• Overview
    Frameworks
    • Drupal
    • WordPress
    • Symfony
    • Magento
    • See all frameworks
    Features
    • Observability
    • Auto-scaling
    Solutions
    • Marketing Teams
    • Retail
    • Higher Education
  • Pricing
  • Featured articles
    • Switching to Platform.sh can help IT/DevOps organizations drive 219% ROI
    • Organizations, the ultimate way to manage your users and projects
  • Support
  • Docs
  • Contact
  • Login
  • Free Trial
Blog

All Platform.sh clients kept automatically safe from serious PHP bug

drupalphp
December 17, 2015
Ori Pekelman
Ori Pekelman
CPO

There is a serious PHP bug for which there are exploits in the wild affecting the the PHP session extension (ext/session); vulnerable versions include PHP < 5.4.45, < 5.5.29, < 5.6.13. The bug has only been partially publicly disclosed, so for the moment, we can’t give precise technical details.

PHP released fixed versions on September 4th, but there has been some recent coverage of this vulnerability, which is why we’re discussing it now. We’d like to reassure our customers that their sites have been updated automatically and aren’t vulnerable to the issue, and that no further action is required by customers.

Furthermore, after careful analysis, we determined that Drupal 7 and Drupal 8 were not vulnerable to this issue at any time. Other PHP programs may be affected (Joomla! CMS versions 1.5.0 through 3.4.5 are known to be vulnerable, but many others might be).

If you don’t host your site on Platform.sh you are encouraged to update your PHP to a current version. If you are on Platform.sh enjoy the holiday season, we’ve got you covered.

Get the latest Platform.sh news and resources
Subscribe

Related Content

PHP 8.2 lays new ground on Platform.sh

PHP 8.2 lays new ground on Platform.sh

Company
AboutSecurity and complianceTrust CenterBoard and investorsCareersPressContact us
System StatusPrivacyTerms of ServiceImpressumWCAG ComplianceManage your cookie preferencesReport a security issue
© 2022 Platform.sh. All rights reserved.
Supported by Horizon 2020's SME Instrument - European Commission 🇪🇺