New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Using PHP v. 5.5.x - any point updating it all the time?
Some months ago I updated PHP on all my servers to v 5.5.8 with the Remi repository.
Now I see that PHP have released v 5.5.12, and my question is: Do you recommend that I keep updating my PHP to the newest version all the time, or is 5.5.8 as good as any other version (newer).
Have no issues at all on my servers with my current version.
Since I have used the Remi repository, PHP is not updated with yum update
, so I need to run yum –enablerepo=remi,remi-php55 update -y
if I want to update.
What do you think, just keep 5.5.8 or always have the newest version?
PS! I'm using CentOS 6.5 on all my servers
Comments
Unless you receive security/bugfixes updates for your current PHP version (as you would with regular Debian repos), then you shouldn't have to update PHP to a newer version provided you don't need any new feature.
However, if you're not getting such kinds of updates, then I would recommend regularly updating PHP. At least, you'll avoid nasty attacks - better be safe than sorry.
The main issue seems some incompatibity with ioncube loader: http://forum.whmcs.com/showthread.php?89039-ioncube-5-5-upgrade-failed
it's the php version by default in Ubuntu 14.04, but not yet tested on my side...
I normally agree about updating to keep it secure, but on CentOS 6.5 they are only using PHP 5.3.x if you not force the upgrade to 5.4 or 5.5 with Remi repository.
So my PHP 5.5.8 must be more secure for a long time, or do I think wrong here?
http://www.cvedetails.com/version/160394/PHP-PHP-5.5.8.html
almost always better to keep up to date; using the latest 5.3.x is different from using an old 5.5.x version
Good point.
Any reason to not upgrade? Can I get issues with my sites or something, or do it work since I have 5.5.x and only upgrade with 5.5.x?
@jmginer mentioned ioncube loader, but really that's issue with entire 5.5.x branch and not specific version (I mean, the issue itself obviously not with the branch but with a shitty piece of software called WHMCS, who don't offer ioncube-encoded version of their code for 5.5.x).
The updates within branch are generally small updates and shouldn't affect your web application. If you are running something very critical, then you should test it first. Otherwise if it happens to not work you can always downgrade by reinstalling earlier package.
Yes you do
The CentOS teams backports new security fixes to 5.3. So 5.3 is as secure as the latest release. As long as you yum update
If you don't use anything that isn't compatible with PHP 5.5.x, then there's no reason for you not to go for the update.
He is already on 5.5.x, obviously there is no compatibility issue with the 5.5.x branch.
Oh, yeah, my bad. A bump from 5.5.8 to 5.5.12 wouldn't cause any problem then.
The rule of thumb with server software is, "If it ain't broke, don't fix it".
Agree
For PHP on production boxes, stick to your distros packages and avoid newer-version, third-party packages unless you have a real need for new features. PHP 5.3 on CentOS 6 or Ubuntu 12.04 is secure, despite being "old". The nice people at CentOS and Ubuntu work very hard to do that for us.
The reason why I updated from stock PHP (5.3.x) to 5.5.x was because the largest ISP in Norway sent out a security bulletin telling that they had seen a increase in attacks on PHP 5.3.x servers, and recommended all to upgrade to 5.4.x or higher.
Thats was my main reason why I went with the Remi repository.
IMHO sometimes server software comes with updates that make system faster, i.e. PHP 5.5 internal opcode cache, etc.
And sometimes it comes with updates that provide higher performance, i.e. nginx with SPDY 3.1 support.
It all depends on how the system is, enterprise level or low-end hobby things.
Before PHP 5.4, you couldn't do this:
Instead you have to:
Since the PHP arrays are some weird aliasing thing.
Agreed, it depends how much risk you can take. In a business environment stability would be preferred over a minor performance increase, but a hobbyist or non-critical site might desire the latest and greatest. We'd probably still be using Windows 3.1 if nobody tested anything new . . .
Indeed. I just checked and the Debian Wheezy package for php5 currently has 146 patches that Debian applies to the upstream version 5.4.4. Some packages even get new features backported, Apache 2.2 in Debian has support for TLS 1.2 for example (with some caveats). When evaluating whether or not to replace distro packages with some other source, you can't judge the distro package by checking the features/changelog upstream. You need to check the patches too.
unless you have to use 5.3 I don't see any reason not to use 5.5. I love the zend cache in 5.5
+1
Zend Opcache has help a lot to make my php site load faster
Definitely a must