PHP 7.2.0 RC3 has been released on PHP.net on 28th September 2017, and is also available for CentOS/RHEL 7.4 at Webtatic via Yum in it’s testing repository.
This is a alpha release and should not be used in production.
PEAR installer now supports PHP 7.*, however most pecl libraries will not support it as well without their maintainers adding compatibility, so only pecl libraries that do support it will be in the Webtatic repository.
- pecl igbinary extension - waiting for a release that supports PHP 7.2
- pecl memcache extension - no sign of PHP 7 support development in official source repository
- pecl memcached extension - waiting for igbinary release that supports PHP 7.2
- pecl xdebug extension - waiting for a release that supports PHP 7.2
PHP 7.2.0 comes with features such as (incomplete list):
- Parameter Type Widening
- Deprecate Bareword (Unquoted) Strings
- Mcrypt extension removed and put onto pecl.php.net
To see what else has been added, check out PHP 7.2 NEWS
To install, first you must add the Webtatic EL yum repository information corresponding to your CentOS/RHEL version to yum:
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
Now you can install PHP 7.2’s mod_php SAPI (along with an opcode cache) by doing:
yum install mod_php72w php72w-opcache --enablerepo=webtatic-testing
You can alternatively install PHP 7.2’s php-fpm SAPI (along with an opcode cache by doing:
yum install php72w-fpm php72w-opcache --enablerepo=webtatic-testing
See the package list below for additional SAPIs and PHP extensions.
If you would like to upgrade php to this version it is recommended that you first check that your system will support the upgrade, e.g. making sure any CPanel-like software can run after the upgrade.
Unless you know what you are doing, it is risky upgrading an existing system. It’s much safer to do this by provisioning a separate server to perform the upgrade as a fresh install instead.
If you know what you are doing, you can upgrade PHP by:
yum install yum-plugin-replace yum replace php-common --replace-with=php72w-common --enablerepo=webtatic-testing
It will likely give you a message “WARNING: Unable to resolve all providers …“.
This is normal, and you can continue by tying “y
SAPIs are different runtime environments of PHP
- mod_php NTS
(non-thread safety) Contained in the mod_php72w package, this SAPI integrates into Apache Httpd (2.4.* on RHEL/CentOS 7). It is the standard SAPI for use with httpd prefork mpm (the default mode httpd is ran under. It is not thread-safe, but doesn’t need to be due to prefork not using threads. It’s located at /usr/lib/httpd/modules/libphp7.so
Contained in the php72w-cli package, this SAPI allows running scripts from the command-line, and also has a built-in web server for development-use. Located at /usr/bin/php
Contained in the php72w-fpm package, fpm (FastCGI Process Manager) is a scalable FastCGI process, which acts similar to how Httpd prefork mpm works managing it’s forks. Located at /usr/sbin/php-fpm, it is controlled using the /etc/init.d/php-fpm service script
Contained in the php72w-phpdbg package, phpdbg has the ability to debug scripts using breakpoints from the command-line, and also supports remote-debugging using an external Java client for remote communication.
Contained in the php72w-embedded package, this SAPI allows embedding PHP in other applications. It’s library is located at /usr/lib/libphp7.so
- cgi, fastcgi
Contained in the php72w-cli package, these SAPIs are not recommended for use, but are available where needed. They both exist in the binary at /usr/bin/php-cgi.
- mod_php TS
(thread safety) Contained in the mod_php72w package, this SAPI integrates into Apache Httpd (2.4.* on RHEL/CentOS 7). It is the standard SAPI for use with httpd worker mpm. It’s supposed to be thread-safe, but can’t guarantee to be, and certainly not under additional PHP extensions. It’s better to use FastCGI SAPIs than this one. It’s located at /usr/lib/httpd/modules/libphp7-zts.so
|mod_php72w||php72w, mod_php, php72w-zts|
|php72w-cli||php-cgi, php-pcntl, php-readline|
|php72w-common||php-api, php-bz2, php-calendar, php-ctype, php-curl, php-date, php-exif, php-fileinfo, php-filter, php-ftp, php-gettext, php-gmp, php-hash, php-iconv, php-json, php-libxml, php-openssl, php-pcre, php-pecl-Fileinfo, php-pecl-phar, php-pecl-zip, php-reflection, php-session, php-shmop, php-simplexml, php-sockets, php-spl, php-tokenizer, php-zend-abi, php-zip, php-zlib|
|php72w-process||php-posix, php-sysvmsg, php-sysvsem, php-sysvshm|
|php72w-xml||php-dom, php-domxml, php-wddx, php-xsl|
Argon2 in password_hash functions not yet supported
RHEL/CentOS 7.3 and EPEL repositories do not yet have a libargon2 package for use with the password_hash functions. Therefore this hashing algorithm is not yet available, and bcrypt will remain the default.
Mcrypt no longer provided
The Mcrypt php extension used a long abandoned libmcrypt library, which means it could have security issues. PHP.net has decided to therefore move the extension from the core release to pecl.php.net.
Currently Webtatic isn’t planning to build the pecl release of the mcrypt extension.
It is recommended instead to use an alternative openssl or libsodium implementation.
There are polyfill PHP composer libraries available that attempt to provide drop-in mcrypt function bindings for these alternative implementations:
The phpseclib/mcrypt_compat implementation may be the best of these.
The PHP distribution now comes with an opcode cache. This is the Zend Optimizer+ opcode cache, now known as the Zend OPcache extension. This extension is optional, so does not preclude you from using an alternate one.
Due to it being included in the PHP source distribution, it will be well maintained and more suitable for use while other Opcode cache’s are being updated over the coming months.
yum install php70w-opcache
error_reporting E_ALL includes E_STRICT
As mentioned in the PHP 5.4 guide:
You may get a lot more errors coming out of your error logs if by default your error_reporting is set to E_ALL now without explicitly turning off E_STRICT. The default php.ini that comes with the PHP package turns this off by default, but if you are upgrading from an existing installation, your php.ini may not be updated, meaning this will likely be turned on.