Code review at scale is broken. Here’s how Augment Code is fixing it.

Blog Tutorials Packages Newsletter Podcasts

Partners Links Your Account

PHP's Git Server Compromised and Malicious Code Pushed to the Source

Published on March 29th, 2021 by Eric L. Barnes

PHP's Git Server Compromised and Malicious Code Pushed to the Source image

The PHP core Git repository was compromised, and a bad actor pushed two commits that introduced code injection from an HTTP header to the PHP source and impersonated Nikita Popov and Rasmus Lerdorf.

On the PHP internals mailing list, Nikita said, "We don't yet know how exactly this happened, but everything points towards a compromise of the git.php.net server (rather than a compromise of an individual git account)."

You can see the two (1 2) commits in question from the mirrored Github repo.

At this time, they do not believe any of the code in these commits made it into any builds, but a full investigation is underway. Nikita also said, "we have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the git.php.net server."

From now on, the Github repos of the PHP organization will be the official channels for pushing code, but the mailing list will remain for the internals discussions.

Finally, the PHP core team is asking you to please contact security@php.net if you notice anything that could be related to this.

Eric is the creator of Laravel News and has been covering Laravel since 2012.

Threads

Instagram

Github

Filed in:

News

Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

Cube

Laravel Jobs

Explore hundreds of open positions today.

Senior PHP Laravel Engineer

Senior Laravel Developer - Product Lead

Senior AI-Augmented Engineer (Laravel 12 + Agentic Workflows) - Remote

PHP Developer (French/German Speaker)

Junior Laravel Developer

Jump24 - UK Laravel Agency

Laravel Developers that Click into Place. Never outsourced. Never oﬀshored. Always exceptional.

Partners

View all →

Supercharge your project with a seasoned Laravel developer with 4-6 years of experience for just $3200/month. Get 160 hours of dedicated expertise & a risk-free 15-day trial. Schedule a call now!

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

Expert code review! Get clear, practical feedback from two Laravel devs with 10+ years of experience helping teams build better apps.

Acquaint Softtech offers AI-ready Laravel developers who onboard in 48 hours at $3000/Month with no lengthy sales process and a 100 percent money-back guarantee.

Providing innovation and stability to ensure your web application succeeds.

Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

The next generation time-tracking and billing software that helps your agency plan and forecast a profitable future.

Get Lucky Now - the ideal choice for Laravel Development, with over a decade of experience!

SaaSykit is a Multi-tenant Laravel SaaS Starter Kit that comes with all features required to run a modern SaaS. Payments, Beautiful Checkout, Admin Panel, User dashboard, Auth, Ready Components, Stats, Blog, Docs and more.

The latest

View all →

What We Know About Laravel 13 image

What We Know About Laravel 13

New Colors Added in Tailwind CSS v4.2 image

New Colors Added in Tailwind CSS v4.2

Factory makeMany() Method in Laravel 12.52.0 image

Factory makeMany() Method in Laravel 12.52.0

Laravel Adds an Official Svelte + Inertia Starter Kit image

Laravel Adds an Official Svelte + Inertia Starter Kit

MongoDB Vector Search in Laravel: Finding the Unqueryable image

MongoDB Vector Search in Laravel: Finding the Unqueryable

Laravel Cloud Adds “Markdown for Agents” to Serve AI-Friendly Content image

Laravel Cloud Adds “Markdown for Agents” to Serve AI-Friendly Content