PHP 7.0 with latest Debian 9.8 - is it security issue?

Discussion in 'ISPConfig 3 Priority Support' started by Honza, Feb 25, 2019.

  1. Honza

    Honza Member

    Hello Team,
    I have installed some time ago my server using your tutorial for The Perfect Server - Debian 9 (Stretch) with Apache, BIND, Dovecot, PureFTPD and ISPConfig 3.1 therefore I have PHP 7.0 installed but that is no longer supported:

    My assumptions is I no longer get any security updates for 7.0 even though it's "native" for my installation.

    With that in mind I have 2 questions:
    1) Are there any special considerations for moving on with installation of 7.1 and 7.2 using this tutorial?
    2) Should I keep the PHP 7.0 installed or is it recommended to remove it before I proceed with adding of the 7.1 and 7.2?

    Thank you for any insight on this.
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Debian does backport security fixes to PHP 7.0. You can check changelogs to verify.
    For websites, additional PHP versions can be installed.
    You must keep PHP 7.0 installed and as default PHP. Otherwise ISPConfig breaks.
    There is. Each time an update to those PHP is published, you have to notice the publication and install the new version yourself.
  3. Honza

    Honza Member

    Thank you for quick feedback!

Share This Page