BreadcrumbHomeResourcesBlog PHP 7.3 End of Life: How To Support Critical Apps January 13, 2025 PHP 7.3 End of Life: How to Support Critical AppsPHP DevelopmentBy Matthew Weier O’PhinneyPHP 7.3 added numerous new features and improvements to the developer experience. However, as of December 2021, it officially became an end of life (EOL) version, and teams still using PHP 7.3 should work to upgrade or find third-party support as soon as possible to remain secure.In this blog, I walk through the historical significance of PHP 7.3, including the key features and deprecations that were included in this version. I then explain what PHP 7.3 EOL means for your team, discuss the risks of continuing to deploy PHP 7.3, and recommend options for PHP teams looking to upgrade.Get Support for PHP 7.3Zend Long Term Support (LTS) keeps your apps secure through 2026 with patched PHP 7.3 builds and migration support. Upgrade on your schedule, maintain compliance standards, and access 24/7/365 support.Explore lts Options See Migration ServicesTable of ContentsPHP 7.3: OverviewPHP 7.3 End of Life: What You Need to KnowConsequences of Deploying PHP 7.3 EOLPHP 7.3 EOL: Migration and Support OptionsFinal ThoughtsTable of Contents1 - PHP 7.3: Overview2 - PHP 7.3 End of Life: What You Need to Know3 - Consequences of Deploying PHP 7.3 EOL4 - PHP 7.3 EOL: Migration and Support Options5 - Final ThoughtsBack to topPHP 7.3: OverviewPHP 7.3 was released on December 6, 2018, and was the third feature release in the 7.0 series. It included several syntax improvements to simplify development, a large jump in performance capabilities, and a few key deprecations.PHP 7.3 FeaturesPHP 7.3 introduced a number of new features to the language, adding the ability to throw an exception when parsing or encoding JSON, support for samesite cookies, improved FastCGI Process Manager (PHP-FPM) logging, and many others:Flexible heredoc and nowdoc syntaxTrailing commas in function callsUsing references with list()Counting improvementsKey accessJSON_THROW_ON_ERRORLDAP controls supportFurther information and documentation surrounding PHP 7.3 can be found by visiting the PHP 7.3 Release Announcement.PHP 7.3 Performance ImprovementsPHP 7.3 saw the first double-digit bump in performance in the PHP 7 series, with impressive gains for a variety of applications:WordPress + WooCommerce saw 12.5% gainsDrupal 8 saw 11.2% gainsJoomla saw 4.5% gainsMagento 2.3.0 saw 11% gainsMost application frameworks saw ~5% gainsHowever, if you are still running Magento, WordPress, Drupal, or custom software on PHP 7.3, your applications are no longer taking advantage of the latest performance improvements in PHP. Migrating to an updated version is strongly recommended.PHP 7.3 DeprecationsPHP 7.3 introduced a few deprecations, primarily to remove inconsistent behavior. For instance, the “define()” function, used to declare a constant, has always accepted a third value, a Boolean flag used to indicate whether or not to allow referencing the constant case insensitively; the default is to be case sensitive. Since this is inconsistent with how constants are more generally declared (e.g., with the “const” keyword), the flag is now deprecated.Other deprecations were likewise included in the PHP 7.3 release. Additional details surrounding PHP 7.3 deprecations can be found in the PHP manual.Back to topPHP 7.3 End of Life: What You Need to KnowWhen Did PHP 7.3 Reach End of Life?PHP 7.3 reached end of life on December 6, 2021.How Long Is PHP 7.3 Supported?PHP 7.3 is no longer supported by the PHP community. However, through Zend Long Term Support Services, PHP 7.3 can be supported through 2026.Are Applications Still Using PHP 7.3?According to the 2024 PHP Landscape Report, approximately 10% of teams are still using PHP 7.3.Is PHP 7 Outdated?Yes, PHP 7 versions are outdated. All PHP 7.X versions are end of life and no longer supported by the community.If your application uses PHP 7.1, PHP 7.2, PHP 7.3, PHP 7.4, or PHP 8.0, you should upgrade to a supported version as soon as possible.Back to topConsequences of Deploying PHP 7.3 EOLPHP versions, including PHP 7.3, reach end of life after security support from the community ends. At this point, they no longer receive any updates from the community, such as bug fixes, security patches, and more. Continuing to use a PHP version after end of life will have significant impact on your application's security, performance, stability, and cost of ownership.Increased Security RisksInsufficient security is the number one consequence of deploying PHP 7.3 EOL. New security vulnerabilities are identified daily, and continuing to use PHP 7.3 EOL exposes critical applications and sensitive data to an ever-growing roster of security threats. New security risks, or Common Vulnerabilities and Exposures (CVEs), are found daily. Once identified and publicly exposed, each CVE is assigned an ID number and compiled into a list, with each entry including information surrounding the CVE's impact, affected PHP versions, and mitigation details. The longer a PHP version is end of life, the more CVEs will be identified. For instance, many PHP 7.3 CVEs have been identified in 2024 alone. A few examples can be viewed in the table below.CVESeverityTypeSubjectDateAffected VersionsCVE-2024-11236SevereCross-Site Request ForgeryInteger overflow in the dblib quoter causing OOB writes2024-11-237.3.0-7.3.33CVE-2024-8932SevereCross-Site Request