cPanel & WHM Version 80 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
 

Allow to install PHP 5.3 in Easy Apache 4 with the understanding that these versions are not secure.

kdean shared this idea 3 years ago
Not Planned

The whole point of Multi-PHP was to be able to offer both new and older releases of PHP. cPanel staff had stated "We plan to offer PHP 5.2 and PHP 5.3 soon." 4 months ago in https://features.cpanel.net/topic/allow-to-install-multiple-php-5x-versions but have recentlly back-peddled and stated "cPanel has no plans to offer PHP 5.3 at this time." and then locked comments on that request even though PHP 5.3 had been discussed numerous times as a needed option.

Please make it a priority to add PHP 5.3 as your customers have been requests for months.

Best Answer
photo

Hi all! At this time we are still not planning to add support for end-of-life versions of PHP, but CloudLinux does offer that support. Currently it's unclear how CloudLinux multi-php will work with EA4's implementation of multi-php, but we're hoping that question will be answered by the end of summer. You can read a bit more about that here.


https://www.cloudlinux.com/view-all/entry/beta-easyapache-4-released-for-cloudlinux


While I encourage anyone who would still like to see this request to continue to add their vote, I'm going to go ahead and lock comments on this request at this point. From what I can see we have gotten all of the feedback we need, and will continue the discussion internally. If you have more information to provide, or have any questions, feel free to shoot me an email!

Comments (26)

photo
2

I beg to disagree with the last comment on the previous feature which lead to the topic being closed. This is actually the only reason to have support for multiple PHP versions, supporting legacy websites...


The initial request demonstrated clearly the use case:

"Example: clients should be able to choose 5.2.11, 5.3 or 5.4.PHP 5.3 break several old scripts, and some server owners can't afford to setup a server for websites running PHP 5.2.x and another for 5.4.x."


I asked specifically for that question and was give the answer that they planned on supporting php 5.2 and 5.3 soon.


It's a shame half-baked feature gets marked as closed loosing all the "i like this idea" and ppl following that feature request, at least for EA3 they made a compatibility package that one could install at own risk after they discontinued support for php 5.2.


Well I sincerely hope CPanel reconsiders this.

photo
2

Yeah, it's frustrating that they felt the need to close comments on the previous request to stifle the discussion that existed throughout that request regarding older PHP versions. We can't even post a comment there to point people to the new request. Just a bad, poor thought out, possibly aggressive more on cPanel's part to get us to go away.... well we're not going away and we're still going to ask for at least PHP 5.3 like we've been asking for since the beginning.

photo
1

Thanks for opening this new feature! We didn't close the MultiPHP feature to stifle discussion, that feature was completed and there was nothing new to discuss. The only conversatinos were requesting a new feature of PHP 5.3, which is why I asked for a new request to be opened. Thanks!

photo
2

Problem with that is PHP 5.2 and 5.3 were in the original request and discussed throughout that you marked as "completed" (although it needs a full GUI). Setting it to complete and wanting a new request is fine in the end, but you didn't need to close the comments as well. At least post a final comment there pointing people here that are interested parties since it's not very easy to promote requests and there's a lot of interested parties there.

photo
2

CloudLinux is offering older security patched versions of PHP here: https://www.cloudlinux.com/benefits/multiple-php-versions.php The cPanel team who worked on Multi-PHP has worked with CloudLinux to ensure this functionality remains compatible in newer versions of cPanel.


Its unlikely that we would be able to build enough support to fund and maintain the security of older versions of PHP beyond what PHP is able to do themselves. If this is something that is important to you, please consider supporting CloudLinux's effort by buying their software. Also, I suggest making clear that that is the reason you are buying their software to ensure they are able to continue funding their multi-php project.

photo
1

I guess most people that are requesting this feature, would be happy if cpanel provided a last version as it is like in https://documentation.cpanel.net/display/EA/Custom+Modules.


