
PHP Security Flax Fixed
On 02-17-2022, fixes and the vulnerability report (CVE-2021-21708) were released. A proof-of-concept exploit that uses PHP to query a database shows that the bug can crash the PHP process, making a working Denial of Service (DoS) attack already known to be possible.
You can read more details about the vulnerability at Naked Security.
Versions 8.0 and 7.4 are still supported and are vulnerable; if you aren’t using the latest 8.1 flavor of PHP, you need 8.0.16 and 7.4.28, respectively.
All PHP installations running on Simply Web Services servers have been updated accordingly.