PHP released version 5.5.38 recently for their 5.5 branch. This effectively marks the end-of-life for PHP 5.5. Although they do leave the door open ever so slightly for future PHP 5.5 releases:

Note that according to our release schedule, PHP 5.5.38 is the last release of the PHP 5.5 branch. There may be additional release if we discover important security issues that warrant it, otherwise this release will be the final one in the PHP 5.5 branch.

What does this mean for us? Not a whole lot actually. We essentially skipped over PHP 5.5 as a default version and went straight from PHP 5.4 to PHP 5.6 as the default versions on our servers. This means that very few of our accounts are actually using PHP 5.5. For those that are using PHP 5.5 we aren’t going to change you immediately to PHP 5.6. Typically we try to offer a PHP version for a year after it’s last release, meaning that we would continue to offer PHP 5.5 through July 2017. I have not looked specifically at the numbers, but there are just very, very few of our accounts that using PHP 5.5. We’re probably not going to install PHP 5.5 on any server that doesn’t already have it. But if you are using PHP 5.5 you are safe likely for another year (an unpatched security hole in PHP 5.5 may change our timetable). But if you are using PHP 5.5, now would be a good time to start thinking about upgrading your scripts and systems to ones that support PHP 5.6 or perhaps higher.

This brings us to our current PHP offerings and schedule. Currently PHP is supporting PHP version 5.6 and PHP version 7.0. PHP 7.1 is in beta and may get a public release in the not to distant future. PHP 5.6 won’t go end-of-life until December 31, 2018. PHP 7.0 won’t go end-of-life until December 3, 2018. We aren’t currently offering PHP 7.0, mainly because Ioncube and Zend do not yet have encoder support for PHP 7. Adding PHP 7.0 support is on our list of server todos.

Because of the success we had with skipping PHP 5.5 as a default version, we are considering doing the same thing with PHP 7.0. PHP 5.6 still has a lifetime of over 2 years remaining. PHP 7.1 will probably be here before the end of 2016. It really just depends on how things go, but it’s looking like we will skip PHP 7.0 as a default version and go straight to PHP 7.1 as the default version successor to PHP 5.6. Like PHP 5.5 we will offer PHP 7.0, just not as a default version. When will we make a default PHP change? Not before Ioncube and Zend release loaders for PHP 7 or PHP 7.1.

None of this is really written in stone at this point, but this is our current line of thinking. It really depends on how adoption of PHP 7.0 and PHP 7.1 goes from the standpoint of script developers. Right now, adoption of PHP 7.0 is slow – again this may be because of the lack of Ioncube and Zendguard support. It may be that adoption of PHP 7.0 and PHP 7.1 remains low, allowing us to extend PHP 5.6 even longer until PHP 7.2 comes out. All of that just remains to be seen. But it is looking like we are going to skip PHP 7.0 as a default version.

Steven
AMS Support

At AMS Computer Services we always focus on customers first. And in that sense, we are always looking for ways we can better serve our customers. Are there things we could be doing better? Are there services or features that our customers would like to see added? What are the things we are doing well?

All of this requires communication and feedback from our customers. That’s why we have released our Customer Survey to get a better idea of what is important to you – the customer – and what we can do to serve you better.

We invite you to complete the Customer Survey. It is a very short survey and is completely anonymous. We just want to know what we can do to make sure your hosting experience at AMS Computer Services is the best it can be.

AMS Computer Services – Customer Survey

John
AMS Sales

WordPress has released version 4.5 of their WordPress product. Release notes for this update can be found on the WordPress website.

Among the changes in this release include formatting shortcuts, image resizing optimizations, and an update to jQuery.

The update to jQuery is showing to cause some problems with users who use outdated or abandoned themes or plugins. The update to jQuery version 1.12.3 disrupts the way some themes and plugins were performing tasks. These tasks were being performed incorrectly, it’s just that older versions of jQuery were still allowing these tasks to be performed incorrectly. jQuery version 1.12.3 puts a stop to this. The long and short of this is to make sure you are always using up-to-date and reputable (as in not abandoned) themes and plugins for your WordPress script. Reputable theme and plugin developers have kept their code up to date and stay in-tune with WordPress changes.

