PHP Moves To GitHub Due To The Compromise Of The Official PHP Git

In the latest software supply chain attack, the official PHP Git repository was compromised and the code base tampered with.
PHP Moves To GitHub Due To The Compromise Of The official PHP Git

Two malicious commits were pushed to the php-src repo from the names of Rasmus Lerdorf and Nikita Popov. For your information, Rasmus Lerdorf is the creator of the PHP. Nikita Popov is Software developer at Jetbrains.

However, as bad as that sounds, the hackers also left a giant red flag for the PHP development team. Rather an act as warning regarding the vulnerability rather than as a direct exploit.

The PHP development team released an official statement confirming the source code breach on Sunday, March 28.

While investigation is still underway, we have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the git.php.net server. Instead, the repositories on GitHub, which were previously only mirrors, will become canonical. This means that changes should be pushed directly to GitHub rather than to git.php.net.

The backdoor, which hasn’t made its way into production, would have allowed an attacker to execute code on any vulnerable PHP server.

As a result of the breach, the PHP development team will change how it manages access to its Git server. They making its GitHub repositories the de facto code base for the project. Currently it is just a mirror.

After the switch, those requiring access to the PHP repositories will have to contact the development team directly to make a request.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%

Related Posts