>2016
>Default php is 5.4
>Last update was precisely a year ago
>Php 5.4 EOL was 9 months ago
>Red Hat/Centos fanboys will defend this
Use redhat software collections or compile it yourself. Some packages move too fast for them to issue long term support. The same is true for Ubuntu LTS.
If your server had 5.2 and a yum update bumped it to 5.4 you might experience breaking changes. RHEL avoids breaking changes within the same major release. This is a good thing.
That's the point of LTS.
Upgrading PHP version might break your old php web.
Also, EOL upstream doesn't mean unpatched downstream.
Anyway, i use debian for servers as i don't maintain old stuff rigidly.
>>54882319
Ubuntu 14.04 was released around the same time as EL 7 and it's using php 5.5. Even ubuntu is better that RHEL.
>>54882463
>Also, EOL upstream doesn't mean unpatched downstream.
The last update to php54 was before EOL.
>>54882468
Ubuntu LTS are questionable quality, especially during initial release. They pick the latest and greatest, mark it as LTS and support it till EOL.
RHEL pick the most stable version at the time of release and continue till EOL.
>>54882487
RHEL maintain their own patch.
Check CVE for details.
>>54882487
If there's a bug, especially a security issue, Redhat will back port the patch. For example when heart bleed came out Redhat back ported the patches to the old versions of OpenSSL on RHEL 5 and 6.
>i have never actually been responsible for anything more than a free phpbb forum
I would be livid if RHEL suddenly decided it was going to a new php version which I have no idea how it will impact our software.
>>54882522
>>54882524
came here to post this. kys op
>>54882339
>Keeping non-maintained software and exposing paying customers to security vulnerabilities is a good thing
>>54882239
>muh minor versions
>>54882570
>exposing customers to security vuln
at least read the thread you retard.
>>54882522
>>54882524
>>54882524
It only even started to do that a week after debian.
>>54882551
>I have never had my workplace subjected to government audits
>>54882593
>taking what /g/ says at face value
https://www.cvedetails.com/cve/CVE-2015-5589/
https://access.redhat.com/security/cve/cve-2015-5589
>>54882682
But it costs money so it must be good.
>>54882570
>patches don't exist
>if it's not the latest version it's inherently swiss cheese
>>54882682
>can't be exploited remotely
>its success basically relies on pure PEBCAK
dumbshit hamsterposter
