PHP Security Flax Fixed

PHP Security Flax Fixed

On 02-17-2022, fixes and the vulnerability report (CVE-2021-21708) were released. A proof-of-concept exploit based on using PHP to query a database shows that the bug can be used to crash the PHP process, so a working Denial of Service (DoS) attack is already known to be possible.

You can read more details about the vulnerability at Naked Security.

Versions 8.0 and 7.4 are still supported, and are vulnerable too; if you aren’t using the latest 8.1 flavour of PHP then you need 8.0.16 and 7.4.28 respectively.

All installations of PHP running on Simply Web Services servers have been updated accordingly.