Author: Roman Pronskiy (pronskiy) Committer: GitHub (web-flow) Pusher: saundefined Date: 2025-04-10T17:29:33+03:00
Commit: https://github.com/php/web-php/commit/d60fc964809d9cf405dc424e5c5e3a11174d48e1 Raw diff: https://github.com/php/web-php/commit/d60fc964809d9cf405dc424e5c5e3a11174d48e1.diff Add security audit post (#1254) Co-authored-by: Sergey Panteleev <ser...@php.net> Changed paths: A archive/entries/2025-04-10-1.xml M archive/archive.xml Diff: diff --git a/archive/archive.xml b/archive/archive.xml index cde5c8579b..277fdb9d07 100644 --- a/archive/archive.xml +++ b/archive/archive.xml @@ -9,6 +9,7 @@ <uri>http://php.net/contact</uri> <email>php-webmaster@lists.php.net</email> </author> + <xi:include href="entries/2025-04-10-1.xml"/> <xi:include href="entries/2025-03-14-1.xml"/> <xi:include href="entries/2025-03-13-5.xml"/> <xi:include href="entries/2025-03-13-4.xml"/> diff --git a/archive/entries/2025-04-10-1.xml b/archive/entries/2025-04-10-1.xml new file mode 100644 index 0000000000..200ba0c4d3 --- /dev/null +++ b/archive/entries/2025-04-10-1.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<entry xmlns="http://www.w3.org/2005/Atom";> + <title>PHP Core Undergoes Security Audit – Results Now Available</title> + <id>https://www.php.net/archive/2025.php#2025-04-10-1</id> + <published>2025-04-10T11:59:24+00:00</published> + <updated>2025-04-10T11:59:24+00:00</updated> + <link href="https://www.php.net/index.php#2025-04-10-1"; rel="alternate" type="text/html"/> + <link href="https://www.php.net/archive/2025.php#2025-04-10-1"; rel="via" type="text/html"/> + <category term="frontpage" label="PHP.net frontpage news"/> + <content type="xhtml"> + <div xmlns="http://www.w3.org/1999/xhtml";> + <p> + A focused security audit of the PHP source code (<a href="https://github.com/php/php-src";>php/php-src</a>) was recently completed, commissioned by the <a href="https://www.sovereign.tech/";>Sovereign Tech Agency</a>, organized by <a href="https://thephp.foundation/";>The PHP Foundation</a> in partnership with <a href="https://ostif.org/";>OSTIF</a>, and performed by <a href="https://www.quarkslab.com/";>Quarkslab</a>. The audit targeted the most critical parts of the codebase, leading to 27 findings, 17 with security implications, including four CVEs. + </p> + <p> + All issues have been addressed by the PHP development team. Users are encouraged to upgrade to the latest PHP versions to benefit from these security improvements. + </p> + <p> + Read the full <a href="https://thephp.foundation/assets/files/24-07-1730-REP-V1.4_temp.pdf";>audit report</a>. + More details in <a href="https://thephp.foundation/blog/2025/04/10/php-core-security-audit-results/";>the PHP Foundation blog post</a>. + </p> + <p> + If your organization is interested in sponsoring further audits, please contact The PHP Foundation team: <a href="mailto:contact@thephp.foundation";>contact@thephp.foundation</a>. + </p> + </div> + </content> +</entry>
