image credit: unsplash
The PHP development team has averted an attempted supply chain compromise that could have opened a backdoor into many web servers.
What happened?
“[On Sunday, March 28] two malicious commits were pushed to the php-src repo from the names of Rasmus Lerdorf and myself. We don’t yet know how exactly this happened, but everything points towards a compromise of the git.php.net server (rather than a compromise of an individual git account),” developer Nikita Popov explained in a message sent out through one of the project’s mailing lists.
Comments are closed.
