On Fri, Dec 6, 2013 at 10:53 AM, Zachary Burnham <[email protected]> wrote: > Will security problems with 2.2 be patched?
Yes -- we're not abandoning 2.2, we're just bumping the minimum required PHP version for 2.3 onwards. >> On Dec 6, 2013, at 11:49 AM, Matthew Weier O'Phinney <[email protected]> >> wrote: >> >> Hey, all -- >> >> I never closed this thread, but will do so now. >> >> ZF 2.3.0 WILL bump the version to at least 5.3.9; we may bump to the >> last 5.3 release version (5.3.27), as that contains the last security >> fixes applied to the 5.3 branch, and distros that provide 5.3 either >> have 5.3.3 or 5.3.latest typically; Zend Server, which should run on >> just about any OS out there, ships 5.3.27 already, and is a viable >> option for upgrade for those whose distros are stuck on older >> versions. >> >> We *DO* have precedence for bumping the minimum required version at >> minor release versions; we did this with 1.7 (bumped to 5.2.4) and >> again with 1.12 (bumped to 5.2.<latest at the time>). Additionally, as >> others noted in the thread, if you are "stuck" with an LTS server >> edition, typically you are also pinning to specific ZF versions long >> term as well, as it's part of your release process. >> >> While I am aware this will displease some of you, we cannot please >> everyone, and we have some very real issues in the code base that >> require fixes introduced starting in 5.3.9. Considering that we are in >> the last few months of security releases for the 5.3 branch, an >> upgrade to 5.4 or higher is strongly encouraged by the PHP group >> anyways. >> >> >> On Tue, Nov 5, 2013 at 1:34 PM, Matthew Weier O'Phinney >> <[email protected]> wrote: >>> Hey, all -- >>> >>> We're running into a few situations where bumping the minimum required >>> PHP version for ZF2 would be useful; in fact, there's at least one >>> situation where staying with 5.3.3 actually prevents progress on a few >>> issues. >>> >>> The specific issue we have is that, until 5.3.9, PHP did not allow the >>> following: >>> >>> interface Foo >>> { >>> public function send(); >>> } >>> >>> interface Bar >>> { >>> public function send(); >>> } >>> >>> class FooBar implements Foo, Bar >>> { >>> public function send() >>> { >>> // do something >>> } >>> } >>> >>> Essentially, implementing multiple interfaces that define the same >>> method, using the same signature. >>> Prior to 5.3.9, this raises an E_FATAL. From 5.3.9 forward, it works. >>> >>> Having this would allow us to fix a situation with the way translation >>> works across components; not having it means we're stuck with some of >>> those problems. >>> >>> There are other issues as well: ArrayObject has had a lively history >>> of malfunctioning with 5.3 and 5.4, and there are some odd behaviors >>> in the object model as well that have been corrected starting in 5.3.7 >>> and up. >>> >>> Considering PHP 5.3 has already reached end of life status >>> (http://php.net/archive/2013.php#id2013-07-11-1), upping the minimum >>> version seems like "a good idea." >>> >>> My question, then is: >>> >>> - Should we up the minimum required PHP version for ZF2? >>> - If your answer was "no", why not? >>> - If your answer was "yes", what version should become the next >>> minimum supported PHP version? Why? >>> >>> NOTE: we are not announcing that we will up the minimum required >>> version at this time; I'm soliciting feedback so we can make a >>> decision. >>> >>> Thanks in advance! >>> >>> -- >>> Matthew Weier O'Phinney >>> Project Lead | [email protected] >>> Zend Framework | http://framework.zend.com/ >>> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc >> >> >> >> -- >> Matthew Weier O'Phinney >> Project Lead | [email protected] >> Zend Framework | http://framework.zend.com/ >> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc > > -- > List: [email protected] > Info: http://framework.zend.com/archives > Unsubscribe: [email protected] > > -- Matthew Weier O'Phinney Project Lead | [email protected] Zend Framework | http://framework.zend.com/ PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc -- List: [email protected] Info: http://framework.zend.com/archives Unsubscribe: [email protected]
