Yesterday a new vulnerability in PHP was disclosed where a specific setting of PHP-FPM, combined with a certain NGINX configuration, could result in the possibility of remote code execution. The Hypernode platform is not vulnerable, because our NGINX configuration does not satisfy the preconditions for this bug to be exploitable. However, to prevent similar attack vectors, we will update all PHP versions.

Today is Friday and since in our case there is no actual threat, we will deploy the new version of PHP after the weekend to prevent surprises outside of office hours. Updates will be applied throughout next week.