Earlier this week, PHP's Git server was compromised, and a bad actor made two malicious commits to the repo. An investigation is still ongoing, and to give more time to look into it, the PHP team announced that releases would be put on hold for two weeks, assuming no further issues are discovered.
These commits were immediately noticed and reverted, and thus never reached end users. The investigation into the root cause and exact scope of the compromise is still ongoing, therefore releases will be put on hold for two weeks assuming no further issues are discovered.
Once the investigation is complete, we assume more information will be coming out on what happened and how everything happened.
This breach is currently ongoing, and as new details emerge will be posting further updates.