Thread

I just saw in the changelog that Expression Engine now requires PHP 5.3.10 as a minimum version to work.

So people using CentOS and the native build PHP can’t use Expression Engine anymore?

CentOS 6 and Red Hat 6 does not ship with that PHP version. And no, its not insecure, because the default versions shipped with the operating systems are backported. This means, all the security fixes even available in major PHP versions are shipped by default each time you update the operating system and its not actually recommended to replace them.

I’m just wondering if this is a typo on part of Ellis Lab or indeed they just made all CentOS/RedHat servers incompatible by default with their software? I don’t think allot of people would be running Windows servers for PHP and MySQL both which are native to Linux.

It’s worth bearing in mind that PHP5.3.10 is nearly 3 years old, and PHP5.5x is the current version, with PHP6 on the horizon. I’d suggest that it’s CentOS and Red Hat that are a bit behind the times?

My primary web host uses CentOS6 with PHP5.4x as the default (and upgrade to PHP5.5x is imminent) so it can be done.

It’s worth bearing in mind that PHP5.3.10 is nearly 3 years old, and PHP5.5x is the current version, with PHP6 on the horizon. I’d suggest that it’s CentOS and Red Hat that are a bit behind the times?

My primary web host uses CentOS6 with PHP5.4x as the default (and upgrade to PHP5.5x is imminent) so it can be done.

They are not behind. Its called backporting, they ship releases, fixes without increasing the major version. Last time I checked Microsoft does not launch a new Windows systems every 3 years either.

The reason your hosts uses a newer PHP is because they probably use cPanel/Plesk or some other control panel designed for hosting, this control panels manage their own PHP versions from their own distribution, it does not come from the official linux distros or repositories.

80% of the worlds web sites run on Linux and most of them are CentOS or Red Hat so this is a huge problem. Unless Ellis Lab thinks all their clients use 10$ buck shared hosting plans…

I’m very sure there are allot of people that run websites in their own servers, not shared, and so they are using official Linux distros, in particular in business and enterprises sectors, they would be using something like cPanel at all, they would have their own managed server for PHP/MYSQL, and both MySQL, Apache and PHP come officially with the Linux distros and its not suggested to replace them from another distro since then you are actually insecure as they are not updated with the operating system packages anymore and you need to update them manually. This means you have to rebuild the code each time a new version comes out vs your servers, not only a major pain but insecure you can’t update them with a simple yum command anymore.

CentOS 7 is was just released a few weeks ago and they can’t expect everyone to have upgraded already in such a short notice since it requires a full OS wipe.

All major PHP software I know so far support PHP 5.2 or higher but always 5.2 as minimum for this reason. Because allot of Linux distros do not ship with higher versions. It will be a while, probably a couple of months until CentOS 7 is widely used.

Please notice again that default packages with Linux distributions like RHEL/CentOS are back ported, this means its they are patched and safe to use:

Security patches and bug fixes are backported into the shipped version. See here for details: http://www.redhat.com/advice/speaks_backport.html Simply reading a version number on a package or a banner from network scanning is not sufficient to indicate a vulnerability, in light of this approach. Most reputable vendors understand this, but some seem to not account for the upstream approach in their product’s reporting interface.

EL doesn’t really frequent these forums, so I am not sure who you are aiming your comments to. Ask them on Twitter and see their thoughts.

That said, EL is not the only CMS pushing the minimums. CMSMS is another one I use for smaller sites and they are beta testing their new release that is 5.4 minimum.  Craft is 5.3 minimum, though I suspect that may increase in the near future too. There are development and performance advantages that everyone wants to take advantage of, it’s not just about security.

A quick search on Google shows it is possible to update, many people have, whether via yum or remi repository.