Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Using PHP v. 5.5.x - any point updating it all the time?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Using PHP v. 5.5.x - any point updating it all the time?

myhkenmyhken Member
edited May 2014 in General

Some months ago I updated PHP on all my servers to v 5.5.8 with the Remi repository.
Now I see that PHP have released v 5.5.12, and my question is: Do you recommend that I keep updating my PHP to the newest version all the time, or is 5.5.8 as good as any other version (newer).

Have no issues at all on my servers with my current version.

Since I have used the Remi repository, PHP is not updated with yum update, so I need to run yum –enablerepo=remi,remi-php55 update -y if I want to update.

What do you think, just keep 5.5.8 or always have the newest version?

PS! I'm using CentOS 6.5 on all my servers

Comments

  • iceTwyiceTwy Member

    Unless you receive security/bugfixes updates for your current PHP version (as you would with regular Debian repos), then you shouldn't have to update PHP to a newer version provided you don't need any new feature.

    However, if you're not getting such kinds of updates, then I would recommend regularly updating PHP. At least, you'll avoid nasty attacks - better be safe than sorry.

  • jmginerjmginer Member, Patron Provider
    edited May 2014

    The main issue seems some incompatibity with ioncube loader: http://forum.whmcs.com/showthread.php?89039-ioncube-5-5-upgrade-failed

    it's the php version by default in Ubuntu 14.04, but not yet tested on my side...

  • myhkenmyhken Member

    iceTwy said: However, if you're not getting such kinds of updates, then I would recommend regularly updating PHP. At least, you'll avoid nasty attacks - better be safe than sorry.

    I normally agree about updating to keep it secure, but on CentOS 6.5 they are only using PHP 5.3.x if you not force the upgrade to 5.4 or 5.5 with Remi repository.
    So my PHP 5.5.8 must be more secure for a long time, or do I think wrong here?

  • perennateperennate Member, Host Rep

    myhken said: I normally agree about updating to keep it secure, but on CentOS 6.5 they are only using PHP 5.3.x if you not force the upgrade to 5.4 or 5.5 with Remi repository. So my PHP 5.5.8 must be more secure for a long time, or do I think wrong here?

    http://www.cvedetails.com/version/160394/PHP-PHP-5.5.8.html

    almost always better to keep up to date; using the latest 5.3.x is different from using an old 5.5.x version

  • myhkenmyhken Member

    Good point.

    Any reason to not upgrade? Can I get issues with my sites or something, or do it work since I have 5.5.x and only upgrade with 5.5.x?

  • perennateperennate Member, Host Rep
    edited May 2014

    @jmginer mentioned ioncube loader, but really that's issue with entire 5.5.x branch and not specific version (I mean, the issue itself obviously not with the branch but with a shitty piece of software called WHMCS, who don't offer ioncube-encoded version of their code for 5.5.x).

    The updates within branch are generally small updates and shouldn't affect your web application. If you are running something very critical, then you should test it first. Otherwise if it happens to not work you can always downgrade by reinstalling earlier package.

    Thanked by 1jmginer
  • sleddogsleddog Member

    myhken said: I normally agree about updating to keep it secure, but on CentOS 6.5 they are only using PHP 5.3.x if you not force the upgrade to 5.4 or 5.5 with Remi repository. So my PHP 5.5.8 must be more secure for a long time, or do I think wrong here?

    Yes you do :)

    The CentOS teams backports new security fixes to 5.3. So 5.3 is as secure as the latest release. As long as you yum update :)

  • iceTwyiceTwy Member

    @myhken said:
    Good point.

    Any reason to not upgrade? Can I get issues with my sites or something, or do it work since I have 5.5.x and only upgrade with 5.5.x?

    If you don't use anything that isn't compatible with PHP 5.5.x, then there's no reason for you not to go for the update.

  • perennateperennate Member, Host Rep
    edited May 2014

    iceTwy said: If you don't use anything that isn't compatible with PHP 5.5.x, then there's no reason for you not to go for the update.

    He is already on 5.5.x, obviously there is no compatibility issue with the 5.5.x branch.

    Thanked by 1myhken
  • iceTwyiceTwy Member

    @perennate said:
    He is already on 5.5.x, obviously there is no compatibility issue with the 5.5.x branch.

    Oh, yeah, my bad. A bump from 5.5.8 to 5.5.12 wouldn't cause any problem then.

    Thanked by 1myhken
  • The rule of thumb with server software is, "If it ain't broke, don't fix it".

  • sleddogsleddog Member

    Microlinux said: The rule of thumb with server software is, "If it ain't broke, don't fix it".

    Agree :)

    For PHP on production boxes, stick to your distros packages and avoid newer-version, third-party packages unless you have a real need for new features. PHP 5.3 on CentOS 6 or Ubuntu 12.04 is secure, despite being "old". The nice people at CentOS and Ubuntu work very hard to do that for us.

  • myhkenmyhken Member

    The reason why I updated from stock PHP (5.3.x) to 5.5.x was because the largest ISP in Norway sent out a security bulletin telling that they had seen a increase in attacks on PHP 5.3.x servers, and recommended all to upgrade to 5.4.x or higher.

    Thats was my main reason why I went with the Remi repository.

  • msg7086msg7086 Member

    @Microlinux said:
    The rule of thumb with server software is, "If it ain't broke, don't fix it".

    IMHO sometimes server software comes with updates that make system faster, i.e. PHP 5.5 internal opcode cache, etc.

    And sometimes it comes with updates that provide higher performance, i.e. nginx with SPDY 3.1 support.

    It all depends on how the system is, enterprise level or low-end hobby things.

  • perennateperennate Member, Host Rep

    Before PHP 5.4, you couldn't do this:

    $x = f($blah)['hi'];

    Instead you have to:

    $r = f($blah);
    $x = $r['hi'];

    Since the PHP arrays are some weird aliasing thing.

  • MicrolinuxMicrolinux Member
    edited May 2014

    @msg7086 said:
    It all depends on how the system is, enterprise level or low-end hobby things.

    Agreed, it depends how much risk you can take. In a business environment stability would be preferred over a minor performance increase, but a hobbyist or non-critical site might desire the latest and greatest. We'd probably still be using Windows 3.1 if nobody tested anything new . . .

  • sleddog said: For PHP on production boxes, stick to your distros packages and avoid newer-version, third-party packages unless you have a real need for new features. PHP 5.3 on CentOS 6 or Ubuntu 12.04 is secure, despite being "old". The nice people at CentOS and Ubuntu work very hard to do that for us.

    Indeed. I just checked and the Debian Wheezy package for php5 currently has 146 patches that Debian applies to the upstream version 5.4.4. Some packages even get new features backported, Apache 2.2 in Debian has support for TLS 1.2 for example (with some caveats). When evaluating whether or not to replace distro packages with some other source, you can't judge the distro package by checking the features/changelog upstream. You need to check the patches too.

  • namhuynamhuy Member

    unless you have to use 5.3 I don't see any reason not to use 5.5. I love the zend cache in 5.5 :)

    Thanked by 1khav
  • khavkhav Member

    @namhuy said:
    unless you have to use 5.3 I don't see any reason not to use 5.5. I love the zend cache in 5.5 :)

    +1

    Zend Opcache has help a lot to make my php site load faster

    Definitely a must :)

Sign In or Register to comment.