March 29, 2021 at 11:13PM

■■■■■ php hacked viz. a supply chain attack.

On 28th March, 2021 two malicious commits were pushed to the php-src repo from the names of Rasmus Lerdorf and myself. We don’t yet know how exactly this happened, but everything points towards a compromise of the server (rather than a compromise of an individual git account).