Make sure we support the latest PHP versions and do not support PHP < 7.2

monero-integrations / monerophp

Monero PHP library + JsonRPC Client

MIT License

116 stars 76 forks source link

Make sure we support the latest PHP versions and do not support PHP < 7.2 #109

Closed cypherbits closed 3 years ago

cypherbits commented 4 years ago

imagen

trasherdk commented 4 years ago

This will leave users of Slackware 14.2 behind in the dust.

$ php --version
PHP 5.6.40 (cli) (built: Feb  7 2019 14:31:35) 
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
    with Xdebug v2.5.5, Copyright (c) 2002-2017, by Derick Rethans

cypherbits commented 4 years ago

That is the idea: security. 5.6 was discontinued more than 1 year ago and you could upgrade to 7.0 without code changes just for free performance benefits... Version 5.6 like the 7.x not supported have known security vulnerabilities. You MUST NOT use that.

trasherdk commented 4 years ago

Slackware packages are receiving security patches. And I will get notified about those.

Upgrading to 7.x, I would have to maintain a package myself, and not get notified, in case new vulnerabilities are discovered/disclosed.

CVE Security Vulnerabilities PHP 5.6.40 lists 3 different vulnerabilities, all of which is also among the 30+ vulnerabilities listed for 7.x versions.

Comparing the two, 5.6.40 looks a lot safer than 7.x