10

Ubuntu 20.04 reaches end of standard support in April 2025 and so has some life left in it yet. At present (Sept 2022), Ubuntu provides php 7.4 as the default php package for Ubuntu 20.04 and doesn't provide any php8.0 or php8.1 packages. php itself will only provide security support for php 7.4 until 28 November 2022, although Ubuntu may choose to provide security support beyond that date.

To aid planning, is someone able to say:

  1. when Ubuntu will cease to provide security support for php 7.4,
  2. if and when php 8.0 or 8.1 packages will become selectable alongside php 7.4, and
  3. when php 7.4 will be dropped completely in favour of php 8.x

on Ubuntu 20.04?

Thanks.

Fred
  • 101
  • 1
    Additional background info: Version bumps are rare, but did already happen in 20.04 for php from 7.3 to 7.4 (see https://discourse.ubuntu.com/t/php-7-4-in-focal/15000). So this does not seen a duplicate of the common version-bump questions. – user535733 Sep 29 '22 at 13:49

1 Answers1

12

Never going to happen unless you do it yourself. 20.04 will stick to 7.4 with security updates. From StableReleaseUpdates:

Once an Ubuntu release has been completed and published, updates for it are only released under certain circumstances, and must follow a special procedure called a "stable release update" or SRU.

Users of the official release, in contrast, expect a high degree of stability. They use their Ubuntu system for their day-to-day work, and problems they experience with it can be extremely disruptive. Many of them are less experienced with Ubuntu and with Linux, and expect a reliable system which does not require their intervention.

Stable release updates are automatically recommended to a very large number of users, and so it is critically important to treat them with great caution. Therefore, when updates are proposed, they must be accompanied by a strong rationale and present a low risk of regressions.

"It's just a one-line change!"

Even the simplest of changes can cause unexpected regressions due to lurking problems:

...

High-impact bugs

Stable release updates will, in general, only be issued in order to fix high-impact bugs. Examples of such bugs include:

...

See the link for more on this.

The packages list shows:

bionic (18.04LTS) (php): 1:7.2+60ubuntu1: all
focal (20.04LTS) (php): 2:7.4+75: all
impish (21.10) (php): 2:8.0+82~0build1: all
jammy (22.04LTS) (php): 2:8.1+92ubuntu1: all
kinetic (php): 2:8.1+92ubuntu1: all

The version is shown behind the : so for 8.0 you need at least 22.04 (assuming LTS only)

You can install php8 yourself if you really want it but I would advice upgrading to 22.04.

If you want to be independent of php used in Ubuntu you can also install a tarball in /opt and have that migrate through different versions (you can have a setup like /opt/php/, /opt/php-7.4. /opt/php-8.1/ where /opt/php/ and put a symlink in /usr/bin/ that points to /opt/php and that one holds a symlink to the active php version in the 2 other directories.

Rinzwind
  • 310,127
  • +1 Migrating to 22.04 should be safer and easier for most folks than fiddling with PPAs or upstream repos or hoping-for-a-verion-bump or other methods. – user535733 Sep 29 '22 at 14:07
  • Most of this is not relevant to the question I asked. I don't want to install php myself. Have you got a source/evidence for the two claims "Never going to happen unless you do it yourself" and "20.04 will stick to 7.4 with security updates"? I guessed and hoped that that would be the case when I asked the question, but is there any official documented plan? The two things I want to avoid are a) 7.4 being dropped without being prepared for it and b) security support for 7.x being ceased. As @user535733 notes, version bumps do happen. – Fred Sep 29 '22 at 15:36
  • An assumption is being made in the responses that I want to update to 8.x. I don't. I want to know how long I can stick safely on 7.x for. – Fred Sep 29 '22 at 15:40
  • @Fred The second sentence of this answer ("20.04 will stick to 7.4 with security updates") seems seems to directly and exactly address that questions that you asked. – user535733 Sep 29 '22 at 15:45
  • @user535733 Yes, it does address the question. I am not meaning to be rude, but why should I believe Rinzwind when they say that? How does Rinzwind know? I was hoping for something more concrete than an unsupported statement. Perhaps I'm not asking this question in the right place. – Fred Sep 29 '22 at 16:13
  • @Fred 30+ years of experience ;-) is this better? – Rinzwind Sep 29 '22 at 16:46
  • 5
    @Fred I'm a member of the Ubuntu Server Team as a volunteer, and a member of the Ubuntu Core Dev team, and I can affirm that Rinzwind's answer is the canonical answer from the Server Team and Ubuntu Release Teams about whether we're version-bumping PHP on an already stable release. In case you want stronger affirmation by someone who regularly does Ubuntu development with the hats to back them up. – Thomas Ward Sep 29 '22 at 16:48
  • @ThomasWard is there documentation I can read the explains how Ubuntu plans to keep up with security updates for PHP 7.4 on for 20.04 after PHP itself drops support for it? – Lester Peabody Sep 29 '22 at 18:50
  • 3
    @LesterPeabody the Security team will likely backport out of band patches in for the unsupported PHP versions themselves, thereby adapting patches where they need to, and enlisting other Canonical PHP/Server developers to assist where needed. Exact documentation beyond that statement is nonexistent. – Thomas Ward Sep 29 '22 at 19:15
  • Unless php maintainers come with 1 big security patch that essentially turns 7.4 into 8.0 I doubt that after 2025 (7.4 ends end of 2024 iirc) or so the 5 years 20.04 is still around anything will get backported. The advice from Canonical will be to install 24.04. – Rinzwind Sep 29 '22 at 19:19
  • Ondřej Surý's Ubuntu PPA says "Only Supported Versions of PHP for Supported Ubuntu Releases are provided". It means no support for 7.4 beyond 28 Nov 2022. Beyond that Ubuntu would need to pay for or provide support itself. PHP 8.x (now 8.1.x) is a major development on 7.4, so backporting may require significant effort or may not always be possible, and there will be security issues in 7.4 to deal with too. So, happy with @ThomasWard's conviction, but I'd be surprised if support could be continued to Apr 2025! – Fred Oct 03 '22 at 11:11
  • 1
    Is there a communication channel that we can follow to get advance warning of associated developments or changes in Ubuntu support for PHP on Ubuntu 20.04? Thanks. – Fred Oct 03 '22 at 11:12
  • 1
    @Fred PPA is not Ubuntu. That's Ondrej's support of older PHP on older Ubuntu releases. Unfortunately that is not an indicator of Ubuntu's Security Team's effort. Ondrej Sury is not part of the Ubuntu Security Team – Thomas Ward Oct 03 '22 at 14:40
  • 2
    @Fred no, "advance warning" of updates are not announced they just happen. Same with security patches. Changes for PHP versions per release and what version of PHP is in each release are in each Ubuntu release's release notes. – Thomas Ward Oct 03 '22 at 14:41
  • The impact for php will be a lot less than when we went from python2 to python3. It is already possible to switch to 8+ so I doubt there will be big issues. Oh and mind the "IMPORTANT: The -backports is now required on older Ubuntu releases." so there are older versions available Just that those never will get updates (of any kind) – Rinzwind Oct 03 '22 at 16:38