PHP 7.4 security updates EOL Nov 28 2022

Duffman · July 18, 2022, 9:09pm

PHP-7.4 security updates are ending on November 28, 2022.
PHP Supported Version

Have any Passbolt Community Members tried using PHP-8.0 or PHP-8.1 with Passbolt?

Please share your upgrade experience:

remy · July 19, 2022, 11:53am

Hi @Duffman, the next version of the API v3.7 (coming this week or next) will be working with PHP 8.0 and 8.1. Currently it works with 8.0 with some deprecation warnings.

Duffman · July 20, 2022, 8:23pm

That is great news.

Passbolt Devs, keep kicking ass!

You guys are doing a great job!

Thank you for the CE version and all the great community support you provide.

Cheers

Duffman · August 29, 2022, 5:49am

Hi Passbolt Community

I just updated to PHP 8.1.9 and Passbolt is working great! Passbolt software is rock solid work. I really like health check and the other cake options.

Passbolt Version = 3.7.1 CE
OS = Ubuntu 20.04
PHP = 8.1.9
Docker = No
Server = Nginx
DB = PostgreSQL
Email = Postfix
Working = 100%

JamesBond · October 29, 2022, 11:46pm

Hi All,

I’ve been rocking PHP 8.1.2 for a while now and it’s been running smoothly no issues.

PHP 8.1.2 (cli) (built: Aug 8 2022 07:28:23) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.2, Copyright (c) Zend Technologies
    with Zend OPcache v8.1.2, Copyright (c), by Zend Technologies

Passbolt Version: 3.7.3 CE
OS Debian 11
PHP 8.1.2
Server: Apache (custom built)
DB: MySQL
Working 100%

Only issue I had (minor) upon updating from v3.7.1 to v3.7.2 my previous debian install the .htaccess got wiped so that was sorted. Updating to v3.7.3 was clean and no issues at all.

Regards,
Bond

mgerber · November 29, 2022, 9:06am

Hi @all,

my configuration is:

Passbolt Version: 3.8.1 CE
OS Debian 11
PHP 8.1.2
Server: nginx
DB: MySQL

How can i upgrade to php 8.1? My last attempt was an absolute disaster that ended in a new installation. Or exist a documentation?

I look forward to your feedback.

Regards,
Manuel

diego · November 29, 2022, 9:14am

I don’t think debian stable will move to php8 till the next debian release. You will receive security patches till that moment so, unless you have some other application requiring php8 you most likely don’t need to change php version.

If you still want to change the php version you should check into the ondrej php ppa repository.

mgerber · November 29, 2022, 9:51am

Thanks for your reply. The security updates, from Debian 11 are still avaible until march 2023. I would like to switch to 8.1 early.

With my previous installation on php 8.1 i had problems that the folder /etc/passbolt was deleted. And I changed the fastcgi path in nginx-passbolt.conf to php8.1-fpm. That didn’t work either.

@JamesBond has updatet to php 8.1. Maybe he has a trick.

diego · November 29, 2022, 10:17am

Where did you get such information about the support end of life?

Duffman · November 29, 2022, 6:25pm

Ubuntu and Debian will provide php security updates on php until EOL for the OS version but some people use the ondrej php ppa repository to be able to use newer versions of php.

Seems like the FOSS community is split on the php issue.

I use the ondrej ppa and run php8.1

check your default php version by running:
php -version

set default php by running
sudo update-alternatives --config php

Select the version you want as default.

There has been an on going talk about PHP over on the Nextcloud forum.

https://help.nextcloud.com/t/on-the-roadmap-deprecation-of-php-7-4/149848

https://help.nextcloud.com/t/php-7-4-security-updates-eol-nov-28-2022/145429

More php info (install ppa)

https://stackoverflow.com/questions/66076321/whats-the-purpose-of-ppaondrej-nginx

mgerber · December 7, 2022, 2:44pm

Oh sorry. I have to miss understand that information. 07.2024 it shall be ended.

