You need to consider a number all factors and take into consideration repercussions there could/would be.
This is LESS a PHP problem and rather more a DEBIAN problem with Symbiosis affected by the problem.
Firstly, what is the issue? PHP Security Support Timescales are too close for comfort!
5.6 * - 31 Dec 2018 < Too close for comfort
7.0 - 03 Dec 2018 < WTF
7.1 - 01 Dec 2019 < More comfortable
7.2 - 30 Nov 2020 < Where most would like to be
You wish to upgrade to the latest (most recent stable) versions of PHP but you are tied to a Symbiosis server…
I can only comment on Debian with Symbiosis (which appears to be most of us) so if you are on another setup this comment may not be appropriate for you.
I have a number of servers (all debian - symbiosis);
1 Running Jessie (for various small client websites)
1 Running Jessie (for 1 larger project I developed & operate)
1 Upgraded from Jessie to Stretch & Upgraded PHP to 7.2.11 (for client which needs security)
1 Clean Stretch install Upgraded PHP to 7.2.12 (for client long term project)
Currently Stretch includes PHP 7.0 (security ends 3rd Dec 2018), this appears to be a problem, it is for me as I am developing a system requiring advanced security only available in PHP 7.2.11+ but I was also concerned by the short support timescale in 7.0 so I was forced into upgrading the server.
Easy & smooth upgrade process for PHP 7 to 7.2 branch was provided by Bytemark Support, it went like a dream.
- wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add -
- echo “deb https://packages.sury.org/php/ stretch main” | sudo tee /etc/apt/sources.list.d/php.list
- apt-get install ca-certificates apt-transport-https
- apt-get update
- apt-get install php7.2 php7.2-cli php7.2-common php7.2-opcache php7.2-curl php7.2-mbstring php7.2-mysql php7.2-zip php7.2-xml
- a2enmod php7.2
- a2dismod php7.0
- service apache2 restart
Note: You’ll need to be in as root user or add sudo to the start of all them commands.
However it appears that Roundcube no longer works (wasn’t spotted immediately) and needs to be upgraded to the latest version (roundcube are aware of the issue and have repaired it in the latest version). I have users on the server who were using roundcube for webmail but I will now have to investigate other options or suitability of upgrading roundcube which could have issues with Symbiosis.
Bytemark cannot supply any assistance with this as I have stepped outside of the Debian>Bytemark upgrade/updates path and now have unsupported PHP installed.
This is why I said earlier consider repercussions, at present you are stuck with PHP 7.0.30 which is the current level of PHP inside of Debian Stretch, it is up-to Debian when they are ready to offer the more recent versions of PHP and is outside of Bytemarks control.
Hope this helps