improving the security, performance, and functionality of their application, teams using PHP 7.3 EOL must devote developer hours to things like building or backporting patches for security issues and bugs. This leads to lost opportunity and raised costs for improving your application and growing your business.
Back to topPHP 7.3 EOL: Migration and Support Options
The best way to keep web apps using PHP 7.3 secure is to migrate to a supported version as soon as possible. If a migration is not currently feasible, then teams should seek out long term support provided by trusted third parties until a migration can be planned.
Migrating to Supported PHP Versions
Migrating to a supported PHP version is the most efficient way to keep applications secure and compliant. Migrations will unlock access to enhanced performance, new features, and improved functionality for your application, allowing you to deliver faster service and get ahead of your competition.
However, migrations can also be complicated, particularly for teams with complex code bases or with several applications in need of an upgrade. Additionally, as both PHP 7.4 and PHP 8.0 have reached end of life, PHP 7.3 upgrades and migrations may need to be completed in increments to reach a currently supported version.
Partnering with a team of PHP migration experts, such as Zend, is one way to simplify your PHP 7.3 upgrade process. We can help you boost performance, increase security, and improve user experience through our expert migration services.
LTS for PHP 7.3
For teams that need more time to create a strategy for completing a PHP 7.3 upgrade, or for those looking to complete more complex migrations, finding a reliable source of support is critical for maintaining the performance, stability, and security of applications currently using PHP 7.3.
Zend PHP LTS extends the lifespan of EOL PHP versions, offering expert support after community support ends. Upgrade on your schedule, save money on refactoring, and access a team of PHP experts who will ensure your application maintains compliance, stays secure, and remains supported during migrations from PHP 7.3.
PHP 7.3 EOL Timeline With Zend PHP LTS
PHP Version | Release Date | Active Support End Date | End of Life / Security Support End Date | Zend PHP 7.3 LTS End Date |
7.3 | December 6, 2018 | December 6, 2020 | December 6, 2021 | December, 2026 |
Final Thoughts
At the time of it's original release, PHP 7.3 brought a handful of useful features and significant performance improvements to PHP. However, with PHP 7.3 EOL having occurred in 2021, teams must make a migration strategy or utilize PHP LTS services to keep applications secure, compliant, and performant.
Expert PHP Migration and LTS Services
Is your team deploying PHP 7.3? If so, then it's time to create a migration and support strategy. Click the buttons below to get started.
Additional Resources
- Resource Collection - Exploring PHP Versions
- Resource Collection - PHP Security
- Case Study - mittwald Managed Hosting Customers Stay Secure With PHP LTS
- Case Study - Bark.com Modernizes Mission-Critical PHP Application
- Blog - What's New in PHP 7.4
- Blog - PHP 7.4 EOL Is Here
- Blog - How to Upgrade PHP