Anyhow! I have installed passbold from scratch with the instruction from Xiao How to Install Passbolt Password Manager on Ubuntu 22.04 Server with PHP 8.1. Thanks for that great explanation. I have set a ansible playbook in connection with a simple gitlab ci. And passbolt works great!

Thanks

Duffman · December 7, 2022, 5:20pm

Hi @mgerber

PHP EOL from PHP

Debian, Ubuntu, etc will provide 3rd party PHP security support until the EOL of the OS version.

I am a big fan of Xiao’s tutorials but the Passbolt team feels that the LinuxBabe instructions will cause issues down the road, Passbolt advises you to use the Passbolt instructions from Passbolt.

Install Passbolt

For extra security I suggest setting up a WireGuard vpn to only allow one ip address into your server configuration.

WireGuard VPN

mgerber · December 8, 2022, 11:15am

Hi @Duffman

interesting! Can the passbolt team explain why?

If that nessecary or is ip restriction enough?

Best Regards
Manuel

clayton · December 8, 2022, 12:41pm

Hey @mgerber there was some lively discussion around this on Xiao’s Passbolt with Postgres tutorial but to reiterate:

From source is a valid install method, but the package option will be better for the vast majority of cases
Often users who install from source don’t keep their installations up to date as it is a bit more involved process(this isn’t a Passbolt specific problem)
Any time there is a need to troubleshoot issues on a from source install there are a lot more areas where things can go wrong
It is fairly easy to make a mistake, even following this guide, as a user may run the commands as root vs the webserver user, or if they fail to properly update the credentials to something of their own before running the commands.

Which mainly comes down to that we’d recommend the easier option to install and manage Passbolt which is what the packages offer. When installing with the package a lot of potential mistakes are avoided.

All that said the from source installs can be right for some environments depending what all considerations they have. It can also be a great way to learn more about Passbolt and Linux, but probably better to use a package if you are going to be relying on it.

mgerber · December 8, 2022, 2:12pm

Thanks @clayton for explanation.

you have right. Standardised processes are usually the better way and installation routine is pretty good. But i prefer have used components(apache, mariadb…) and installations routine that i know. It was a litte confused that passbolt installt in 4 diffrent palces.

That’s why I created a simple gitlab_ci.yml. I use it to get the current passbolt version and set folder permissions, etc. Furthermore, I used ansible for the setup and created a corresponding playbook.

Beste Regards
Manuel

Duffman · December 9, 2022, 4:54am

Hi @mgerber

I am just a noob but I would say yes, ip restriction is enough That is why I use the vpn, for ip restriction.

I use WireGuard so I can have one ip address my on mobile phone, notebook, etc to access the ip restricted nginx configuration on my server.

mgerber · December 9, 2022, 12:38pm

Hi @Duffman

i think this is also a right thing to connect to diffrent devices. But i’m also a dev ops noob . And wireGuard installation its for me also tricky. For example how to connect a mobile phone with wireGuard?

Regards
Manuel

AnatomicJC · December 9, 2022, 1:15pm

Hi,

To use wireguard on your phone, you have to create a wireguard private/public key pair, configure them on your wireguard server and use the wireguard mobile app.

Cheers,

mgerber · December 14, 2022, 8:46am

Okay thanks. I try it in a future. If that neccesary to buy Kamatera?

AnatomicJC · December 14, 2022, 10:33am

Sorry, I don’t know what is kamatera.

Cheers,

Topic		Replies	Views
Recommended wat yo upgarde PHP 7.4 to 8.1 on PRO Server Community Feedback	2	457	January 16, 2024
Passbolt stops working after PHP upgrade Installation Issues	17	3254	March 18, 2020
Upgrading php7.3 on Oracle Linux Server 7.9 [upgrade OS or use 3rd party yum repo] Installation Issues	6	1278	February 24, 2023
PHP 7.3 / Debian Buster stable PHP version Done!	5	1519	March 30, 2021
Passbolt and PHP 7.3 Installation Issues	4	1703	March 4, 2019

PHP 7.4 security updates EOL Nov 28 2022

Related topics