On Sep 29, 2014, at 04:05, Jan Ehrhardt <php...@ehrhardt.nl> wrote: > > Julien Pauli in php.internals (Mon, 29 Sep 2014 12:50:55 +0200): >>> On Sun, Sep 28, 2014 at 3:45 PM, Jan Ehrhardt <php...@ehrhardt.nl> wrote: >>> >>> The sources are available at http://windows.php.net/download/ >>> Strange that they did not show up at the non WIN32 download page. >>> Is there some security issue that we are not yet aware of? >> >> Actually, some php.net machines have been compromised and prevent us >> from releasing 5.6.1. >> >> One should not use the tag and wait for the official announcements. > > What about the Windows binaries at http://windows.php.net/download/ > Are they safe? If not, should not they be withdrawn from that server?
All the source and binary releases along with git is safe. And there was no new breach here. It was a box that wasn't properly cleaned up from the previous one and wasn't put behind the ssh bouncer like all the other machines. -Rasmus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
