Update your calendars with the latest FreePBX Versions on the documentation website!
3 Likes
Generally speaking, it does seem that those users who are most concerned with FreePBX Security are particularly interested in which versions of FreePBX are currently supported, so the recent updates to the wiki documentation in this regard may be of interest to subscribers of this topic in particular.
People may wish to note some highlights. The Asterisk versions supported in 15 are EOL already. These note 15/16 EOL in 4ish months on 6/30 so people should migrate to 17 or have a plan to do so.
1 Like
This is great and very helpful but this is based on the Sangoma âDistroâ and not the OSS version of FreePBX. It makes total sense that major version releases match up with the official OS of the project but it ignores the OSS side and the fact FreePBX can be installed on any OS system and not just Debian. We have concerns about the support and security risk of all the things that actual make FreePBX work.
For example, v17 is based PHP 8.2.x and MariaDB 10.6.x to name a couple applications. Based on the support timeline v17 is supported until June 30th 2028. PHP 8.2.x goes EOL on 2026-12-31 while MariaDB 10.6.x goes EOL in 2026-07. This result in outdated software and applications running for 18 to 24 months of v17âs lifespan. A deeper dive into other things like NodeJS, Apache, etc. will most likely show the same results.
How will v17 be fully supported with security fixes and bug fixes if things like PHP 8.2.x arenât getting them anymore? This issue will exist during all future versions lifespans.
One of the biggest concerns is that numerous and important pieces of FreePBX go EOL and are exposed to possible issues for at least (or over) half the lifespan of the release. Itâs great the OS is update with all the fixes and security but that wonât matter when something like 2 year old PHP version is exploited for a known vulnerability that couldnât be fixed due to being an EOL version.
@ncorbic How will this part be addressed? Focusing just on OS timelines ignored a major chunk of security and support concerns.
1 Like
I havenât tried it but most of the fixes applied to PHP 8.2 should make it work on 8.3. The only breaking change I see is if DateTime has an empty value it will give E_Warning so those need validation. I donât see any breaking changes in 8.4 that should matter to FreePBX.
1 Like
I agree with that over all but there still needs to be a plan for this. Even if the final result is ânothing breaks we can update itâ. There are many moving parts making FreePBX run many of which need support/security updates.
Seems reasonable to include timelines from as many major packages as possible â at least the rest of the FLAMPAN stack 
â thank you!
âŚthat said, the latter four (MPAN) will be driven in large part by whatâs available in Debian with probably only minor modifications.
I know this is an Asterisk thing but donât forget DAHDI and if it is still a thing wanpipe updates with each kernel release.
4 Likes
It is possible to run FreePBX 17 on Ubuntu 24.04 LTS, and let Canonical be responsible for security maintenance of FreePBX dependencies, by installing them from the Ubuntu âuniverseâ repository and attaching a free or paid Ubuntu Pro token to the machine.
Canonical will publish security patches for all the open source dependencies installed from their repositories - inclusive of Linux, Asterisk, MySQL/MariaDB, PHP, Apache, and NodeJS, until 2036.
1 Like
We have to get away from this whole âBut the OS canâŚâ logic. It doesnât matter if Debian, Ubuntu or any OS has the latest versions of software/applications like PHP or NodeJS available to be installed. If FreePBX, itself, canât support these things then installing them will do nothing more than break the system.
The âdistroâ is a commercial product because it can support commercial modules which are, at this point, dependent of the OS. The OSS part of FreePBX is OS agnostic and thatâs the part we need to keep in mind.
Supporting FreePBX isnât about what version of an OS you are on or when that OS will be EOL or not. Itâs about all the moving pieces that make FreePBX work and none of them are dependent on the OS.
You have to add their keys manually but it works fine
1 Like
Excellent, thank you! And welcome to the forums! 
Very much this. Weâve laid out the timeline for FreePBX support from Sangoma in much greater detail than historically has been the case. Running v17 beyond its planned End Of Life date of 2028-06-30T00:00:00Z means that starting on 2028-07-01T00:00:00Z (a Saturday!) your FreePBX components âwill no longer receive changes of any kindâ, at least, not from Sangoma and especially not for commercial modules from Sangoma.
Please consider an update to v18 during its planned General Availability starting 2027-01-01T00:00:00Z ! â Bookmark your calendars with that link 
That said, there are third parties that offer longer term support on some open source components, such as Freexian which is a separate company (no affiliation) that helps keep Debian & Ubuntu running longer on older PHP versions amongst other Debian things.