If the objective was to use/buy cloudlinux, then multiplephp wouldn't be needed, as cloudlinux already offered it...

photo
1

Hi Manual,


The primary impediment to doing this is that we would not be able to provide a secure version. I have adjusted the feature request to make it clear that if this were to be implemented, it would not be secure. If this feature request is able to gain support with that understanding, we will discuss moving this forward.

photo
1

I would like to use CloudLinux, but my host says it's only available for dedicated servers and not cloud servers. Not an option for me at this time. Hope cpanel gets 5.3 support.

photo
1

@Domain Hero - you can run cloudlinux on any server, whether virtualized/VPS or bare metal. Just need to be able to roll the CL repos and kernel on top, so things that use shared kernel like OpenVZ on a host machine "above your reach" might be out of the scope.....perhaps that's what the host meant. However with KVM and friends it works great.

photo
1

@dhaupin , I really can't run CloudLinux on any server, since my host says flat out I'm not allowed. They only allow it on dedicated servers and not their cloud servers. While the easy answer is to say try another host. I've used over a dozen hosts and am not changing because I love my current host's cloud setup and pricing.

photo
1

No one is asking you to maintain the security of older versions. Just supply it as is like EA3 does. To just immediately set this to "Not Planned" is a huge slap in the face to people who believed what you said months ago that PHP 5.3 was coming after the GUI was completed. So you basically lied or just arbitrarily changed your mind with no respect to the people that asked for Multiple PHP 5 versions in the first place.


We shouldn't have to pay addition money to cloud linux just to cover what cPanel was supposed to in the first place.


Please remove the "Not Planned" status and stop going back on what you said in the past and just make the last version of PHP 5.3 available as you're being requested to do since before you even started the Multiple PHP feature.


It boggles my mind on how cPanel doesn't seem to get why people asked for this feature in the first place. It just smacks as pure lazinous on cPanel's part.

photo
1

Hi,


The primary reason we haven't done this is that it's not secure, and offering this to your customers is dangerous and has a very high probablity of hacks and vulnerabilites being exploited in your customers systems, thus causing higher overhead by staff for fixing and assisting. This is why we'd prefer users who are using old PHP versions to use CloudLinux hardened PHP, as it's decently secure.

photo
1

Sure, using PHP 5.3 is only a compatibility requirement for some of my old accounts who don't have a software upgrade path to fix that without changing their site to completely new software which can take a very long time... meanwhile the entire server is stuck at 5.3 because of only a handful of accounts. So entire server running 5.3 security vs only a few accounts running 5.3 security and the rest better. Wouldn't you want at least the latter?


Since I've been running 5.3 as offered now without any major issues so far, I have no problem continuing to do so for those accounts until they go away or upgrade. The rest of my accounts will be upgraded to more recent versions. You could make it so EOL versions are not shown in the cPanel front-end unless that account is currently running that version (which is where I would start my EA4 experience, with everyone on 5.3, and then move the compatible accounts upward.)

photo
1

The exact title of the last feature request was "Allow to install multiple PHP 5.x versions", it was not "Allow to only install PHP 5.4 & 5.5 versions". It is so ridiculous it was marked completed when it was not what people asked for.

photo
1

...and even more ridiculous that we were directed to create a new request that was immediately set to "Not Planned." What was the point of that other than further aggravating the situation. Get your head out of the sand cPanel.

photo
1

Thanks for changing the status. This is a very important issue that I and others have spent the last year+ waiting to happen based on past assurances from cPanel staff that it was going to happen.

photo
1

I posted a forum thread to help draw attention to this problem. https://forums.cpanel.net/threads/if-you-want-php-5-3-in-easy-apache-4-vote-now.514561/

photo
1

PHP 5.3 went end-of-life in August 2014.


What scripts are still depending on PHP 5.3? Those script developers haven't updated their code to work with a current version of PHP (which doesn't even include PHP 5.4 - which went end-of-life September 2015). Too difficult and too time consuming to update the script's code to work with a current PHP version? That says a lot about where that developer's true concerns are at.


Allowing PHP 5.3 to be run is just asking for trouble. It's telling your customers that you don't care about security and that you are perfectly fine with allowing scripts that can be compromised and cause for abuse on your server.


This same argument can also be made with PHP 5.4, but I'm willing to give PHP 5.4 some leeway since its just been 3 months since it went end-of-life.


