We currently have distributed PHP 5.2.9 in EasyApache which has the hash collision patches of PHP 5.3.9 and 5.3.10 implemented. This is very useful for those who still require PHP 5.2 but do not want to have the hash collision vulnerability. We chose PHP 5.2.9 because that is the version used by cpsrvd for PHP applications that would run within cPanel (e.g. APSPanel).
However, given that the final version of the PHP 5.2 series is PHP 5.2.17, we are pursuing backporting those patches over to PHP 5.2.17 after we are confident our work on PHP 5.2.9 had no unintended negative side-effects. Sometimes patching issues generates issues; for example with PHP 5.3.9 when the PHP team fixed the hash collision, they introduced a remote code execution vulnerability that was fixed in PHP 5.3.10.
Presumably those using PHP 5.2 prefer to use PHP 5.2.17?
Just looking to collect some public feedback .
Inspired by a discussion with: Digital Pacific