smarty icon indicating copy to clipboard operation
smarty copied to clipboard
verified publisher icon smarty-php

Document lifecycle of major versions of smarty

Open vuntz opened this issue 1 year ago • 6 comments

I cannot find any documentation stating whether 3.1.x is still maintained and when maintenance of v4 will end. What is the current state of things?

vuntz avatar Nov 28 '24 14:11 vuntz

You can find the Smarty security policy here: https://github.com/smarty-php/smarty/blob/master/SECURITY.md But it would probably be good to add a page to the documentation as well, thank you for suggestion.

wisskid avatar Nov 28 '24 14:11 wisskid

Hi, this link provides indeed the current state of maintenance of versions but not any dates regarding the end of life of those versions.

We were looking for something more like this calendar. Does it exist?

nfragnet avatar Nov 28 '24 15:11 nfragnet

No, there are no dates yet.

wisskid avatar Nov 28 '24 16:11 wisskid

I know migration to v5 or at least v4 is in order, but it's odd that in a project which has

    "require": {
        "smarty/smarty": "3.1.*"
    }

running composer update only goes to 3.1.46 rather than 3.1.48, which appears to be the latest 3.x. Was something not properly published?

adaugherity avatar Jun 27 '25 23:06 adaugherity

Hmm, I think you are trying to run Smarty v3 with PHP8. The problem is actually with 3.1.46 and before, not with 3.1.47 or 48:

$ composer require smarty/smarty:3.1.48
./composer.json has been updated
Running composer update smarty/smarty
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires smarty/smarty 3.1.48 -> satisfiable by smarty/smarty[v3.1.48].
    - smarty/smarty v3.1.48 requires php ^5.2 || ^7.0 -> your php version (8.3.2) does not satisfy that requirement.

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.

Installation failed, reverting ./composer.json and ./composer.lock to their original content.

$ composer require smarty/smarty:3.1.46 ./composer.json has been updated Running composer update smarty/smarty Loading composer repositories with package information Updating dependencies Nothing to modify in lock file Writing lock file Installing dependencies from lock file (including require-dev) Nothing to install, update or remove Generating autoload files Found 3 security vulnerability advisories affecting 1 package. Run "composer audit" for a full list of advisories.


The thing is: 3.1.46 says it supports php: >=5.2 but that version indication is false. It was never tested for PHP8.

So, if you want to run PHP8, you must upgrade to a higher Smarty version (v4 or v5).

wisskid avatar Jun 28 '25 10:06 wisskid

Yes, that's exactly it! Thanks for the explanation.

adaugherity avatar Jul 01 '25 18:07 adaugherity