A focused security audit of the PHP source code (php/php-src) was recently completed, commissioned by the Sovereign Tech Agency, organized by The PHP Foundation in partnership with OSTIF, and performed by Quarkslab. The audit targeted the most critical parts of the codebase, leading to 27 findings, 17 with security implications, including four CVEs.

All issues have been addressed by the PHP development team. Users are encouraged to upgrade to the latest PHP versions to benefit from these security improvements.

Read the full audit report. More details in the PHP Foundation blog post.

If your organization is interested in sponsoring further audits, please contact The PHP Foundation team: contact@thephp.foundation.