Php-mcrypt deprecated

The official documentation (NC 13) suggests installing php-mcrypt as do other guides.

My install throws the error “package ‘php-mcrypt’ has no installation candidate”. This error is the package is deprecated.

I see plenty of other references to this online but no clear solution (I’m not technically trained and so perhaps I’ve overlooked something here). One suggestion is a force install with PECL but the package is deprecated and that suggests this approach opens the server to a known vulnerability.

So - if I follow the PECL route am I opening a vulnerability or does NC implement in such a way this is not a concern?
What is the official path to an install?
A deprecated package doesn’t seem a good foundation to move forward with!

1 Like

Hi @James_O_Stanworth. Could you possibly provide a bit more in terms of details. OS distro etc?

I’m installing in a vmachine (vmware) using Ubuntu 18.04 lts
For install I’m following both:

Both of which recommended the php-mcrypt

Hi @James_O_Stanworth. I see the official documentation says to try php7.0-mcrypt not just php-mcrypt. So if I may ask, is that the package you are searching for?

Sorry to be a bit fussy here… I’ve not mentioned a specific version but looking again at the official docs the recommendation is PHP = (or greater) 5.6, 7.0, 7.1 or 7.2. While in the example install they use 7.0.
So what does this actually mean? Is 7.2 not supported?
Or is the recommendation to use php7.0-mcrypt with 7.2? (Is this good practice to mix versions?)

No no no mixing at all please. As seen in the error logs in other posts, they state that 7.2 is not officially supported yet. So if you are installing on 7.1 I would think the package would be php7.1-mcrypt , or if you would still like to run it on 7.2 experimentally you can search for php7.2-mcrypt.

Does this make more sense? Sorry for any confusion caused :slight_smile:

Thanks - really appreciate the quick replies.
It seems then that NC need to update their documentation - since 7.2 is listed as ‘ok’.
I’ll scrap this install and start with Ubuntu 16.04 since this is what they document and work with php 7.1.
Even with this approach isn’t this still using a deprecated package?
A bit paranoid here! I installed NC as a plugin and its old dependencies lead to me being hacked. Kind of keen to avoid a repeat :smiley:

Hehe I understand the paranoia, no worries. But I think that just shows that one has to check security, so your diligence is warranted :wink:

Could you point the link where I can double check? Reason being I am writing docs regarding PHP7.2 and NC 14, and want to make sure my info is accurate. The link would help a lot.


I used to get this with Ubuntu when packages simply moved from one package to another, for example the move of ffmpeg a few years ago (which was moved back hehe). So I am not sure the package per say is deprecated, might jut be the apt repo you are using to supply this package has been deprecated from the official Ubuntu repo list. I am totally just hypothesizing here, but might be.

I think installing it based on commands in their official documentation will yield best results.


The links is:
Section: Prerequisites for manual installation
" Required:

  • PHP (>= 5.6, 7.0, 7.1 or 7.2)"

I am not sure what the position is but others refer to it as deprecated

and I’ve seen some discussion that NC team is working on this.

Ha - so then not php.7.1 but php7.0 if “by the book” - surely?
Following the same link as above (to NC’s docs) and also the section following (the one I mention above) - An example install on Ubuntu 16.04 -
“apt-get install php7.0-intl php7.0-mcrypt php-imagick php7.0-xml php7.0-zip”

I guess something newer must be in the pipeline . . .

TBH I think rather do PHP7.1, but use that manual as reference. I think they use 7.0 install as the reference for all to use. I cannot speak for them, but I have install NC14 with PHP7.2 on CentOS without any issues. So if you want, I think it will be safe to use 7.1, but with by the book I meant use the commands they list there as the reference, and in your case just replace all the php7.0 instances with php7.1.

Thanks - that get’s me off a rock and on the move again.
Good luck with the manual writing :smiley:

Np. Please do report back on your findings and if the topic is resolved, mark it as such to help anyone searching for it in the future. :wink:

What does this actually mean for those who have Nextcloud and PHP 7.2 and what should they do?
A simple clarifying would be nice.

As I have stated before, I run a small instance, just upgraded from 13.0.6 to 14.0.0 without any issues, all on php7.2 on CentOS7.5. So imho I am not changing. And according to the link sent earlier it is clear they state 7.1 or 7.2 so I think it is only the log files where those entries are found, that need to be changed. I think 7.2 should be fine.

1 Like

I’m not sure who should be clarifying - but I guess NC in their docs?
What would be good if they go with one Linux distro. Building and testing would be simpler. The resulting documentation would be bulltet proof for the non-technical (like me :slight_smile: )
Installs of BigBluebutton a conferencing software take this approach and it makes the install very smooth.

1 Like

I found other thread about mcrypt and there’s one simple answer when it’s needed.


I am new to nextcloud and try to get some experience with it.
I’m trying to install the latest nextcloud (NC14) on OpenMandrivaLx3.03, which uses php 7.2.

When I install php-mcrypt, which is advised in the NC documentation, during the preparation of the NC14 installation my php environment gets broken.

As stated above, php-mcrypt is deprecated since php 7.1

My question: Will NC14 run when php-mcrypt isn’t installed and what are the consequences when NC is used without php-mcrypt?

As I have stated before, I run a small instance, just upgraded from 13.0.6 to 14.0.0 without any issues, all on php7.2 on CentOS7.5. So imho I am not changing. And according to the link sent earlier it is clear they state 7.1 or 7.2 so I think it is only the log files where those entries are found, that need to be changed. I think 7.2 should be fine.

Question: Is php-mcrypt installed on your system?

mcrypt is used by user_saml at the moment. This is the only dependency I know. If you don’t need user_saml app you can go forward to use PHP 7.2. Regards Timm

Newbie question: Where is the user_saml app used for?


I followed your suggestion and used php7.0. That avoided the problem with the deprecated phpmycrpt.
There is a clearly a path though to installing with 7.2 – only it seems not yet to be actually documented. Pity - this means those taking time to make the install are left with something sub-optimal for all their work.
Is it really that challenging for NC to update their documents?

mcrypt in php7.2:
sudo apt-get -y install gcc make autoconf libc-dev pkg-config
sudo apt-get -y install php7.2-dev
sudo apt-get -y install libmcrypt-dev

sudo pecl install mcrypt-1.0.1
libmcrypt prefix? [autodetect]:
Press [Enter] to autodetect.

sudo nano /etc/php/7.2/apache2/php.ini
sudo nano /etc/php/7.2/cli/php.ini
sudo systemctl restart apache2

php -i | grep “mcrypt”

Hello Ice-Tee,
Does mcrypt still exists in php 7.2?
You clearly use Ubuntu Linux. I am using OpenMandrivaLx3. The libmcrypt-dev contains the fix to ceate the php-mcrypt module for php 7.2, right?
Can I use this libmcrypt-dev code to build php-mcrypt on my system and how can I download the libmcrypt-dev source?