The upgrade to WordPress 4.5 is not mandatory – at least I don’t think so. As we have found out, WordPress tends to have a weird release system. If you ask them, they’ll tell you that WordPress 4.5 is THE version of WordPress. Yet, they will also continue to release security updates for WordPress 4.4, WordPress 4.3, WordPress 4.2… I’m really not sure how far back they go. Eventually they will stop releasing updates to these older versions of WordPress (or do they intend to support 100 versions of WordPress for years?) but they won’t say when that will happen. Again, as far as they are concerned WordPress 4.5 is THE version of WordPress … except for when they release updates to WordPress 4.4, 4.3, 4.2, etc. Bottom Line: If you are not upgrading to WordPress 4.5 now, I would encourage you to at least be making plans to upgrade to WordPress 4.5 sometime in the near future.

Kyle
AMS Support

I thought this was interesting.

As you may be aware the law firm Mossack Fonseca in Panama was recently hacked exposing quite a bit of customer data – the so called Panama Papers. While the actual root cause of this hack is still unknown some are speculating that this may have been done through known vulnerabilities in different outdated CMS software used on their website.

According to Wired the Mossack Fonseca website was using a 3 month old version of WordPress and nearly a 2.5 year old version of Drupal. Each of these versions are known to be susceptible to multiple vulnerabilities.

All of this serves to underscore the importance of keeping software – especially web facing software – up to date. If you don’t, you may just find yourself being a victim of a hack or compromise, much like Mossack Fonseca.

At AMS Computer Services we try to do our best to inform our users of when a new script update is available. We encourage users to sign up for announcements or mailing lists directly from the script developers so that you will know precisely when a new version is release.

• WordPress – WordPress Announcement Email list
• Joomla! – Joomla! Announcement RSS Feed
• Drupal – Drupal Security Twitter Account
• Magento – Magento Announcement Email list
• WHMCS – WHMCS Announcement RSS Feed

It is important to note that script developers can only do so much. If a script developer is not releasing security patches in a timely manner that is the fault of the script developer. But if a script developer is releasing security updates, but end-users are not installing those security updates, then there’s really nothing more that the script developer can do. It is up to the end-users – people that install these scripts – to be responsible for keeping them up to date.

Matt
AMS Support

Beginning on Tuesday September 22nd we will begin upgrading all of our servers to using PHP 5.6 by default. PHP 5.6 is the latest supported version of PHP from the PHP developers and making this change will allow us to continue to operate on a supported version of PHP.

We anticipate completing these changes across all of our servers around October 15th. Essentially this means that we will be switching servers to PHP 5.6 by default between September 22 and October 15 as time allows. Some days we may switch multiple servers, other days we may not switch any servers. This is just the operating window we are looking at.

Our servers currently run PHP 5.4 by default. PHP 5.4 technically went end-of-life on September 3, 2015 meaning that it is no longer supported. Our intention isn’t to fully drop support for PHP 5.4 yet, but the move to PHP 5.6 will allow us to wean customers off of an unsupported version of PHP 5.4. PHP 5.4 support will continue to be available, at least through the end of 2015 and perhaps longer. We’ll just have to see how the adoption of PHP 5.6 carries on.

We will also be running PHP 5.5 on our servers, but we are skipping ahead and going straight to PHP 5.6 by default.

If you need PHP 5.4 or PHP 5.5 on your account, just shoot us a support ticket and we’ll be happy to switch your account over to either PHP 5.4 or PHP 5.5.

What does this change mean for me?
For the most part, you likely won’t notice any changes from upgrading to PHP 5.6 from PHP 5.6. People who develop web applications like WordPress, Joomla!, and Drupal have known about PHP 5.4’s death for some time and have released updated code to act accordingly. Reputable programmers who write plugins, components, and themes for these web application have also known about this and have long ago updated their code. So as long as you are running up to date scripts and plugins/themes/components you won’t notice any changes.

If you are a PHP programmer yourself and have custom written all of your code, then you have likely stayed in the loop regarding PHP’s versions and are aware of PHP 5.4’s death. You have probably update all of your code to facilitate these changes.

For those that want a more in-depth look at this, a list of deprecated function in PHP 5.5 include:

http://php.net/manual/en/migration55.deprecated.php
ext/mysql
preg_replace() /e modifier
datefmt_set_timezone_id()
datefmt_set_timezone()
mcrypt_cbc()
mcrypt_cfb()
mcrypt_ecb()
mcrypt_ofb()

Deprecated functions in PHP 5.6:

http://php.net/manual/en/migration56.deprecated.php
always_populate_raw_post_data
iconv.input_encoding
iconv.output_encoding
iconv.internal_encoding
mbstring.http_input
mbstring.http_output
mbstring.internal_encoding

Steven