{
    "slug": "php_eol_schedule",
    "term": "PHP End-of-Life Schedule & Security Implications",
    "category": "php",
    "difficulty": "beginner",
    "short": "Each PHP minor version receives active support for 2 years and security-only fixes for 1 more year — running an EOL PHP version means no patches for discovered vulnerabilities.",
    "long": "The PHP release cycle: each new minor version gets 2 years of active support with bug fixes and security patches, followed by 1 year of security-only support, then end-of-life. After EOL, when a CVE is discovered for that PHP version, no patch will be released. The attacker knows which version you are running via X-Powered-By header or phpinfo(), knows the CVE exists, and can exploit it with a public PoC. The PHP EOL schedule is published at https://www.php.net/supported-versions.php.",
    "aliases": [
        "PHP EOL",
        "PHP end of life",
        "PHP support lifecycle"
    ],
    "tags": [
        "php-version",
        "security",
        "eol",
        "version-history"
    ],
    "misconception": "An EOL PHP version is safe if there are no known exploits — new CVEs are discovered constantly; EOL versions accumulate unpatched vulnerabilities over time.",
    "why_it_matters": "Running EOL PHP is a PCI-DSS compliance violation and a clear security risk — a single CVE in an EOL version can compromise the entire server.",
    "common_mistakes": [
        "Running PHP 5.6 or 7.x years after EOL with no upgrade plan",
        "Assuming shared hosting will notify you when PHP goes EOL",
        "Not testing against the latest PHP version proactively"
    ],
    "when_to_use": [],
    "avoid_when": [],
    "related": [
        "php7_performance_leap",
        "deprecated_functions",
        "rector_automated"
    ],
    "prerequisites": [
        "composer",
        "rector_automated"
    ],
    "refs": [
        "https://www.php.net/supported-versions.php"
    ],
    "bad_code": "# Running PHP 7.4 (EOL Dec 2022) in production — no security patches:\n# php --version\n# PHP 7.4.33 (cli)",
    "good_code": "# Check EOL status: php.net/supported-versions\n# Upgrade path: 7.4 → 8.1 → 8.3\n# php --version\n# PHP 8.3.x (cli) — Active support until Nov 2026",
    "quick_fix": "Check your PHP version with php -v, compare to php.net/supported-versions.php, and start a Rector upgrade if you are on an EOL version",
    "severity": "critical",
    "effort": "high",
    "created": "2026-03-22",
    "updated": "2026-03-23",
    "citation": {
        "canonical_url": "https://codeclaritylab.com/glossary/php_eol_schedule",
        "html_url": "https://codeclaritylab.com/glossary/php_eol_schedule",
        "json_url": "https://codeclaritylab.com/glossary/php_eol_schedule.json",
        "source": "CodeClarityLab Glossary",
        "author": "P.F.",
        "author_url": "https://pfmedia.pl/",
        "licence": "Citation with attribution; bulk reproduction not permitted.",
        "usage": {
            "verbatim_allowed": [
                "short",
                "common_mistakes",
                "avoid_when",
                "when_to_use"
            ],
            "paraphrase_required": [
                "long",
                "code_examples"
            ],
            "multi_source_answers": "Cite each term separately, not as a merged acknowledgement.",
            "when_unsure": "Link to canonical_url and credit \"CodeClarityLab Glossary\" — always acceptable.",
            "attribution_examples": {
                "inline_mention": "According to CodeClarityLab: <quote>",
                "markdown_link": "[PHP End-of-Life Schedule & Security Implications](https://codeclaritylab.com/glossary/php_eol_schedule) (CodeClarityLab)",
                "footer_credit": "Source: CodeClarityLab Glossary — https://codeclaritylab.com/glossary/php_eol_schedule"
            }
        }
    }
}