BreadcrumbHomeResourcesBlog PHP 7.4 EOL Is Here: Are Your Applications Secure? January 30, 2023 PHP 7.4 EOL Is Here: Are Your Applications Secure?PHP DevelopmentPHP 7.4 end of life (EOL) is here. And, with our 2023 PHP Landscape Report showing over 54% of teams still using PHP 7.4, migrating to a supported PHP version and / or finding third party long-term support will be critical for teams who want to maintain the security of their applications.In this blog we talk through the reality of PHP 7.4 EOL, including how to find the right migration path, the risks of unsupported EOL PHP, and long-term support options for teams that need more time planning their path through PHP 7.4 end of life.Table of ContentsGet Support for PHP 7.4 EOLThe PHP 7.4 Support LifecycleThe Consequences of Using PHP 7.4 EOLFacing PHP 7.4 End of LifeFinal ThoughtsTable of Contents1 - Get Support for PHP 7.4 EOL2 - The PHP 7.4 Support Lifecycle3 - The Consequences of Using PHP 7.4 EOL4 - Facing PHP 7.4 End of Life5 - Final ThoughtsBack to topGet Support for PHP 7.4 EOLKeep your applications secure with patched PHP 7.4 builds from Zend, with support for PHP 7.4 continuing through 2026.Explore LTS OptionsBack to topThe PHP 7.4 Support LifecyclePHP, like many other development languages, has a defined community support lifecycle. Each minor release has a community support lifecycle of three years, with major versions being released anywhere from a year apart to over five years apart. The number of minor releases per major release varies by major release (e.g. PHP 5 had 7 minor versions, PHP 7 had 5 minor versions). The community support lifecycle for PHP is broken down into two support phases: Active Support and Security Support.Active SupportThe active support phase for PHP versions lasts two years from the GA release date. During active support, PHP versions (like PHP 7.4) receive regular patch releases (e.g. 7.4.1) that contain bug fixes and security patches. These updates are typically released monthly, unless there are no bugs or security issues (which is rare).Security SupportAfter two years of active support, PHP versions enter the Security Support phase. Previously, this phase lasts for one year, with the PHP community only supplying patches for critical security issues. As of June 2024, this support was extended to two years. Releases during this phase are on an ad-hoc basis, and are typically released less frequently than during the active support phase.End of LifeAfter the security support phase ends, the PHP version enters end of life. This means that it does not receive security patches, bug fixes, or other updates from the community. As bugs and vulnerabilities accumulate, teams using end of life PHP versions expose their applications to compounding risks.PHP Version Release Date Active Support End Date End of Life / Security Support End Date Zend PHP 7.4 LTS End Date 7.4 November 28, 2019 November 28, 2021 November 28, 2022 December 2026 PHP 7.4 End of Life DatePHP 7.4 reached end of life on November 28, 2022.How Long Is PHP 7.4 Supported?PHP 7.4 is no longer supported by the community. However, through Zend PHP LTS services, PHP 7.4 can be supported through 2026.How Many Teams Are Still Using PHP 7.4 EOL?According to the 2024 PHP Landscape Report, 47.73% of PHP teams are still using PHP 7.4 in their applications.In our 2024 PHP Landscape Report, we surveyed the PHP community to better understand the PHP versions they use in production. And, as with previous years, we found many teams still using end of life PHP versions — including PHP 7.4.As you can see above, there are a significant percentage of teams using EOL PHP versions, with 47% using EOL PHP 7.4 in their applications, 16% using PHP 7.3, 18% using PHP 7.0-7.2, and nearly 16% using PHP 5.6 and earlier in their apps.Back to topThe Consequences of Using PHP 7.4 EOLMost teams are well acquainted with the consequences of unsupported end of life technologies. Every year, new vulnerabilities are discovered within unsupported technologies – with high-profile exploits of these vulnerabilities making their way to front pages around the world.But security isn’t the only consequence of unsupported EOL PHP applications. Teams working with EOL PHP versions also expose their applications to decreased performance, reduced application stability, and the lost-opportunity cost of maintaining an EOL PHP version when they could be helping to further the goals of the business.SecurityWhen a PHP version reaches community support end of life, the community stops providing security patches for that version. As noted above, the accumulation of unpatched vulnerabilities adds an increasing amount of security risk to the application. And, if left unmitigated, these vulnerabilities can and will be exploited.PerformanceOne of the often overlooked aspects of using end of life PHP versions is performance. New versions of PHP regularly add new features and improvements to the language that can reduce development, hosting, or hardware costs for the application. While this might seem like a lesser consideration, these costs can add up quickly – especially when deploying a large number of PHP applications, or applications that receive large amounts of