5

I notice that the latest PHP available on RHEL 6.5 is PHP 5.3.3. See Distrowatch and also my own check:

$ php -v
PHP 5.3.3 (cli) (built: Jul 15 2014 08:48:08)

However, the PHP website claims that this version is depreciated, and the 5.3 branch ended with 5.3.29 anyway, not the 5.3.3 as in RHEL 6.5.

Since the distro is supported by Red Hat, I assume that all the applications are security-maintained, but where can I find this information for certain? According to the Production Support Scope of Coverage "If we ship it, we ... Do not support ... Third-party software / Community projects". Is PHP considered third-party software or a community project for purposes of RHEL support?

I have examined the Red Hat Enterprise Linux Life Cycle and RHEL Top Support Policies documentation, but I have not found an answer. I actually don't have access to the RHEL support service in my current position with regards to this account, otherwise I would just ask Red Hat! However, I do feel that this information should be publicly available and would apply to any users of RHEL, hence I ask here.

dotancohen
  • 2,590
  • 2
  • 25
  • 39

2 Answers2

6

Yes, Red Hat backports security fixes and important bug fixes to all packages they offer in their repositories until the EOL of that particular RHEL version. New major features or drastic changes are not appearing in RHEL updates.

Janne Pikkarainen
  • 31,852
  • 4
  • 58
  • 81
  • Thank you Janne. Normally I would ask for an official link, but coming from you I'll accept that! – dotancohen Sep 30 '14 at 12:34
  • 1
    For the links, start here: https://access.redhat.com/support/policy/updates/errata/ – Janne Pikkarainen Sep 30 '14 at 12:36
  • Thank you Janne! I've actually read through that document (I even link to it in the OP). I'll take your word for it that 5.3.3 is patched security-wise, and if in your opinion that document proves it, that is good enough for me. Thank you! – dotancohen Sep 30 '14 at 13:14
  • @JannePikkarainen: how does CentOS's security support differ from Red Hat? Is there delay with patches? – pevik Dec 14 '15 at 17:29
3

If you are using the PHP that is included in the official Redhat packages, then it is supported. They go out of their way to avoid the - 'want a security fix, have these incompatible changes as well' problem. Looking at the the Redhat version number and comparing with upstream is unhelpful for security issues.

As it happens, the latest update for php53 was issued today.

richardb
  • 1,256
  • 9
  • 14