Internet connected services exist in a constantly evolving environment. Changes are always being made, vulnerabilities are discovered and constantly corrected.
This is not an indefinite life-cycle though, as it is not practical to maintain ageing software, especially when newer versions are available.

SugarCRM for example have planned End-of-Life Dates set for the 3 most current versions of SugarCRM.
You can view this information on their website:

Here are the current EOL Dates:

End-of-Life Date
Sugar 6.5.x       April 15, 2017
Sugar 7.5.x October 15, 2016
Sugar 7.6.x January 15, 2017
Sugar 7.7.x

October 15, 2017

SugarCRM users who have a version that is approaching it’s EOL Date are encouraged to upgrade, and this is doubly important for anyone who is on an earlier version as once these dates pass, SugarCRM no longer provides Security or Bug fixes on a regular basis.

The Same is true for the supporting software that SugarCRM runs on – PHP.

PHP also follows a program of continuous integration and improvement, and maintains only the most current versions of the platform.
You can view the EOL Dates for current PHP versions Here:

 Of Special note is that PHP 5.4 hit it’s EOL Date in September 2015. so while PHP 5.4 will continue to function as expected, if any new vulnerabilities are discovered, they will not be patched.

For anyone who is using SugarCRM 7.6.x or earlier in an On-Premise environment, you are most likely using PHP 5.4, as this was the most recently supported version of PHP for SugarCRM.

With the release of Sugar 7.7.x support has been expanded to include PHP 5.6.
Our recommendation for users of an unsupported release should upgrade both SugarCRM and PHP as soon as possible, as you may be exposed to unpatched security vulnerabilities.
There is no reason to use an outdated version of PHP on your Server. We have tested upgrading PHP ourselves and can confirm that this version works, and also opens up opportunities for improving SugarCRM performance.