PHP8 requirement is bad and insecure

  • Resolved hoy

    (@whereskarlo)


    8 months, 1 week ago

    The latest version of BTCPay Server 2.6.0 is only compatible with PHP8 or above. This is a very bad idea. Most WordPress websites use a plethora of plugins and themes, and upgrading a production server to PHP8 comes with potential incompatibility problems.

    At the moment, BTCPay Server is the only plugin I have that is no longer compatible with PHP7.4. This means, unless I upgrade the server I will no longer have access to future security-related updates from BTCPay Server plugin.

    I don’t think this was a good choice as it puts a large amount of your users outside the ability to upgrade the plugin going forward, until extensive compatibility testing for PHP8 has been done.

    Why can’t you keep supporting PHP7.4 like basically all other plugins do at the moment, and provide a roadmap/timeline for a slow transition to PHP8 if it is really needed? If you gave us 6 months for example, we could properly test our websites, iron out any incompatibility problems with other plugins and themes, while still having access to BTCPay Server updates. After this, a transition to PHP8 would be reasonable.

    Please look into what you can do regarding this!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter hoy

    (@whereskarlo)

    Ultimately I went through with the server update, less problems than feared. You can delete this topic if you will, or leave it up. Not sure if it is relevant to others.

    Plugin Author ndeet

    (@ndeet)

    Hey, glad you made it work. You could still use 2.5.0 which supports PHP 7.4. No security updates had been done and if there were we could release a 2.5.x version although unlikely for the following reasons:

    Even PHP 8.0 is end of life and does not get any security updates anymore since Nov. 2023. PHP 7.4 since Nov 2022. Security updates for PHP 8.1 will end Nov 2024. This means we supported 7.4 for more than 1 year even after it’s official end of life.

    Btw. your claim that removing support for PHP 7.4 makes this in any way “insecure” is nonsense. It is insecure to keep running unmaintained PHP versions.

    hansderuiter

    (@hansderuiter)

    Any chance you can reintroduce compatibility with PHP 7.4? Unfortunately for me, upgrading to PHP8 is a huge task. There are plugins that aren’t PHP8 ready, and half the website uses a different CMS plus its own plugins.

    I’d love to get the website revamped, but that’s too big of an expense for now.

    Plugin Author ndeet

    (@ndeet)

    Hi @hansderuiter, you can still use version 2.5.0 which does not have that requirement https://github.com/btcpayserver/woocommerce-greenfield-plugin/releases/tag/v2.5.0

    With 2.6.0 I upgraded the BTCPay PHP library that is used and the library has PHP 8.0 as minimum requirement, that’s why and because PHP 7.4 is EOL for very long time the min PHP version was updated to PHP 8.0.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘PHP8 requirement is bad and insecure’ is closed to new replies.