Hackers backdoor PHP source code after breaching internal git server

vikvaliant

Aspirant
Joined
Oct 21, 2014
Messages
34

Zelda

Enthusiast
Joined
Feb 25, 2021
Messages
123
While investigation is still underway, we have decided that maintaining our
own git infrastructure is an unnecessary security risk, and that we will
discontinue the git.php.net server. Instead, the repositories on GitHub,
which were previously only mirrors, will become canonical. This means that
changes should be pushed directly to GitHub rather than to git.php.net.

Github's new slogan should simply be, 'all your base are belong to us' šŸ˜…

I joke. But this could have been very serious if it was not caught in time.
 

Zelda

Enthusiast
Joined
Feb 25, 2021
Messages
123
I will be looking forward to PHP 8.0.4's release when available.

It was, unfortunately, that PHP's code was momentarily compromised, even if it was only the development branch and never reached end-users. But it says a lot about the state of development on how they handle such an event. PHP's development team decided to put all hands on deck and do a complete code review, even though it was only two or three comments that we quickly reverted. Every line of code is being screened as they're not taking any chances, even correcting minor grammar errors in developer notes that arguably have nothing to do with the code itself. https://github.com/php/php-src/commit/462da6e09c2eb63aeb9ba357c659d490a9bc46d9 Everything is being checked and double-checked, and metaphorically speaking, I do not think you could "pass gas" without someone on their Github knowing about it. https://github.com/php/php-src Suffice to say, I am pleased with how they are responding and rising to the occasion. I do not expect 8.0.4 to be released anytime soon, but I suspect it will be solid once it is. :tup:
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,690
It is good to know that the issue was found (however it was found) before any real damage was done and also good to know that it's led to a higher level of scrutiny. However I think it's also worth keeping in mind just how much the Internet relies on PHP and the potential payload should it be compromised.
 
Top