Opened 3 months ago

Closed 3 months ago

#14235 closed Feature/Enhancement Request (fixed)

make php 7.1 and 7.2 available on moshes

Reported by: Owned by:
Priority: Medium Component: Tech
Keywords: php7.1 php7.2 Cc:
Sensitive: no


Debian is not packaging 7.1 at all and 7.2 is only available in testing. I can't find any documentation on plans in debian for packaging these versions. So, I think our best option is to pull in packages from

I think we'll need to formalize the selection of the PHP version in the control panel (instead of using the # mfplphpmversion: 5 tag).

We can set all existing sites to php7.0 and then make the default for new sites: most recent version available. Then we can start moving people to php7.2 without disrupting existing sites.

Change History (9)

comment:1 Changed 3 months ago by

  • Owner set to
  • Status changed from new to assigned

comment:2 Changed 3 months ago by

First phase is done. Now, selection of php via the control panel is moved into a field so our members can select it themselves.

comment:3 Changed 3 months ago by

Second phase is down. I've added sury repos and php7.1 and 7.2 to puppet and pushed to octavia and chavez and dorothy. Unfortunately I can't seem to get my puppet dependency to make this happen on one go, so freepuppet-run has to run twice. The first time it sets the new repos, the second time it installs the new packages.

I also tested with on octavia and it seems to be working.

Assuming we get no problem reports on chavez or dorothy today or tomorrow I will plan to push this out to all server tuesday evening and update the control panel to expose the choice of 7.1 and 7.2 for all sites.

comment:4 Changed 3 months ago by

why do we want 7.1 and 7.2? this issue report doesn't point to a reason for the change.

PHP's supported versions lists the upcoming end of security support for version 7.0, but debian's security team typically offers support for packages in stable even when upstream has dropped the package. (i don't know whether that will be the case for PHP 7.0).

In any case, if we decide that 7.0 is unacceptable, why add both 7.1 and 7.2? why not just add 7.2 ?

Last edited 3 months ago by (previous) (diff)

comment:5 Changed 3 months ago by

I forgot to add the user requested tickets - #14233 and #14232. The main reason for going beyond 7.0 is to avoid difficult application upgrade problems. Since php7.0 is coming to an end, many php applications are targeting newer versions and users are trying to keep up with those requirements.

php7.2 made a big change by dropping mcrypt support which causes problems for CiviCRM (see also this civicrm issue). This is certainly a CiviCRM specific issue but we have a lot of members using CiviCRM.

An alternative to installing php 7.1 would be to follow these instructions to compile mcrypt ourselves, but I would rather support php7.1 than maintain that step.

comment:6 Changed 3 months ago by

thanks for the background pointers, jamie :) what a mess with mcrypt and civicrm :(

comment:7 Changed 3 months ago by

Yes, what a mess.

After reading your comment, I realized one option would be to keep CiviCRM users on 7.0, which is fully supported by CiviCRM. I'm not sure what advantage CiviCRM users have to move from 7.0 to 7.1 (the member who made the request simply says they don't want to be a officially un-supported php package, but I agree that debian has typically been pretty good about backporting all security fixes).

As I'm looking at it now in light of this conversation...the main problem with php 7.1 is that come December 1st, it will neither be supported by the Debian security team or the upstream PHP developers. Not a great situation for us. I'll follow up on #14232 to gain clarity on that request.

Last edited 3 months ago by (previous) (diff)

comment:8 Changed 3 months ago by

Oh - tadpole pointed out that I mis-read the end of life for php7.1 - there is another year of upstream security patches. So, I'm going to make it available, but will keep php7.0 as the default. I suspect most members will stay on 7.0 and we will keep the debian stable version the default to minimize transitions.

For people who choose a non-default version, I will include in the control panel and clear note indicating that they will be automatically transitioned to newer versions as their version falls out of upstream maintenance.

comment:9 Changed 3 months ago by

  • Resolution set to fixed
  • Status changed from assigned to closed

Completed. php7.1 and php7.2 are now available on all moshes. In the control panel, the choice is available when you edit your web config, it's the 2nd to last option in the advanced settings.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.