Author: Roman Pronskiy (pronskiy)
Committer: GitHub (web-flow)
Pusher: saundefined
Date: 2025-04-10T17:29:33+03:00
Commit: Add security audit post (#1254) · php/web-php@d60fc96 · GitHub
Raw diff: PHP Core Undergoes Security Audit – Results Now Available
Add security audit post (#1254)
Co-authored-by: Sergey Panteleev <sergey@php.net>
Changed paths:
A archive/entries/2025-04-10-1.xml
M archive/archive.xml
Diff:
diff --git a/archive/archive.xml b/archive/archive.xml
index cde5c8579b..277fdb9d07 100644
--- a/archive/archive.xml
+++ b/archive/archive.xml
@@ -9,6 +9,7 @@
<uri>PHP: Manual Quick Reference;
<email>php-webmaster@lists.php.net</email>
</author>
+ <xi:include href="entries/2025-04-10-1.xml"/>
<xi:include href="entries/2025-03-14-1.xml"/>
<xi:include href="entries/2025-03-13-5.xml"/>
<xi:include href="entries/2025-03-13-4.xml"/>
diff --git a/archive/entries/2025-04-10-1.xml b/archive/entries/2025-04-10-1.xml
new file mode 100644
index 0000000000..200ba0c4d3
--- /dev/null
+++ b/archive/entries/2025-04-10-1.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<entry xmlns="http://www.w3.org/2005/Atom">
+ <title>PHP Core Undergoes Security Audit – Results Now Available</title>
+ <id>PHP: News Archive - 2025;
+ <published>2025-04-10T11:59:24+00:00</published>
+ <updated>2025-04-10T11:59:24+00:00</updated>
+ <link href="PHP: Hypertext Preprocessor; rel="alternate" type="text/html"/>
+ <link href="PHP: News Archive - 2025; rel="via" type="text/html"/>
+ <category term="frontpage" label="PHP.net frontpage news"/>
+ <content type="xhtml">
+ <div xmlns="http://www.w3.org/1999/xhtml">
+ <p>
+ A focused security audit of the PHP source code (<a href="https://github.com/php/php-src">php/php\-src</a>\) was recently completed, commissioned by the <a href="https://www.sovereign.tech/">Sovereign Tech Agency</a>, organized by <a href="https://thephp.foundation/">The PHP Foundation</a> in partnership with <a href="A Review of the Linux Kernel’s Release Signing and Key Management Policies – OSTIF.org, and performed by <a href="https://www.quarkslab.com/">Quarkslab</a>\. The audit targeted the most critical parts of the codebase, leading to 27 findings, 17 with security implications, including four CVEs.
+ </p>
+ <p>
+ All issues have been addressed by the PHP development team. Users are encouraged to upgrade to the latest PHP versions to benefit from these security improvements.
+ </p>
+ <p>
+ Read the full <a href="https://thephp.foundation/assets/files/24-07-1730-REP-V1.4_temp.pdf">audit report</a>.
+ More details in <a href="https://thephp.foundation/blog/2025/04/10/php-core-security-audit-results/">the PHP Foundation blog post</a>.
+ </p>
+ <p>
+ If your organization is interested in sponsoring further audits, please contact The PHP Foundation team: <a href="mailto:contact@thephp.foundation">contact@thephp.foundation</a>.
+ </p>
+ </div>
+ </content>
+</entry>