I thought it is fine to use older no longer supported PHP versions as long as they are supported by the OS (e.g. Debian, Ubuntu, etc.). I've changed my mind after reading blog posts and noticing a change within PHP ecosystem.
Let me explain why I changed my mind and why you should prefer official supported versions instead. This not only is true for PHP but any software.
How I used to think ¶
I always thought it is fine to use outdated versions as long as they are covered by my operating system like Ubuntu. I thought the operating system will invest time to keep those versions secure. I didn't mind to run web projects on older versions and to provide TYPO3 extensions or composer packages for outdated versions.
Sources that proof me wrong ¶
I then discovered those sources:
It also feels like the PHP ecosystem is changing. Libraries and tools are only covering official supported PHP versions as listed here: https://www.php.net/supported-versions.php.
My outcome ¶
This leads to issues if you stick to older PHP versions. You might lack security updates as they take some extra time. You might not be able to use some new library or latest versions of libraries including features and fixes.
Furthermore, you create technical debt as you might need to update to newer PHP versions anyway, but with larger code bases in case you keep adding lines of code.
There are tools like rector (https://getrector.org/) which allow you to upgrade your code base to support newer PHP versions nowadays. Also tools like PHPStan (https://phpstan.org/) allow you to check compatibility with PHP versions. It is not as hard to update as it was some years ago.
Further reading ¶
I recommend checking my Reddit post regarding this blog post, so you get further insights and opinions: https://www.reddit.com/r/PHP/comments/wumtvm/why_legacy_php_versions_maintained_by_os_might/.
You might also be interested in the following blog post: https://php.watch/articles/extend-lifetime-legacy-php.