> On Jul 5, 2023, at 10:44, Ben Ramsey <b...@benramsey.com> wrote: > >> On Jun 13, 2023, at 15:06, Jan Ehrhardt <php...@ehrhardt.nl> wrote: >> >> Hi Christoph, >> >> "Christoph M. Becker" in php.internals (Wed, 18 Jan 2023 13:20:41 +0100): >>> While the official builds for PHP 8.2 already use OpenSSL 3.0, the PHP >>> 8.1 builds are still using OpenSSL 1.1.1. However, OpenSSL 1.1.1 is >>> only supported till 2023-09-11[1], while PHP 8.1 is supported till >>> 2024-11-25[2]. Although I don't like bumping the OpenSSL version in the >>> middle of PHP 8.1's lifetime, I suppose it is necessary to avoid falling >>> behind security support. And if we do that bump, we better do it sooner >>> than later. >>> >>> So, if there are no unforeseen problems, I suggest to build PHP >>> 8.1.16RC1 with OpenSSL 3.0 (PHP 8.1.15RC1 has already been built with >>> OpenSSL 1.1.1). >>> >>> Thoughts? Objections? >>> >>> [1] <https://www.openssl.org/policies/releasestrat.html> >>> [2] <https://www.php.net/supported-versions.php> >> >> I noticed that PHP 8.1.20 at https://windows.php.net/download/ was built >> with OpenSSL 1.1.1t and PHP 8.2.7 & 8.3.0 Alpha 1 with OpenSSL 3.0.8. What >> will be the official policy for 8.1, 8.2 and 8.3? All 3 versions with >> OpenSSL 3.0.x or 8.1 still with OpenSSL 1.1.1? And none of the three >> versions with OpenSSL 3.1.x? Please clarify. > > > What’s the process for changing this? Do release managers need to change the > way we bundle the packages, or does something need to be merged into the > PHP-8.1 branch?
Does anyone know the answer to this question? Cheers, Ben
signature.asc
Description: Message signed with OpenPGP