I notice that the latest PHP available on RHEL 6.5 is PHP 5.3.3. See Distrowatch and also my own check:
$ php -v
PHP 5.3.3 (cli) (built: Jul 15 2014 08:48:08)
However, the PHP website claims that this version is depreciated, and the 5.3 branch ended with 5.3.29 anyway, not the 5.3.3 as in RHEL 6.5.
Since the distro is supported by Red Hat, I assume that all the applications are security-maintained, but where can I find this information for certain? According to the Production Support Scope of Coverage "If we ship it, we … Do not support … Third-party software / Community projects". Is PHP considered third-party software or a community project for purposes of RHEL support?
I have examined the Red Hat Enterprise Linux Life Cycle and RHEL Top Support Policies documentation, but I have not found an answer. I actually don't have access to the RHEL support service in my current position with regards to this account, otherwise I would just ask Red Hat! However, I do feel that this information should be publicly available and would apply to any users of RHEL, hence I ask here.
Best Answer
Yes, Red Hat backports security fixes and important bug fixes to all packages they offer in their repositories until the EOL of that particular RHEL version. New major features or drastic changes are not appearing in RHEL updates.