This is a question to better understand security update policy of the Ubuntu LTS distributions.
- I understand that a certain Ubuntu version (such as 20.04 LTS) will not upgrade from PHP 7.4 to PHP 8.x (When will Ubuntu 20.04 drop php 7.4 for php 8.x?).
- And I also understand that Ubuntu 20.04 LTS will receive security updates until early 2025 (https://ubuntu.com/about/release-cycle) with the regular maintenance updates.
- I also understand that PHP 7.4 has received security updates till 11/2022.
My questions are:
- Will Ubuntu fix new security bugs in PHP 7.4 "on its own" till the end of Ubuntu 20.04 LTS maintenance (as this post suggest: Ubuntu 18.04 LTS and PHP 7.2 Security Support EOL?), and where does Ubuntu publish a statement that it works this way)?
- And if they do so, will the security fixes be integrated to the official PHP sources (just out of curiosity)?
- Or will Ubuntu only provide the regular bug fixes from PHP (of which there won't be any more) and will security bugs be unfixed unless I upgrade to PHP 8.x (which is quite easy, of course)?
