I notice that the latest PHP available on RHEL 6.5 is PHP 5.3.3
. See Distrowatch and also my own check:
$ php -v
PHP 5.3.3 (cli) (built: Jul 15 2014 08:48:08)
However, the PHP website claims that this version is depreciated, and the 5.3 branch ended with 5.3.29 anyway, not the 5.3.3 as in RHEL 6.5.
Since the distro is supported by Red Hat, I assume that all the applications are security-maintained, but where can I find this information for certain? According to the Production Support Scope of Coverage "If we ship it, we ... Do not support ... Third-party software / Community projects". Is PHP considered third-party software or a community project for purposes of RHEL support?
I have examined the Red Hat Enterprise Linux Life Cycle and RHEL Top Support Policies documentation, but I have not found an answer. I actually don't have access to the RHEL support service in my current position with regards to this account, otherwise I would just ask Red Hat! However, I do feel that this information should be publicly available and would apply to any users of RHEL, hence I ask here.
Yes, Red Hat backports security fixes and important bug fixes to all packages they offer in their repositories until the EOL of that particular RHEL version. New major features or drastic changes are not appearing in RHEL updates.
If you are using the PHP that is included in the official Redhat packages, then it is supported. They go out of their way to avoid the - 'want a security fix, have these incompatible changes as well' problem. Looking at the the Redhat version number and comparing with upstream is unhelpful for security issues.
As it happens, the latest update for php53 was issued today.