Don't like this constant changing PHP environment? Take this discussion up with the PHP developers and tell them you want an LTS for PHP with a much longer lifetime.

photo
1

If it was just some script then it could be replaced. For example I'm talking about a full site that runs Digishop, an application framework that no longer exists and cannot be updated. So they need to change to a new site which they say they're planning on doing but it's been well over a year without that happening. PHP 5.3 hasn't been the security nightmare some here seem to believe. Not everything is a perfect world of clients keeping their sites up-to-date and developers staying on top of things. Just because something goes EOL doesn't immediately make it a problem that no one should ever have installed.


Also, no one here is complaining about a constant changing PHP envronment. I would love to push later versions out to my clients but I'm unwilling to arbitrarily just break their sites and say Oh Well. That's not how you keep clients.

photo
1

So they've been planning to redo their site with a different framework but haven't "found time" yet? And 10 years from now, if you're still providing them PHP 5.3, how much you want to bet that they still haven't "found time" to update their site?


You know, if I don't pay my rent because I haven't "found time" to get a job, my landlord is eventually going to kick me out. Which person is crazy? Me for not paying my rent? Or the landlord for kicking me out?


It's really not so much a security issue with end-of-life software. It's more the fact that security issues aren't going to be disclosed for end-of-life software. You can submit security issues to php.net for PHP 5.3 until you're blue in the face, they don't care. To them, PHP 5.3 is dead, nobody should be using PHP 5.3 anyway.


Further to all of this, nothing is stopping you from compiling PHP 5.3 on your own and allowing it's use on your servers. I just don't think it's cPanel's duty to provide this. If it wasn't EOL, that'd be a different story. But if you want cPanel to provide EOL software and PHP versions, why stop at PHP 5.3? Why not PHP 3.0.18?

photo
1

I'm sorry this is affecting you so strongly. The original request for Multiple installs of PHP 5.x were for this specific reason so you could keep around 5.3 where you had to and let other account move up to 5.4 and later... problem is it tooks cPanel 3 years to complete and the landscape of versions has expanded but didn't eliminate the original issue. No one is being silly and asking for PHP 3, so stop trying to make it seem like it's a crazy request by equating it as the same thing. EA3 allows PHP 5.3 installs and so should EA4 for the smoothest transition.


It also doesn't help that cPanel has been leading people to believe that 5.3 was coming after the final EA4 version was ready... and now at the last moment right when they finish they pop in and say, nope we're not going to do that afterall. That's just rude on their part and makes it look like they have just been lying to us to keep us quiet until it was maybe too late to do anythng about it. That kind of treatment just pisses me off.

photo
1

We also have 1 tiny backoffice platform that requires php 5.3 -- its not really public facing, its password protected, we understand the "risks". Currently we use Cloudlinux for this...but one question i have that remains un-answered (i have asked 3 times in the other feature request).


Does cPanel multi-PHP conflict in any way with the Cloudlinux (6.6+) multi-PHP? And where are the src's stored for the multi versions in regards to the cPanel version of this functionality? Do they use the same locations/modules/etc as Cloudlinux multi-php or must we make yet another stack of versions/modules? Is there anything people need to know if they are already running Cloudlinux so that worlds don't collide in funky ways? Thanks!

photo
1

Update your site to run with newer versions of PHP. Highly unlikely cPanel will implement support for an unsupported/end of life version.

photo
1

cPanel, has any further thought been given to making PHP 5.3 available?

photo
1

Very disappointing that cpanel do not offer multiple versions of php including php 5.3. Been waiting a while after been told it was coming. Now we need to upgrade the server and noticed Plesk can do it, and cpanel can't . Basically as we have over 70 sites and some website owners do not want to pay to upgrade from php 5.3 when their sites have been running for years without any security issues coming to light. If I force them to change they will go elsewhere. Just the way it is in the real world.

photo
1

Hi all! At this time we are still not planning to add support for end-of-life versions of PHP, but CloudLinux does offer that support. Currently it's unclear how CloudLinux multi-php will work with EA4's implementation of multi-php, but we're hoping that question will be answered by the end of summer. You can read a bit more about that here.


https://www.cloudlinux.com/view-all/entry/beta-easyapache-4-released-for-cloudlinux


While I encourage anyone who would still like to see this request to continue to add their vote, I'm going to go ahead and lock comments on this request at this point. From what I can see we have gotten all of the feedback we need, and will continue the discussion internally. If you have more information to provide, or have any questions, feel free to shoot me an email!

Comments have been locked on this page!