Can you tell me until when, and under what commercial conditions, will the PHP 7.2 packages provided in Ubuntu 18.04 be maintained in terms of security? Does your security patch management schedule mirror that of the community? Thank you for your answers. Best regards.
Asked
Active
Viewed 274 times
1 Answers
0
CVEs affecting PHP 7.2 in Ubuntu 18.04 will be patched by the Ubuntu Security Team as they appear, and patched packages will be uploaded to the bionic-security pocket of the Ubuntu Repositories.
These patched packages will remain 7.2, but the Ubuntu suffix will increment. Example: The current package is 1:7.2+60ubuntu1. The next security upgrade might be 1:7.2+60ubuntu2. Security patches ONLY address CVEs, and do not fix any other bugs, nor add/remove features.
To receive security upgrades, merely ensure you have bionic-security enabled in your /etc/apt/sources.list. The Ubuntu Security Team also recommends the use of Unattended Upgrades, which some folks disable after install for their own reasons.
There is no "security patch management schedule." The Ubuntu Security Team prioritizes patches based on severity, and uploads patched packages as soon as they are tested. Newly-patched packages appear daily.
The current plan is for free support, including free security upgrades, to end in April 2023. After that, you can purchase Extended Security Maintenance support from Canonical until 2028.
user535733
- 62,253