Support for PHP 5.6.x Ends in 2 Months, Millions of Websites at Risk

Did you know that nearly 80% of all websites run on PHP? More particularly, “PHP is used by 78.9% of all the websites whose server-side programming language we know”, as revealed by W3Techs statistics. This fact alone makes PHP security a very crucial matter, and when you add the fact that support for PHP 5.6.x ends at the end of this year, the security matter becomes critical.

Support for PHP 5.6.x to End on December 31, 2018

In other words, after December 31, 2018, millions of websites will stop receiving security updates for their servers, and hence the PHP ecosystem will be exposed to a variety of security dangers. History shows that it won’t take long for attackers to locate a security flaw in PHP and exploit it against vulnerable websites, researchers generally warn.

According to Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprise, it is highly likely that “any major, mass-exploitable flaw in PHP 5.6 would also affect the newer versions of PHP”.

It should be noted that PHP 7.2 will get a patch from the PHP team, for free, in a timely manner. As for PHP 5.6, it will only get one if paid support from the OS vendor is at place.

“If anyone finds themselves running PHP 5 after the end of the year, ask yourself: Do you feel lucky? Because I sure wouldn’t,” Arciszewski added in a conversation with ZDNet.

Security researchers have been referring to this as a “ticking PHP time bomb”, and they have the absolute right to do so. Interested parties have been aware of this time limit for quite some time. Since PHP 5.6 was considered the most deployed version of PHP in 2017, (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Milena Dimitrova. Read the original post at: