PHP 7.4 security updates EOL Nov 28 2022

:warning:PHP-7.4 security updates are ending on November 28, 2022.
PHP Supported Version

Have any Passbolt Community Members tried using PHP-8.0 or PHP-8.1 with Passbolt?

Please share your upgrade experience:

Hi @Duffman, the next version of the API v3.7 (coming this week or next) will be working with PHP 8.0 and 8.1. Currently it works with 8.0 with some deprecation warnings.

1 Like

That is great news.

Passbolt Devs, keep kicking ass!

You guys are doing a great job!

Thank you for the CE version and all the great community support you provide.



Hi Passbolt Community

I just updated to PHP 8.1.9 and Passbolt is working great! Passbolt software is rock solid work. I really like health check and the other cake options.

Passbolt Version = 3.7.1 CE
OS = Ubuntu 20.04
PHP = 8.1.9
Docker = No
Server = Nginx
DB = PostgreSQL
Email = Postfix
Working = 100%

Hi All,

I’ve been rocking PHP 8.1.2 for a while now and it’s been running smoothly no issues.

PHP 8.1.2 (cli) (built: Aug 8 2022 07:28:23) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.2, Copyright (c) Zend Technologies
    with Zend OPcache v8.1.2, Copyright (c), by Zend Technologies
  • Passbolt Version: 3.7.3 CE
  • OS Debian 11
  • PHP 8.1.2
  • Server: Apache (custom built)
  • DB: MySQL
  • Working 100%

Only issue I had (minor) upon updating from v3.7.1 to v3.7.2 my previous debian install the .htaccess got wiped so that was sorted. Updating to v3.7.3 was clean and no issues at all.


1 Like

Hi @all,

my configuration is:

  • Passbolt Version: 3.8.1 CE
  • OS Debian 11
  • PHP 8.1.2
  • Server: nginx
  • DB: MySQL

How can i upgrade to php 8.1? My last attempt was an absolute disaster that ended in a new installation. Or exist a documentation?

I look forward to your feedback.


I don’t think debian stable will move to php8 till the next debian release. You will receive security patches till that moment so, unless you have some other application requiring php8 you most likely don’t need to change php version.

If you still want to change the php version you should check into the ondrej php ppa repository.

1 Like

Thanks for your reply. The security updates, from Debian 11 are still avaible until march 2023. I would like to switch to 8.1 early.

With my previous installation on php 8.1 i had problems that the folder /etc/passbolt was deleted. And I changed the fastcgi path in nginx-passbolt.conf to php8.1-fpm. That didn’t work either.

@JamesBond has updatet to php 8.1. Maybe he has a trick.

Where did you get such information about the support end of life?

Ubuntu and Debian will provide php security updates on php until EOL for the OS version but some people use the ondrej php ppa repository to be able to use newer versions of php.

Seems like the FOSS community is split on the php issue.

I use the ondrej ppa and run php8.1

check your default php version by running:
php -version

set default php by running
sudo update-alternatives --config php

Select the version you want as default.

There has been an on going talk about PHP over on the Nextcloud forum.

More php info (install ppa)

Oh sorry. I have to miss understand that information. 07.2024 it shall be ended.

Anyhow! I have installed passbold from scratch with the instruction from Xiao How to Install Passbolt Password Manager on Ubuntu 22.04 Server with PHP 8.1. Thanks for that great explanation. I have set a ansible playbook in connection with a simple gitlab ci. And passbolt works great!


1 Like

Hi @mgerber


Debian, Ubuntu, etc will provide 3rd party PHP security support until the EOL of the OS version.

I am a big fan of Xiao’s tutorials but the Passbolt team feels that the LinuxBabe instructions will cause issues down the road, Passbolt advises you to use the Passbolt instructions from Passbolt.

Install Passbolt

For extra security I suggest setting up a WireGuard vpn to only allow one ip address into your server configuration.

WireGuard VPN


Hi @Duffman

interesting! Can the passbolt team explain why?

If that nessecary or is ip restriction enough?

Best Regards

Hey @mgerber there was some lively discussion around this on Xiao’s Passbolt with Postgres tutorial but to reiterate:

  • From source is a valid install method, but the package option will be better for the vast majority of cases
  • Often users who install from source don’t keep their installations up to date as it is a bit more involved process(this isn’t a Passbolt specific problem)
  • Any time there is a need to troubleshoot issues on a from source install there are a lot more areas where things can go wrong
  • It is fairly easy to make a mistake, even following this guide, as a user may run the commands as root vs the webserver user, or if they fail to properly update the credentials to something of their own before running the commands.

Which mainly comes down to that we’d recommend the easier option to install and manage Passbolt which is what the packages offer. When installing with the package a lot of potential mistakes are avoided.

All that said the from source installs can be right for some environments depending what all considerations they have. It can also be a great way to learn more about Passbolt and Linux, but probably better to use a package if you are going to be relying on it.


Thanks @clayton for explanation.

you have right. Standardised processes are usually the better way and installation routine is pretty good. But i prefer have used components(apache, mariadb…) and installations routine that i know. It was a litte confused that passbolt installt in 4 diffrent palces.

That’s why I created a simple gitlab_ci.yml. I use it to get the current passbolt version and set folder permissions, etc. Furthermore, I used ansible for the setup and created a corresponding playbook.

Beste Regards


Hi @mgerber

I am just a noob but I would say yes, ip restriction is enough :grinning: That is why I use the vpn, for ip restriction.

I use WireGuard so I can have one ip address my on mobile phone, notebook, etc to access the ip restricted nginx configuration on my server.

1 Like

Hi @Duffman

i think this is also a right thing to connect to diffrent devices. But i’m also a dev ops noob :wink:. And wireGuard installation its for me also tricky. For example how to connect a mobile phone with wireGuard?


1 Like


To use wireguard on your phone, you have to create a wireguard private/public key pair, configure them on your wireguard server and use the wireguard mobile app.



Okay thanks. I try it in a future. If that neccesary to buy Kamatera?

Sorry, I don’t know what is kamatera.