Dear Nextcloudians,
I have a question which may not sound like much, but belive me when i say it is very important to me personally.
Just had an Argument with a friend, because i decided to stick around with PHP Version 5.6.30 for a while now, even though 5.6.37 is already out. 5.6 is because i had Trouble running 7.x when i tried it and Things generally seem to break when upgrading php in General. Maybe bad Karma, or i just didnt understand the System as good as i wished (most likley second Option, though).
For reference: https://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-217402/PHP-PHP-5.6.30.html
There are a few CVEs open on 5.6.30 but Nothing i worried to much, since it would (in my opinion) take a hacker wizz to do anything other than crashing PHP occasionally if he would like to.
My friend is like the world is going to end, hell will break loose, i am going to be hacked imediatly. Or more to earth: This poses an unbearable security Risk.
My Question: I my behaviour reasonable or am i being recklessly secruity negligent and should never oversee a production Linux VM in my life again?
As stated: Just a personal Question, but i am eager to get honest anwers and opinions about this, and maybe tomorrow is another normal day, but in the meantime this just really grinds my gears.
I am Running Ubuntu Minimal 16.04 (plus hardening measures) Apache 2.4 and MariaDB 10
Thanks in Advance.
And sorry for the stupid german autocorrect that wants to begin every single word with a capital letter.