Kudos for raising awareness, but the EOL schedule for a major version of a popular FOSS programming language doesn't really follow a countdown to the second.<p>RHEL 6 (and therefore CentOS 6) is supported until 2020, and it ships with PHP 5.3 by default.<p>RHEL 7 (and therefore CentOS 7) is supported until 2024, and it ships with PHP 5.4 by default.<p>Ubuntu 16.04, which ships with PHP 7.0 by default, is supported until 2021.<p>If a big enough security issue is found, even the PHP development team might release a fix notwithstanding the EOL date. Or someone else might write a fix and get it incorporated into the official packages of affected Linux distros.<p>Of course there's no guarantee that Red Hat and Canonical will be able to fix all security issues in the old versions they distribute, but you can say the same about the PHP team, too. Most of us have to trust the package maintainers of our preferred distros anyway. There's nothing wrong with continuing to use official packages from your distro instead of upgrading to a newer version supplied by a third party.<p>Having said that, no LTS distro ships with PHP 5.6 by default, so if you're on 5.6 you should definitely upgrade/downgrade to a supported version.