PHP Community Steps to Stop Installation of Libraries with Unpatched Bugs [bleepingcomputer]

by CIRT Team

Some of the most influential voices in the PHP community have united on a project to improve the security of the PHP ecosystem.

Under the name of FriendsOfPHP, this group has created a database that includes references and details for known security vulnerabilities affecting various PHP projects and libraries.

The purpose of this database is to provide a giant guide of what versions of what PHP project or library is safe to use or safe to update to.

New project tackles security advisories in the PHP world

This project, known under the simple name of the PHP Security Advisories Database, is slowly starting to become more popular on GitHub.

The PHP Security Advisories Database is also at the heart of the Roave Security Advisories, a Composer-ready PHP library that can be embedded within any PHP project.

“Roave/SecurityAdvisories uses FriendsOfPHP as its data source to build a conflicting set of require statements to prevent insecure dependencies from being installed,” Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprise, told Bleeping Computer.

This means that any PHP developer can embed this library in his PHP project and prevent the accidental deployment of vulnerable code.

For more, click here.

CIRT Team

Recommended Posts

Training on cybersecurity awareness for Department of Women Affairs

25 Nov 2023 - Articles, English articles, News, News Clipping, Service

BGD e-GOV CIRT এর আয়োজনে আয়োজনে আর্থিক প্রতিষ্ঠান ও CII সমূহের সাইবার ড্রিল ২০২৩ চূড়ান্ত পর্ব অনুষ্ঠিত

22 Oct 2023 - Articles, Bangla Articles, CIRT In Media, News, News Clipping

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes

25 Oct 2022 - News, News Clipping