What is new in PHP 7.2?

On 30 November 2017, the PHP community announced the release of PHP 7.2. More specifically, this is the second feature update to the PHP 7 series.

Building on the achievements of PHP 7

PHP7PHP 7 was released at the end of 2015 and marked a new era for the programming language and the associated community, which have gone through some major changes over the last few years.

PHP is a very accessible language, which is sometimes discredited by language purists in the development world. The reality, however, is that more than 83% of all websites on the Internet are written in PHP. And popular frameworks such as WordPress, Drupal and Magento only contribute to the success of the PHP ecosystem.

Major investments have been made to significantly improve the performance of PHP 7. Great efforts have also been made for a better type hinting, and many old extensions are no longer supported.

The release timeline shows that feature updates are released on a yearly basis. So, this year, after the release of PHP 7.1 in 2016, we got PHP 7.2 as an early Christmas gift.

Kalender PHP 7.2 release
PHP 7.2 is essentially a security feature release

Except for some minor improvements to the language itself, one observes that most new features are security related.

Argon2 Password Hashing

Until recently, bcrypt was the best choice to hash passwords in PHP. With the release of PHP 7.2, developers now have the opportunity to use Argon2, an alternative password hashing algorithm.

Argon2 came first in the Password Hashing Competition and is considered more secure than bcrypt thanks to the fact that, in addition to a “time cost”, there is also a “memory cost”.

This means that the algorithm will make it harder for hackers to crack passwords using brute force attacks. The “time cost” is usually avoided by unleashing powerful GPU-based computing power on the password.

The extra “memory cost” ensures that these machines suddenly require a proportional amount of RAM to be able to guess the password with a brute force attack.

Another benefit of Argon2 is that it also allows you to define the number of parallel threads used to calculate the complexity of the password hashing algorithm.

Mcrypt is gone

Mcrypt is a popular PHP cryptography extension. Unfortunately, the mcrypt library on which this extension depends has not been updated since 2007.

The library has several bugs and patches that have not been fixed for quite a long time. In PHP 7.1, this extension was already deprecated. In 7.2, mcrypt was removed from the PHP core and moved to the Pecl repository.

Instead of Mcrypt, developers can now use OpenSSL and the new Sodium extension.

Sodium as a competitor to OpenSSL

Libsodium in PHP 7.2OpenSSL is the most popular cryptography library, but it has both pros and cons. In the spirit of healthy competition, PHP 7.2 provides an alternative cryptography library: Sodium.

A libsodium implementation has long been available in PHP, via Pecl. Promoting this extension required a namespace change to conform to the PHP coding standards: in PECL, the “\Sodium” namespace was used to call associated features.

In PHP 7.2, these features will be included in the root namespace and re-prefixed “sodium”.

The improvement of TLS version constants

Until recently, “ssl” was the standard stream wrapper when an encrypted connection was established from PHP. The developers of PHP 7.2 decided to make “tls” default and “ssl” an alias.

They also decided to be more rigorous about supported TLS versions. Clients with only TLS 1.0 enabled will no longer be supported.

In the past, an attempt had already been made for this, but back then, the decision was postponed to maintain compatibility with PHP 5.6. The fact that PHP 7.2 is part of a new “major release” allows for such a “backwards compatibility break”.

Language-related features

The language-related features are not particularly remarkable and are mainly corrections of previous errors:

The only noteworthy language feature in PHP 7.2 is the availability of the “object typehint”, which allows to accept and return generic objects in functions and methods. This way, it is no longer necessary to use specific class names.

From now on, PHP 7.2 is also available on Combell’s shared hosting platform

PHP 7.2 was released on 30 November 2017. On the very same day, we announced that this version was also supported on our shared hosting platform.

PHP 7.2 aankondiging twitter

As of now, you can thus use all the new features. With new web hosting packages, you can immediately pick this version. And with existing packages, you can switch versions on the fly in My Combell.

Go to My Combell

This new release also includes many bug fixes and internal improvements.



💡Tech evangelist at @combell 📢 Public speaker 📝 @oreillymedia Author & blogger ✈️ Traveler 💻 Code, systems & automation ⚽️ @clubbrugge fan & @fcb_support 🔵⚫️💪