New version requiring PHP 7.4

  • Resolved Webteam

    (@webteambd)


    2 years, 7 months ago

    We’re using version 7.3.1. Version 7.3.2. fixes a problem with the security of the plugin. We’d like to install the new version, however, we’re still using PHP v7.3.1 and aren’t able to upgrade this.

    Questions we’d like to have answered:
    1. Is it okay if we’re still using v7.3 without anything breaking/functions are working properly?
    2. Are the functions from PHP v7.4 used to fix vulnerabilities so that we’re forced to upgrade to v7.4 to be safe?
    3. Could you guys make a patch for v7.3?
    4. Are the security issues also applied to our sites and if so, could we risk potential harm with for example our site: website.belastingdienst.nl/ondersteuning? (We’re using the plugin on this site)

    Thanks for the assistance in advance!

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter Webteam

    (@webteambd)

    2 years, 7 months ago

    Question 4 can be ignored as it isn’t something for 10up to be answered.

    Plugin Contributor Siddharth Thevaril

    (@nomnom99)

    2 years, 7 months ago

    Hi @webteambd

    Thanks for raising those questions. Answering them below:

    1. Is it okay if we’re still using v7.3 without anything breaking/functions are working properly?

    RSA 7.3.2 does not introduce any changes that would break on PHP 7.3. However, if you are planning to use RSA 7.3.2 on PHP 7.3 by modifying the PHP requirement in the plugin header, then as a good safety practice, please test it on a staging environment before you push it to live.

    2. Are the functions from PHP v7.4 used to fix vulnerabilities so that we’re forced to upgrade to v7.4 to be safe?

    The main reason to upgrade to 7.4 here is to officially support the minimum stable version of PHP. Whenever a PHP version reaches its end of life, we bump up the minimum supported version of PHP in our plugin, along with any changes required in the plugin to support the min PHP version.

    3. Could you guys make a patch for v7.3?

    As per the process we follow, I don’t think it is possible at the moment. I will still discuss this internally with the team.

    • This reply was modified 2 years, 7 months ago by Siddharth Thevaril. Reason: improve formatting
    Plugin Contributor Jeffrey Paul

    (@jeffpaul)

    2 years, 7 months ago

    @webteambd note that WordPress itself recommends PHP version 7.4 or greater and that PHP 7.3 hit end-of-life support back in 2021 (7.4 will end-of-life later this year after which point we’ll likely update our PHP minimum to 8.0). So I would recommend considering an environment update to PHP 7.4 (or better to 8.0) if that’s something that’s feasible. We are not intending to support PHP older than 7.4 (and soon 8.0).

    • This reply was modified 2 years, 7 months ago by Jeffrey Paul.
    Thread Starter Webteam

    (@webteambd)

    2 years, 7 months ago

    @jeffpaul Thank you for your answer. We’re using a version of PHP 7.3 that gets security fixes backported by a supplier. We realize that this is a very uncommon situation, and we’re hoping to upgrade to 8.x soon.

    For now, we’ll stick with the previous version of RSA.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘New version requiring PHP 7.4’ is closed to new replies.