PHP and Laravel regularly bring out updates including security updates, but also new features. You should always try to stay on the latest version because that is probably the most secure version out there.
For example, PHP 8 has been announced. This means that PHP 7.4 will still get new features and support, but at some point, they will only focus on PHP 8 and leave PHP 7.4 for what it is.
Laravel releases every 6 months a new version. So soon Laravel 8 will be available. It's a good practice to update all your dependencies every half year. This way your application is up to date, secure, and you can also make use of the new features ;)
But I want to create a website, and over a few years I don't want to update it. WordPress has update features which I really like, but I prefer to use Laravel.
No it's not, any dynamic website requires maintenance and regular updates, it doesn't matter how are you handling your business logic and your data layer.
@jeroenvanrensen most PHP code it's normally backwards compatible. Not all but most. That's where you have to check things like change logs.
I would suggest you learn PHP real well, and if you are needing longer backwards compatibility without constant updates, program your own framework. But even then you will have to update PHP versions at times and tweak just a very few things that are not backwards compatible anymore.
I have one custom framework myself that is at least 6 years old but it's been updated over the years and it's fully php 7.4 compatible. And surprisingly only a few little tweaks here and there kept it updated.
But these are just thoughts and suggestions on alternatives of course what you do is completely up to you.
And don't forget laravel has LTS versions. But I have found it's easier just to stay up to date as the six-month version come out. To me updating and upgrading really only takes a few minutes.
@jeroenvanrensen Do you have a car? Or a bike? Or even a coffee machine? That also needs to be cleaned and maintained from time to time, right? A web application is nothing different ;)
Are applications written 10 years ago still safe... probably not. Yet at the time, we thought we were using best practices. But still, people discover issues and then exploit those issues on servers that have not been patched.
To think that you can get away with not updating a site for that long is just burying your head in the sand. Besides, we may all be using new devices by then, we will have different design standards, there may be legal requirements regarding all websites for security and accessibility.
The web is a constantly developing thing. Not a book.
It seems like for your usecase you should consider this: https://statamic.com/ . Its build ontop of laravel. Version 3 is in beta and will be a package for laravel.
