PHP 8.2 End of Life Date: December 31, 2026 — What You Need to Know
PHP 8.2 is currently in security-only support. Active support ended December 8, 2024. You are receiving critical CVE patches only until December 31, 2026 — after which PHP 8.2 receives nothing. If your application depends on PHP 8.2, migration or an extended support contract needs to start now.
PHP 8.2 lifecycle dates
| Phase | Date | Status |
|---|---|---|
| Initial release | November 8, 2022 | Released |
| Active support ends | December 8, 2024 | Passed |
| Security support ends (EOL) | December 31, 2026 | Upcoming |
Is PHP 8.2 still supported?
PHP 8.2 is still receiving security patches in 2026 — but only security patches. The PHP project entered security-only maintenance on December 8, 2024. This means:
- No new features or improvements
- No bug fixes unless they are also security vulnerabilities
- Only CVEs rated high or critical by the PHP security team receive patches
- All support ends completely on December 31, 2026
For most production environments, being on security-only support is acceptable — but the hard deadline of December 31, 2026 means migration work needs to begin in mid-2026 at the latest.
What PHP version should you migrate to?
PHP 8.3 is the primary recommended migration target. Active support runs until December 2026, with security support extending to December 31, 2027. Migration from PHP 8.2 to 8.3 is typically low-friction — no major breaking changes affect most applications.
PHP 8.4, released November 2024, is also a valid target if you want to stay current longer. Active support runs to November 2026, with security support through November 30, 2027.
Avoid migrating to PHP 8.1 — it reached end of life on December 31, 2025 and is already unsupported.
Which vendors offer extended support for PHP 8.2 after EOL?
If migration cannot be completed before December 31, 2026, commercial vendors offer extended CVE patching and compliance coverage:
Third-Party ELS Vendors
Extended Lifecycle SupportSpecialist ELS vendors provide continued CVE patching for PHP after official EOL — typically covering PHP 8.2, 8.1, 7.4, and earlier versions. Multi-year contracts available, commonly at a CVSS 7+ threshold.
View via endoflife.ai →Check your PHP exposure alongside other EOL components
See the full CVE risk profile for PHP 8.2 and every other EOL component in your stack.
PHP 8.2 Risk Score →