Bug 203552

Summary: lang/php5 : php 5.4 has reached EOL (no more security updates) please deprecate for removal
Product: Ports & Packages Reporter: John Marino <marino>
Component: Individual Port(s)Assignee: Alex Dupre <ale>
Status: Closed FIXED    
Severity: Affects Only Me CC: feld, gasol.wu, lukasz
Priority: --- Flags: bugzilla: maintainer-feedback? (ale)
Version: Latest   
Hardware: Any   
OS: Any   

Description John Marino freebsd_committer freebsd_triage 2015-10-05 12:24:59 UTC 
According to http://php.net/supported-versions.php :

Active support for php 5.4 ended 14 Sep 2014
Security updates for php 5.4 ended 14 Sep 2015 

As of writing, that was 21 days ago.

The PHP developers categorize PHP 5.4 as "End of Life" which is defined as "A release that is no longer supported. Users of this release should upgrade as soon as possible, as they may be exposed to unpatched security vulnerabilities."

I suggest immediate deprecation with expiration date set for early 2016 (e.g. Jan 15 or Feb 1)
Comment 1 John Marino freebsd_committer freebsd_triage 2015-10-14 09:20:15 UTC 
Adding feld@ to get the attention of somebody on the security team since PR has no response so far.
Comment 2 commit-hook freebsd_committer freebsd_triage 2015-10-14 20:04:49 UTC 
A commit references this bug:

Author: feld
Date: Wed Oct 14 20:04:44 UTC 2015
New revision: 399292
URL: https://svnweb.freebsd.org/changeset/ports/399292

Log:
  lang/php5 mark as deprecated

  PHP 5.4 has reached End of Life status

  PR:		203552

Changes:
  head/lang/php5/Makefile