traffic.Application StabilityIf applications aren’t regularly updated to new technology versions, there can be a growing risk of application downtime. As an example, an application running an EOL PHP version might be using a library that has since been deprecated. A bug within that library could cause the application to crash. Now imagine enterprise applications with dozens of un-updated libraries, or libraries that have been updated and cause issues with the EOL PHP application.Opportunity CostsLastly, there’s the danger of lost opportunity cost. Running an EOL PHP version means spending time on things like building or backporting patches for security issues and bugs. For supported PHP versions, this isn't an issue, and allows teams to better focus on improving the security, performance, or functionality of your application.Backporting bug fixes and security patches isn't the only time-consuming aspect of maintaining an EOL PHP application, either. Profiling and improving performance on an application running on an EOL PHP version can be time intensive. But even the best performance improvements on that application can be overshadowed by the performance improvements gained by migrating to a new PHP version. That's not to mention new language features in newer versions that can solve a variety of problems for businesses. The takeaway from this is that there are a number of hidden costs of running EOL PHP applications that can directly or indirectly impact the health of your application and business, and the time committed to things like backporting patches can lead to lost opportunities for improving your application and business.Back to topFacing PHP 7.4 End of LifeTo avoid the risks associated with unsupported EOL PHP versions, teams need to regularly plan and execute PHP upgrades and migrations. PHP 7.4 EOL is no exception.Upgrading Your Application(s)For teams with a limited number of applications or less complex codebases, these upgrades and migrations may be straightforward – depending on the changes between the origin and destination versions. For others, planning migrations for many applications (or particularly complex applications), can be a much more time-intensive exercise.One thing to keep in mind for teams tasked with migrating PHP 7.4 is that this is the final PHP 7 minor release, meaning that there is no guarantee that the destination PHP version will be backwards compatible. More often than not, these major versions are only released when changes there are breaking changes to existing APIs that are exposed to consumers.For teams planning PHP migrations or upgrades, having a consistently audited and profiled set of applications is key to understanding the impact of these major version upgrades on your code base, the scope of a given migration for your team, and the potential impact to the overarching business.Learn more about Zend PHP upgrade/migration services >>Read our migration services case study with Bark.com >>Finding Long-Term SupportFor teams that, for one reason or another, can’t migrate before PHP end of life hits, finding a reliable source of security patches is key to maintaining the stability and security of their given PHP applications.Luckily, there are third-party options for PHP long-term support that can help teams to keep their EOL PHP applications supported.Learn more about Zend PHP LTS >>Self-SupportSelf-support is another option for teams working with EOL PHP 7.4 applications. However, teams that choose this route need to understand the impact this can have on their business. As noted above, developers who are busy developing patches for CVEs are developers who aren’t working on developing new applications, improving existing applications, or working on all the things that will make the next migration easier. While self-support may be a valid option for larger enterprises with resources dedicated to developing patches and fixes in house, it’s not a cost-effective option for 99% of companies.Back to topFinal ThoughtsMigrating or upgrading your EOL PHP is crucial to avoiding organizational risk – and PHP 7.4 is no different. Now that PHP 7.4 EOL is here, teams need to ensure they’ve established a good migration or LTS plan their applications using PHP 7.4.Luckily for PHP teams, Zend offers both migration support and long-term support for their EOL PHP. Get LTS and Migration Services for Your PHP 7.4 Deployments Start planning your migration and support strategy for your PHP 7.4 application with help from Zend. Visit our LTS and migration services pages today to learn more.See Our PHP LTS OptionsSee Our Migration ServicesAdditional Resources White Paper - The Hidden Costs of PHP UpgradesWhite Paper - Planning Your Next PHP MigrationCustomer Success Story - Sensational BrainResource Collection - PHP Versions: Performance, Security, and Feature ComparisonsOn-Demand Webinar - Preparing for PHP 8: New Features, Improvements, and DeprecationsOn-Demand Webinar - Exploring JIT Compilation in PHP 8Blog - How to Assess and Prevent PHP VulnerabilitiesBlog - Setting Your PHP 7.4 Migration StrategyBlog - Exploring the New PHP JIT CompilerBlog - How to Upgrade PHP Blog - PHP Migrations: When Is Migrating the Right Choice?Back to top