Forgeryphp: OOB access in ldap_escape2024-11-227.3.0-7.3.33CVE-2024-8926HighRemote Code Executionphp: PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)2024-10-077.3.0-7.3.33CVE-2024-8927HighRemote Code Executionphp: cgi.force_redirect configuration is bypassable due to the environment variable collision2024-10-077.3.0-7.3.33CVE-2024-11233ModerateInformation DisclosureSingle byte overread with convert.quoted-printable-decode filter2024-11-237.3.0-7.3.33CVE-2024-11234ModerateCross-Site Request ForgeryConfiguring a proxy in a stream context might allow for CRLF injection in URIs2024-11-237.3.0-7.3.33Stay Up to Date on the Latest PHP 7.3 VulnerabilitiesThe Zend Security Center makes it easy to identify and mitigate PHP vulnerabilities before they become problems, keeping your PHP application secure and compliant.Security Center Explore Security SolutionsPoor PerformanceEach new PHP version introduces performance improvements. Not only do these updates deliver improved user experience, but they also can help your team save on hardware, hosting, and development costs. As PHP 7.3 EOL occurred several years ago, teams continuing to deploy PHP 7.3 cannot take advantage of the most up-to-date features associated with the language. Application InstabilityApplications that are not updated consistently are more likely to experience increased downtime. For instance, if your application uses PHP 7.3 EOL, it may be relying on a deprecated library, and a bug or flaw in that library could lead to your application crashing. Now apply that issue to enterprise applications using dozens of non-updated libraries, or updated libraries that are not compatible with PHP 7.3.Hidden CostsUsing PHP 7.3 EOL can quickly become expensive through a number of hidden costs. Where teams running supported PHP versions can focus on improving the security, performance, and functionality of their application, teams using PHP 7.3 EOL must devote developer hours to things like building or backporting patches for security issues and bugs. This leads to lost opportunity and raised costs for improving your application and growing your business.Back to topPHP 7.3 EOL: Migration and Support OptionsThe best way to keep web apps using PHP 7.3 secure is to migrate to a supported version as soon as possible. If a migration is not currently feasible, then teams should seek out long term support provided by trusted third parties until a migration can be planned.Migrating to Supported PHP VersionsMigrating to a supported PHP version is the most efficient way to keep applications secure and compliant. Migrations will unlock access to enhanced performance, new features, and improved functionality for your application, allowing you to deliver faster service and get ahead of your competition.However, migrations can also be complicated, particularly for teams with complex code bases or with several applications in need of an upgrade. Additionally, as both PHP 7.4 and PHP 8.0 have reached end of life, PHP 7.3 upgrades and migrations may need to be completed in increments to reach a currently supported version.Partnering with a team of PHP migration experts, such as Zend, is one way to simplify your PHP 7.3 upgrade process. We can help you boost performance, increase security, and improve user experience through our expert migration services.LTS for PHP 7.3For teams that need more time to create a strategy for completing a PHP 7.3 upgrade, or for those looking to complete more complex migrations, finding a reliable source of support is critical for maintaining the performance, stability, and security of applications currently using PHP 7.3.Zend PHP LTS extends the lifespan of EOL PHP versions, offering expert support after community support ends. Upgrade on your schedule, save money on refactoring, and access a team of PHP experts who will ensure your application maintains compliance, stays secure, and remains supported during migrations from PHP 7.3.PHP 7.3 EOL Timeline With Zend PHP LTSPHP Version Release Date Active Support End Date End of Life / Security Support End Date Zend PHP 7.3 LTS End Date 7.3 December 6, 2018December 6, 2020December 6, 2021December, 2026 Back to topFinal ThoughtsAt the time of it's original release, PHP 7.3 brought a handful of useful features and significant performance improvements to PHP. However, with PHP 7.3 EOL having occurred in 2021, teams must make a migration strategy or utilize PHP LTS services to keep applications secure, compliant, and performant.Expert PHP Migration and LTS ServicesIs your team deploying PHP 7.3? If so, then it's time to create a migration and support strategy. Click the buttons below to get started.PHP 7.3 Migration Services PHP 7.3 LTS OptionsAdditional ResourcesResource Collection - Exploring PHP VersionsResource Collection - PHP SecurityCase Study - mittwald Managed Hosting Customers Stay Secure With PHP LTSCase Study - Bark.com Modernizes Mission-Critical PHP ApplicationBlog - What's New in PHP 7.4Blog - PHP 7.4 EOL Is HereBlog - How to Upgrade PHP Back to top
Matthew Weier O’Phinney Senior Product Manager, OpenLogic and Zend by Perforce Matthew began developing on Zend Framework (ZF) before its first public release, and led the project for Zend from 2009 through 2019. He is a founding member of the PHP Framework Interop Group (PHP-FIG), which creates and promotes standards for the PHP ecosystem — and is serving his second elected term on the PHP-FIG Core Committee.
