Blog
July 15, 2020
ZendPHP provides PHP runtime packages that include security support for a minimum of 2 years beyond what the PHP project provides. These runtimes include consultative guidance and support to help development and operations teams get the answers they need to best deploy and tune their PHP installation.
In this blog, we look at why keeping up with PHP releases can present unique challenges to PHP application development and operations teams, the alternative risks of running an application on an end of life (EOL) PHP version, and how ZendPHP runtimes can help provide a middle ground to keep EOL PHP applications safe and secure.
Keeping Pace With PHP Releases Can Be Problematic
Keeping up with new versions of PHP is hard. A new minor or major version is released each year, and each such release often provides new deprecations or subtle behavior changes that can affect your application, costing time and money in new development and quality assurance.
Many companies prefer to pin an application to a specific release series (for example, PHP 7.1 or PHP 5.6) so that they can reduce upgrade costs. However, the PHP project only provides support for any given release series for 3 years, and applications often live longer than that, or start mid-cycle. How can they continue to ensure they have the latest security updates if they pin to a version that is no longer supported?
Integration and Configuration Headaches
Additionally, when developing PHP applications, developers often have questions: how do I integrate the application with our web server of choice? How do I configure PHP for optimal performance? Which extensions do I really need to enable for my application? While a number of forums are available online, how long should your developers wait for answers and spend researching?
Back to topRisks of Using EOL PHP Runtimes
Just as there are number of integration and configuration issues inherent to keeping applications on supported PHP versions, there are also significant risks when using unsupported, end of life PHP runtimes. Those risks can include an increased exposure to security vulnerabilities, and a lack of progression in application performance.
Lack of Support Means More Vulnerabilities
When a PHP version is no longer supported by the community, it will no longer receive patches for known security vectors. This can leave your application open to data breaches and other catastrophic issues. Simultaneously, the monetary and time costs of updating your application to a new PHP version can often make resolving these problems difficult.
Having a longer support window for your application reduces your risks and costs of maintaining your application. ZendPHP gives you that breathing room.
Older PHP Versions Have Comparatively Poor Performance
The PHP team constantly works on improving the performance of the PHP language. Jumping from version 5.6 to 7.0, they made enormous strides that often resulted in halved response times and halved resources required to produce responses.
These benefits can have a huge impact on your applications: you may be able to reduce the number of servers needed to serve your application, or improve the usability of your application by reducing the time required to serve pages or API results.
As such, while we supply a lengthy LTS for ZendPHP runtimes, we also encourage our customers to upgrade when it can improve their application performance. We have a team that can help with your migrations!
Back to topHow Zend PHP Runtimes Can Help
Because the PHP project ships the source code for the PHP language; it is up to the consumer to compile it for use on their operating system. Most operating systems provide installable binary packages for the language, but these are rarely up-to-date, and often only provide a single release series at a time.
Zend by Perforce provides package repositories with installable PHP binaries for several different operating systems, including RedHat Enterprise Linux and CentOS, Ubuntu, and Debian; we will soon be offering packages for Windows and IBM i Series as well.
At the time of writing, we supply PHP 5.6 and 7.1 packages containing backported critical security fixes; we will be expanding to provide versions 7.2 through 7.4, as well as the upcoming 8.0 release.
These packages include runtime binaries that allow usage on the command line, as well as the PHP FastCGI Process Manager (php-fpm) binaries for integration with popular web servers, including Apache and nginx.
Back to topAdditional Benefits of Zend PHP Runtimes
In addition to the PHP runtimes detailed above, ZendPHP includes around the clock support, and consultative guidance – as well as bug fixes, and security patches.
Around the Clock Support
ZendPHP comes with extensive support, including evaluation and escalation of critical security fixes, and consultative support for your PHP applications. Terms vary based on your support agreement, but generally include guarantees of response and solutions or workarounds within a given number of hours or days.
Consultative Guidance
Our support staff is composed of tier 3 and 4 architects that understand modern applications way beyond PHP. When one of our customers raises a ticket for an incident, our team is able to assist them on break/fix issues such as configuration, runtime issues, known PHP bugs and workarounds, but thanks to their knowledge, they are also able to move up and down their stack beyond PHP to isolate issues and solve problems.
They are also able to assist with questions related to application design and architecture, related technologies (such as caching, databases, etc.), and many, many other areas.
Patches and Bug Fixes
If you identify bugs that are related to the PHP language itself, we help create bug reports against the language as well as patches.
Some of the advantages of having Zend submit bug reports on our customers’ behalf are:
- Knowledge of the community - Some of the members of our team are core contributors of PHP. Therefore they know how to format bug reports, and how to submit patches so that they have the highest probability of getting addressed.
- Customer Anonymity - Our customers remain anonymous (if they wish), which protects them from potential hackers knowing what programming language or version they use.
Final Thoughts
Our ZendPHP Support for PHP saves our customers time, money and protects them from vulnerabilities. It is a must for business-critical applications where availability is important. Our customers are always covered no matter if they need help with a small question or if they experience critical issues.
Additional Resources
Looking for additional reading about Zend PHP runtimes, PHP CVEs, or Zend migration services? Be sure to check out the links below.
- Zend Security Center - See CVEs for your PHP version and get advice on your next steps.
- Zend PHP LTS - See what LTS from Zend can mean for your PHP project.
- Zend Migration Services - Sometimes migrating is the right choice, and we can help.
Ready to see what Zend PHP runtimes can do for your project? Click the link to head to our ZendPHP page.