[dd32]

Please contact your host and get them to upgrade to something released in the last... 5 years or so?

However, 3.1.x is not going to be "officially supported" as a legacy branch AFAIK, If any security issues arrise in the coming months and the fix can be applied to both the 3.2 and 3.1 branches, you'll see those patches be applied to the 3.1 branch as well <em>most likely</em> - So when 3.2.1 comes out, or 3.2.2, etc take a closer read of the announcement post and/or ask the question if a update is available for 3.1. Chances are, the SVN branch will already have the fixes applied: http://core.svn.wordpress.org/branches/3.1/

[robtoo]

Please contact your host and get them to upgrade to something released in the last... 5 years or so?

As noted above: CentOS 5.6 was released less than 3 months ago, and CentOS 6 isn't even out yet.

Similarly for Red Hat. RHEL 5.6 was released less than 6 months ago, will continue to be fully-supported for another 3 years, and Red Hat can provide "critical impact security fixes" for another 3 years after that.

3.1.x is not going to be "officially supported" as a legacy branch

WordPress.org have just screwed a lot of people.

Every RHEL 5 shop is now stuck between Scylla and Charybdis, trying to evaluate whether it is better to run with a web app that is unsupported, or an operating system with key, network-accessible components that are unsupported. And RHEL 6 shops are wondering which path they'll take in a couple of years time when PHP 6 become a requirement.

Any CentOS shop with seperate dev and ops teams is going to hate jumping onto the "now and forever you will have to recompile and reinstall PHP every month" bandwagon. There's a reason these folks are running a binary distribution, and they really don't have secret Gentoo-envy.

Also remember that installing a new PHP release is incredibly risky from an ops perspective. PHP has an awful track record of backwards compatibility, regularly changing APIs between point releases, and every upgrade has a very real chance of breaking custom code which may not even have a development team any more.

[dd32]

Just because a Linux Distribution releases a release with an old version of PHP, it doesnt make it a current-generation PHP release.

Yes, It might have extra security patches applied to it[PHP], but Security is not the reason behind applications increasing their PHP version requirements.

Looking at the centos site, it seems that CentOs currently ships with PHP 5.1.6 (The latest in the 5.1 branch). 5.1.6 was released in August 2006, that's 6 years ago. CentOs currently ships with 6 year old software?

Ultimately, only 3.3% of all current WordPress installs are on 5.1.6, and i'd be willing to bet that most of those are sysadmins who are not willing to put the time into testing the PHP 5.2 packages that are available. WordPress has to do what's best in the communities interest, and if that's supporting somethin which 95%+ of hosts use, and the rest have available to them in some form, then WordPress needs to move forward and that few percent will have to do something about it.

The same can be said about IE6, The WordPress Admin does NOT work in IE6 anymore (Well it does, but it looks even worse than 3.1 did). Many corporations run IE6 due to not wanting to update,

People need to bite the bullet and invest in their infrastructure and software environments.

[robtoo]

Aaand I forgot about the php53 package, an optional supported alternative to the default php package.

[jacques_chester]

Wordpress hasn't exactly got an amazing track record of introducing stable changes between releases.

I've seen posts deleted during an upgrade that hanged halfway through. That was fun.

I've most recently seen image uploading and TinyMCE simply break during a recent bug fix.

If you think PHP is a poor ops citizen, Wordpress is even worse.