CVE-2019-11043 is an env_path_info underflow flaw in PHP-FPM’s fpm_main.c. The vulnerability was first reported to the PHP bug-tracker by security researcher Emil Lerner on September 26, 2019. Lerner also credits Andrew Danau, a security researcher at Wallarm, who identified the “anomaly” during a Capture The Flag competition in September 2019, and Ganiev for helping to finalize the php.ini options for the
Continue reading: CVE-2019-11043: PHP-FPM arbitrary code execution vulnerability alert

The PHP development team announces the immediate availability of PHP 7.3.11. This is a security release which also contains several bug fixes. All PHP 7.3 users are encouraged to upgrade to this version. For source downloads of PHP 7.3.11 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes
Continue reading: PHP 7.3.11 Released

The PHP development team announces the immediate availability of PHP 7.2.24. This is a security release which also contains several minor bug fixes. All PHP 7.2 users are encouraged to upgrade to this version. For source downloads of PHP 7.2.247 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of
Continue reading: PHP 7.2.24 Released

The PHP development team announces the immediate availability of PHP 7.1.33. This is a security release. All PHP 7.1 users are encouraged to upgrade to this version. For source downloads of PHP 7.1.33 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

The PHP development team announces the immediate availability of PHP 5.6.40. This is a security release. Several security bugs have been fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version. Please note that according to the PHP version support timelines, PHP 5.6.40 is the last scheduled release of PHP 5.6
Continue reading: PHP 5.6.40 Released

The PHP development team announces the immediate availability of PHP 7.3.1. This is a security release which also contains several bug fixes. All PHP 7.3 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.2.14. This is a security release which also contains several minor bug fixes. All PHP 7.2 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.0.25. This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 5.6.32. This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.1.11. This is a bugfix release, with several bug fixes included. All PHP 7.1 users are encouraged to upgrade to this version.