PHP 7.3 is now security-fixes only

Published On16 Dec 2020

PHP 7.3, that was first release released on 2018 December 06, is no longer receiving active support from official PHP development team with the release of PHP 8.0.

PHP development team maintains active support for the two latest PHP versions, and the version only receives security support in case a security vulnerability is discovered.

With the release PHP 8.0, PHP 7.3 enters security-fixes-only state.

Thanks to PHP 7.3 Release Managers 🙏🏼

Christoph M. Becker (cmb) and Stanislav Malyshev (stas) are the release managers for PHP 7.3 branch. A huge thanks to their immense efforts. Both of them continue to actively contribute to PHP project.

PHP 7.3.26 Final Bug-Fix Release

Current latest PHP 7.3 version is 7.3.25. A final release PHP 7.3.26 will be released on 2021 January 07.

From this point, bug fixes will not be back-ported PHP 7.3.

PHP 7.3 Security Support

PHP development team provides security fix releases in case they are discovered for one year. Official PHP team support for PHP 7.3 ends on 2021 December 06.

PHP 7.3 will no longer receive security fixes from the official PHP development team after 2021 December 06.

From external vendors

Debian and Ubuntu both provide PHP as official sources, that might continue to bring security fixes even after the official EOL date.

  • Debian 10 (Buster) currently provides PHP 7.3, and its support from Debian will end on 2022 Jan 01. This loosely resembles the official PHP support date.
  • Ubuntu 18.04 (Bionic) currently provides PHP 7.2, and its support will end on 2028 April.
  • Ubuntu 20.04 (Focal) currently provides PHP 7.4, and its end-of-life date is yet to be announced.

Widely used software repositories maintained by Ondřej Surý (for Debian and Ubuntu) and Remi Collet (for Fedora, RHEL, and CentOS while it may last) will align with the official PHP releases, which means they will end their PHP 7.3 security fix support on same dates as official PHP releases.

PHP 7.3 Usage Statistics

PHP 7.3 is still widely used.

PHP 7.3 is however on a steady decline, as many projects target PHP 7.4 and 8.0 during their migrations.

Recent Articles on PHP.Watch

All ArticlesFeed 
How to fix `mysql_native_password` not loaded errors on MySQL 8.4

How to fix mysql_native_password not loaded errors on MySQL 8.4

How to fix the SQLSTATE[HY000] [1524] Plugin 'mysql_native_password' is not loaded errors caused in MySQL 8.4 no longer enabling the mysql_native_password plugin by default.
How to fix PHP Curl HTTPS Certificate Authority issues on Windows

How to fix PHP Curl HTTPS Certificate Authority issues on Windows

On Windows, HTTPS requests made with the Curl extension can fail because Curl has no root certificate list to validate the server certificates. This article discusses the secure and effective solutions, and highlights bad advice that can leave PHP applications insecure.
AEGIS Encryption with PHP Sodium Extension

AEGIS Encryption with PHP Sodium Extension

The Sodium extension in PHP 8.4 now supports AEGIS-128L and AEGIS256 Authenticated Encryption ciphers. They are significantly faster than AES-GCM and CHACHA20-POLY1305. This article benchmarks them and explains how to securely encrypt and decrypt data using AEGIS-128L and AEGIS256 on PHP.
Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.