PHP maintainer Nikita Popov has posted an update concerning how the source code was compromised and malicious code inserted – blaming a user database leak rather than a problem with the server itself.
The PHP code repository was compromised late last month with the insertion of code that, if left in place, would have enabled a backdoor into any web server running it. The code was initially committed in the name of Rasmus Lerdorf, creator of PHP, and after it was removed, recommitted under Popov's name.
The team originally believed that the server hosting the repository had suffered a break-in, but in a new post Popov said: "We no longer believe the git.php.net server has been compromised. However, it is possible that the ma ..
Support the originator by clicking the read the rest link below.
