Long-term support for PHP 7.1 is now available.

Long-term support for PHP 5.4 ends September 2017. Ensure your applications are supported.

Need help migrating? Contact us to learn more about our PHP migration services.

Rogue Wave Software provides complete long-term support (LTS) and ongoing maintenance for the certified PHP runtime environment which is distributed as part of Zend Server. Support for each major PHP runtime version is provided for 5 years from initial Zend Server release on that version, extending more than 40 percent past than the 3-year support period provided by the open source PHP community. For instance, PHP 7.1 will continue to be supported by Rogue Wave until December 2021.

In addition to the extended support commitment, Rogue Wave Professional Services provides migration services, methodologies and guidance allowing customers to effectively modernize and migrate their applications to the latest PHP versions and take advantage of the new benefits introduced by the runtime environment.

This delivers our customers and partners a reliable, secure, and fully supported PHP application platform while allowing flexibility in managing production environments lifecycle. LTS for PHP and Zend Server allows IT organizations to efficiently define and plan their business-critical application development, production deployments, and migration strategies.

php long term support chart

Note: As of September 2017, PHP 5.4 (Zend Server 7.0) is no longer supported by Rogue Wave Software.

We highly recommend upgrading to PHP 7. Rogue Wave Software offers migration services that help countless customers upgrade to new versions of PHP with minimal efforts. Unlock the unprecedented performance boost that is more than twice as fast when compared to PHP 5.3. For IBM i customers interested in upgrading, Zend Server 9.1 with PHP 7.1 is now available.

For those of you not yet ready to make that jump, Rogue Wave offers support for PHP 5.6, via Zend Server 8.5, through the end of 2020.

Long-term support policy

Zend Server releases typically support multiple PHP runtime versions. In general, one yearly Zend Server release will be designated as a LTS version for a specific mature PHP major runtime version. Once such a Zend Server release has been defined, it serves as the long-term supported maintenance environment for that major PHP version (no additional Zend Server major releases will generally be planned for that PHP runtime version).

The support period for a given major PHP version begins with the first Zend Server release that includes it, typically available several months following the PHP version general availability (GA) release, having given it time to stabilize for production use. Over the 2-year lifespan of the PHP version, additional Zend Server releases may be made available that support that PHP version. Finally, the LTS release of Zend Server for that PHP version will be supported for at least an additional 3 years, completing a total of at least 5 years of support for the PHP runtime environment version. Long-term support is provided for production systems per the Zend Server production SLA subscription.

SLA Phase 1: Active releases support (2 years)

Start Date: GA of Zend Server containing the specific major PHP version

Active release support is provided per the product SLA tier and scope of support coverage. In the Active release support phase, the Zend team, at Rogue Wave, provides enhanced versions of the runtime on a periodic basis as well as full technical support. They'll deliver bug and security fixes for issues identified and qualified by the team with high severity on a continuous basis. While in this period, They'll also address specific customer requested bug fixes in PHP, Zend Server, or Zend Framework for Enterprise SLA accounts. During this support period, bug fixes, PHP runtime updates, and security fixes can be addressed in a new minor version or will be provided as a hotfix for the current and previous minor version.

SLA Phase 2: Long-term support (3 years)

Start Date: 24 months after the GA of Zend Server for a PHP major version for an additional 36 months

During the LTS period, the Zend team will continue to deliver critical bug fixes and security fixes for the defined LTS Zend Server and its PHP runtime version. During this period, updates are typically delivered for the LTS version. No new versions are planned or new functionality introduced for the LTS Zend Server and PHP version. For customers at the Enterprise SLA tier, the Zend team will deliver specifically requested customer critical bugs and security fixes for functionality issues and vulnerabilities significantly impacting the customer's applications. They'll make commercially reasonable efforts accordance with the customer's SLA to address such issues including in the PHP engine and supported PHP extensions. Customer specific requested fixes will be delivered if most cases as a private release upon customer request and typically replacing affected components. The Zend team may decide to release a public version in cases where a widespread severe problem is identified.

Extended support periods beyond the SLA

For older Zend Server and PHP runtime versions that fall outside the scope of the committed SLA tiers and long-term support durations, the Zend team can typically provide an extended period of support and fixes based on the specific version. Such extended period agreements are limited to Enterprise SLA subscriptions where the scope and extent of the support is defined in a customer specific Extended SLA agreement.

Security vulnerabilities policy

The Zend team provides security hot fixes for vulnerabilities qualified by Zend with high severity. Some of these issues may have been fixed but not yet released by the PHP open source maintenance processes while others are newly discovered security vulnerabilities that are not intended to be fixed in the open source PHP distribution. High severity security issues are in general remotely exploitable security vulnerabilities that pose a threat to the application execution or compromise its data. Local exploits are typically not considered severe threats. They may make exceptions to the extended support duration and scope in cases where certain conflicts or dependencies on external unsupported components arise.