TYPO3 has one of the longest supported maintenance windows of any CMS on the market. But for some older versions of PHP and TYPO3, those windows are closing soon. If any of the software you rely on is approaching its “end-of-life” (EOL), it’s time to make a decision about your next steps to keep your sites secure and legally compliant. We've reached out to all site owners with TYPO3 v6.2 sites on the ELTS plan, highlighting the limited time remaining to help them plan their next move
W3Techs reports that of all sites running PHP today, 37.2% are running on an unsupported version of PHP, potentially exposing thousands of sites to vulnerabilities. How many of those are built on TYPO3 CMS? TYPO3 Version Statistics published a report in April 2020 with a scan of 32,000 TYPO3 sites.
The survey discovered approximately 13.71% of sites were running TYPO3 v4.5, which is unsupported and potentially a risk for site owners. 17.08% of sites were running TYPO3 v6.2, which only runs on an unsupported version of PHP. You can see why our TYPO3 digital agency partners are urging their customers to get their sites up to date, secure, and compliant.
Let’s have a look at what this means.
“Officially supported” software has, at a minimum, a team of developers ready to assess and patch (fix) bugs or security issues that arise. This is not only a peace-of-mind factor or nice-to-have for IT governance. It is also essential for compliance with laws and regulations around data privacy and security. GDPR and similar regulations require the use of up-to-date software.
A supported version of open-source software means that as bugs and security issues are discovered, they get fixed. Naturally, the number of versions that can be maintained is limited. Over time, older versions usually move into a phase where the updates are limited to only the most critical issues before they finally reach “EOL.”
The PHP community moves versions from an “Active Support” phase, where that version of PHP receives both bugs and security fixes, to a “Security Fixes Only” phase, during which only fixes for critical security issues are addressed.
Each new version of TYPO3 CMS commences with a series of sprint releases to add new features, improvements, and deprecations. The launch of the LTS version begins the period of “long term support,” that lasts three years. During this maintenance period of the LTS the TYPO3 Core Team will produce regular bug-fix updates and security fixes as needed. They support two versions at any given time—the current LTS release and the previous one. See: Maintenance Releases for the current schedule.
After this three-year support window, TYPO3 GmbH offers the program of Extended Long Term Support for an additional three years. This paid support extends the potential supported lifecycle of a TYPO3 site, increasing the ROI value of the investment while giving companies time to decide what their next step should be.
Keeping track and matching up the various versions of software could be confusing. Our partner, jweiland.net created a table showing which TYPO3, PHP, and MySQL versions fit together.
When you compare the supported versions of TYPO3 and PHP, you can see that TYPO3 v6 no longer has a supported PHP version, and TYPO3 v7’s supported PHP version is only going to be supported until 30 November 2020.
This means if you’re running a TYPO3 v6 site, it’s time to update to TYPO3 v10. And if you’re running TYPO3 v7, now would be a good time to start considering the next steps.
Is it time for an upgrade or a shiny new redesign? Or do you need to get your site reviewed? Or do you need the support of the ELTS service?
At TYPO3 GmbH, we have a roster of experienced official partner agencies that can help you get your site up-to-date. Many of our partners offer upgrade-analysis and cost-estimates up front, before you commit to a full upgrade.
Contact us to put you in touch with the expertise to keep your site running smoothly and securely.
Thanks for the overview, reminds me that I still have some old installs to upgrade sooner than later, as the hoster will also soon not support any PHP version older than 7.x