PHP Security Release - 7.2.3, 7.1.15, 7.0.28, and 5.6.34
Incident Report for Pantheon Operations
Resolved
PHP.net has released versions 7.2.3 [1], 7.1.15 [2], 7.0.28 [3], and 5.6.34 [4]. These releases are classified as a security releases; they address a vulnerability that could allow for arbitrary code execution, MS-ISAC 2018-023 [5]. Pantheon has deployed these PHP versions platform-wide.

[1] - http://php.net/ChangeLog-7.php#7.2.3
[2] - http://php.net/ChangeLog-7.php#7.1.15
[3] - http://php.net/ChangeLog-7.php#7.0.28
[4] - http://php.net/ChangeLog-5.php#5.6.34
[5] - https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php-could-allow-for-arbitrary-code-execution_2018-023/
Posted Mar 05, 2018 - 14:30 PST