Security breach for PHP's popular site

1 view
Skip to first unread message


Jan 25, 2019, 11:35:08 PM1/25/19

Posted 21 January 2019 - 10:40 PM

The twitter feed for the PHP Extension and Application Repository (PEAR) reported on January 19 that there was a security breach.

They additionally indicate that those that have downloaded go-pear.phar in the last six months should get a new copy from github.

The tweets are here:

The home page for currently doesn't indicate anything. Last update for the was January 10th regarding the release of PHP versions 5.6.40, 7.1.26, 7.2.14 and 7.3.1.

PEAR is used by several PHP users and a popular source for installing PHP code that other PHP applications depend on.

The PEAR installer does include an optional GPG digital signing but this does not seem to be popularly used or mandated for inclusion on the PEAR hosting site.
Reply all
Reply to author
0 new messages